Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86092 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-9220 1 Shenzhen I365-tech 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 7.5 High
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior encrypts requests between the watch and its backend with static hardcoded AES keys and initialization vectors. This allows an attacker to decrypt Setracker2 watch traffic.
CVE-2026-9221 1 Shenzhen I365-tech 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 7.5 High
The Setracker2 Android Companion App (com.tgelec.setracker) versions 3.1.5 and earlier uses MD5 to generate a request signature for authenticating communications between the mobile client and the backend REST API. Attackers could potentially reverse the signature to recover the session ID. With the session ID exposed, an attacker could impersonate the legitimate user and issue authenticated API requests.
CVE-2026-9222 1 Shenzhen I365 1 Setracker2 Parental Control App (android) Package Com.tgelec.setracker 2026-06-26 8.1 High
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior only require the password hash when authenticating with backend services from the client. This could allow an attacker, who knows the hash, to authenticate and gain full access.
CVE-2021-47986 1 Parseplatform 1 Parse-server 2026-06-26 7.5 High
Parse Server before 4.10.0 contains a supply chain vulnerability where incorrect version tags were pushed to the repository linking to unreviewed code in a personal fork. Attackers could exploit this by specifying affected version tags in dependency declarations to execute unreviewed and potentially malicious code.
CVE-2023-3640 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-06-26 7 High
A possible unauthorized memory access flaw was found in the Linux kernel's cpu_entry_area mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implemented in /arch/x86/mm/cpu_entry_area.c, which works through the init_cea_offsets() function when KASLR is enabled. However, despite this feature, there is still a risk of per-cpu entry area leaks. This issue could allow a local user to gain access to some important data with memory in an expected location and potentially escalate their privileges on the system.
CVE-2025-68713 1 Rakuten 1 Send Anywhere For Android 2026-06-26 8 High
An issue was discovered in Rakuten Send Anywhere (File Transfer) for Android (com.estmob.android.sendanywhere) 23.2.9. The vulnerability allows untrusted applications (with no permissions) to force arbitrary file downloads into the app's scoped storage. The resulting files appear in the application's trusted Received interface. These conditions establish a vector for arbitrary code execution if the payload is an APK file, or a denial-of-service condition through resource exhaustion from oversized transfers.
CVE-2026-36213 1 Microvirt 1 Memu Android Emulator 2026-06-26 7.8 High
An issue in Microvirt MEmu Android Emulator 9.2.7.0 allows a local attacker to escalate privileges via the MemuService.exe component.
CVE-2026-39007 1 Observeinc 1 Observe 2026-06-26 7.5 High
An issue in Observeinc's Observe v.2026-01-28 and before allows a remote attacker to obtain sensitive information via the CSV Log export component.
CVE-2026-50870 1 Benbusby 1 Whoogle Search 2026-06-26 7.5 High
An information disclosure vulnerability in the configuration endpoint of Ben Busby whoogle-search v1.2.3 allows attackers to obtain sensitive information via a crafted GET request.
CVE-2026-50875 1 Deck9 1 Deck9 Input 2026-06-26 8.1 High
Incorrect access control in the /{form}/webhooks/{webhook} endpoint of Deck9 Input v2.0.1 allows authenticated attackers to arbitrarily modify or delete another tenant's webhook via a crafted request.
CVE-2026-50879 1 Linx-server 1 Linx-server 2026-06-26 7.5 High
An issue in the uploadPostHandler component of Andrei Marcu linx-server v2.3.8 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2026-50882 1 Anna-is-cute 1 Paste 2026-06-26 7.5 High
An issue in the /api/v0/pastes endpoint of anna-is-cute paste v0.1.1 allows attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2026-50884 1 Statping-ng 1 Statping-ng 2026-06-26 8.8 High
Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator and access sensitive components.
CVE-2026-50889 1 Lldap 1 Lldap 2026-06-26 7.5 High
An input handling flaw in the HTTP refresh token process of LLDAP v0.6.2 allows attackers to cause a Denial of Service (DoS) via sending a crafted refresh-token header.
CVE-2016-20066 2 Dwbooster, Wordpress 2 Cp Polls, Wordpress 2026-06-26 7.2 High
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content.
CVE-2016-20069 2 Dwbooster, Wordpress 2 Booking Calendar Contact Form, Wordpress 2026-06-26 8.2 High
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information.
CVE-2016-20068 2 Dwbooster, Wordpress 2 Booking Calendar Contact Form, Wordpress 2026-06-26 8.2 High
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint with the action parameter set to 'dex_bccf_calendar_ajaxevent' and supply crafted SQL commands in the 'id' parameter to extract sensitive database information.
CVE-2026-34891 2 Hitpay, Idpay 2 Payment Gateway For Woocommerce, Payment Gateway For Woocommerce 2026-06-26 7.5 High
Unauthenticated Sensitive Data Exposure in IDPay Payment Gateway for Woocommerce <= 2.2.5 versions.
CVE-2026-39470 2 Brainstorm Force, Wordpress 2 Woocommerce Cart Abandonment Recovery, Wordpress 2026-06-26 7.2 High
Shop manager Privilege Escalation in WooCommerce Cart Abandonment Recovery < 2.1.0 versions.
CVE-2026-39478 2 Eli Scheetz, Wordpress 2 Anti-malware Security And Brute-force Firewall, Wordpress 2026-06-26 8.8 High
Contributor PHP Object Injection in Anti-Malware Security and Brute-Force Firewall <= 4.23.87 versions.