Total
94 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-11770 | 1 Eclipse | 1 Buildship | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| In Eclipse Buildship versions prior to 3.1.1, the build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. Any of these artifacts could have been MITM to maliciously compromise them and infect the build artifacts that were produced. Additionally, if any of these JARs or other dependencies were compromised, any developers using these could continue to be infected past updating to fix this. | |||||
| CVE-2019-10753 | 1 Diffplug | 3 Eclipse-cdt, Eclipse-groovy, Eclipse-wtp | 2026-06-17 | 4.3 MEDIUM | 5.9 MEDIUM |
| In all versions prior to version 3.9.6 for eclipse-wtp, all versions prior to version 9.4.4 for eclipse-cdt, and all versions prior to version 3.0.1 for eclipse-groovy, Spotless was resolving dependencies over an insecure channel (http). If the build occurred over an insecure connection, a malicious user could have perform a Man-in-the-Middle attack during the build and alter the build artifacts that were produced. In case that any of these artifacts were compromised, any developers using these could be altered. **Note:** In order to validate that this artifact was not compromised, the maintainer would need to confirm that none of the artifacts published to the registry were not altered with. Until this happens, we can not guarantee that this artifact was not compromised even though the probability that this happened is low. | |||||
| CVE-2019-10248 | 1 Eclipse | 1 Vorto | 2026-06-17 | 6.8 MEDIUM | 8.1 HIGH |
| Eclipse Vorto versions prior to 0.11 resolved Maven build artifacts for the Xtext project over HTTP instead of HTTPS. Any of these dependent artifacts could have been maliciously compromised by a MITM attack. Hence produced build artifacts of Vorto might be infected. | |||||
| CVE-2019-1020011 | 1 Charcoal-se | 1 Smokedetector | 2026-06-17 | 6.5 MEDIUM | 7.2 HIGH |
| SmokeDetector intentionally does automatic deployments of updated copies of SmokeDetector without server operator authority. | |||||
| CVE-2018-17791 | 1 Newgensoft | 1 Omniflow Intelligent Business Process Suite | 2026-06-17 | 5.0 MEDIUM | 7.5 HIGH |
| Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options. | |||||
| CVE-2017-14013 | 1 Prominent | 2 Multiflex M10a Controller, Multiflex M10a Controller Firmware | 2026-06-17 | 6.8 MEDIUM | 5.6 MEDIUM |
| A Client-Side Enforcement of Server-Side Security issue was discovered in ProMinent MultiFLEX M10a Controller web interface. The log out function in the application removes the user's session only on the client side. This may allow an attacker to bypass protection mechanisms, gain privileges, or assume the identity of an authenticated user. | |||||
| CVE-2016-5062 | 1 Aternity | 1 Aternity | 2026-06-17 | 9.3 HIGH | 9.8 CRITICAL |
| The web server in Aternity before 9.0.1 does not require authentication for getMBeansFromURL loading of Java MBeans, which allows remote attackers to execute arbitrary Java code by registering MBeans. | |||||
| CVE-2012-2979 | 1 Freebsd | 1 Name Server Daemon | 2026-06-16 | 4.3 MEDIUM | 7.5 HIGH |
| FreeBSD NSD before 3.2.13 allows remote attackers to crash a NSD child server process (SIGSEGV) and cause a denial of service in the NSD server. | |||||
| CVE-2004-0872 | 1 Opera | 1 Opera Browser | 2026-06-16 | 5.0 MEDIUM | N/A |
| Opera does not prevent cookies that are sent over an insecure channel (HTTP) from also being sent over a secure channel (HTTPS/SSL) in the same domain, which could allow remote attackers to steal cookies and conduct unauthorized activities, aka "Cross Security Boundary Cookie Injection." | |||||
| CVE-2002-0055 | 1 Microsoft | 3 Exchange Server, Windows 2000, Windows Xp | 2026-06-16 | 5.0 MEDIUM | N/A |
| SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request. | |||||
| CVE-2026-46448 | 2026-06-16 | N/A | 5.4 MEDIUM | ||
| In OpenStack Nova before 33.0.2, the server create API does not strip certain hint data. The resulting instance has no Placement allocation. | |||||
| CVE-2026-46447 | 1 Openstack | 1 Ironic | 2026-06-15 | N/A | 5.8 MEDIUM |
| OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | |||||
| CVE-2026-12068 | 2026-06-15 | N/A | 7.4 HIGH | ||
| Information disclosure vulnerability in Avira Password Manager when used with Mozilla Firefox may allow a remote attacker operating a cross-origin iframe to obtain credentials autofilled for the parent web page via incorrect autofill field selection. This issue affects Avira Password Manager when used with Mozilla Firefox on Windows, macOS, and Linux. | |||||
| CVE-2026-44917 | 1 Openstack | 1 Ironic | 2026-06-04 | N/A | 4.9 MEDIUM |
| OpenStack Ironic before 35.0.2 allows a malicious authenticated project admin or manager to read local files on the Ironic conductor via a pxe_template. | |||||
| CVE-2026-48831 | 2026-05-26 | N/A | N/A | ||
| Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions of the invoker. This allows escaping Flatpak and Snap sandboxes, because MIME handlers are not intended for use by code interpreters and loaders. NOTE: some parties feel that this is not a bug to be addressed in Wine, because there is no known solution that avoids a severe loss of usability (Wine could be a binfmt-misc handler, but binfmt-misc does not exist on all platforms supported by Wine). | |||||
| CVE-2026-48846 | 2026-05-26 | N/A | 6.5 MEDIUM | ||
| In Roundcube Webmail 1.6.x before 1.6.16 and 1.7.x before 1.7.1, the remote image blocking feature can be bypassed via a crafted CSS var() value in an e-mail message, which may lead to information disclosure or access-control bypass. | |||||
| CVE-2026-48845 | 2026-05-26 | N/A | 6.5 MEDIUM | ||
| In Roundcube Webmail 1.6.x between 1.6.14 and 1.6.16 and 1.7.x before 1.7.1, remote image blocking was not honored for URLs pointing to local/private destinations, which may lead to information disclosure or privilege escalation via a text/html email message. | |||||
| CVE-2026-48847 | 2026-05-26 | N/A | 3.7 LOW | ||
| Roundcube Webmail 1.6.x before 1.6.16, and 1.7.x before 1.7.1 allows pre-authentication arbitrary file deletion via redis/memcache session poisoning bypass. | |||||
| CVE-2026-31431 | 11 Amazon, Arista, Canonical and 8 more | 43 Amazon Linux, Cloudvision Agni, Cloudvision Portal and 40 more | 2026-05-21 | N/A | 7.8 HIGH |
| In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly. | |||||
| CVE-2026-41525 | 2026-05-19 | N/A | 6.5 MEDIUM | ||
| KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.) | |||||