Export limit exceeded: 360855 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26049 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26049 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12025 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-12 | 5.3 Medium |
| Insufficient validation of untrusted input in Network in Google Chrome prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12034 | 2 Google, Linux | 2 Chrome, Linux Kernel | 2026-06-12 | 8.3 High |
| Insufficient validation of untrusted input in Linux Toolkit Theming in Google Chrome on Linux prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-11459 | 1 Secureage | 1 Catchpulse | 2026-06-12 | 3.3 Low |
| A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-44811 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-12 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48569 | 1 Microsoft | 1 Visual Studio Code | 2026-06-12 | 7.1 High |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-44206 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, DB Schema Enumeration is possible through exploiting an endpoint. This issue has been patched in versions 15.107.2 and 16.17.4. | ||||
| CVE-2026-49234 | 1 Nlnetlabs | 1 Routinator | 2026-06-12 | 7.5 High |
| When sending a specifically crafted non-UTF-8 string as select-asn query parameter to the /api/v1/origins endpoint, Routinator crashes. This only affects users who allow API access from untrusted networks. | ||||
| CVE-2026-21033 | 2 Samsung, Samsung Mobile | 2 Assistant, Samsung Assistant | 2026-06-12 | 7.1 High |
| Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | ||||
| CVE-2026-42970 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 5.5 Medium |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42971 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-11 | 5.5 Medium |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42907 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-11 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-47909 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-06-11 | 6.3 Medium |
| Dreamweaver Desktop versions 21.7 and earlier are affected by an Improper Input Validation vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended access scope. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-40376 | 1 Microsoft | 1 Visual Studio Code | 2026-06-11 | 7.5 High |
| Improper input validation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-49218 | 1 Imagemagick | 1 Imagemagick | 2026-06-11 | 7.5 High |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check in the DCM decoder could result in an image with invalid dimensions and that could cause crashes in other operation. This issue has been patched in versions 6.9.13-48 and 7.1.2-24. | ||||
| CVE-2026-49219 | 1 Imagemagick | 1 Imagemagick | 2026-06-11 | 5.5 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, an incorrect parsing of the filename can result in a policy bypass and read files disallowed by a security policy using a symlink. This issue has been patched in versions 6.9.13-48 and 7.1.2-24. | ||||
| CVE-2025-37789 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-11 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. | ||||
| CVE-2025-38085 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-06-11 | 4.7 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table used in another process in which unrelated VMAs can afterwards be installed. If this happens in the middle of a concurrent gup_fast(), gup_fast() could end up walking the page tables of another process. While I don't see any way in which that immediately leads to kernel memory corruption, it is really weird and unexpected. Fix it with an explicit broadcast IPI through tlb_remove_table_sync_one(), just like we do in khugepaged when removing page tables for a THP collapse. | ||||
| CVE-2026-47165 | 1 Imagemagick | 1 Imagemagick | 2026-06-11 | 4.1 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-23, the distributed pixel cache was originally designed to operate without a challenge–response authentication model. This has been changed in versions 6.9.13-48 and 7.1.2-23. | ||||
| CVE-2026-45636 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7.8 High |
| Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45328 | 1 Espressif | 1 Esp-idf | 2026-06-11 | 9.3 Critical |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.4 and 6.0, the esp_tee component exposes secure-service wrappers in esp_secure_services.c and esp_secure_services_iram.c that bridge calls from the user application (i.e. the REE) to TEE-protected hardware peripherals (AES, SHA, ECC, HMAC, SPI, MMU, WDT) and to the security feature like attestation, OTA updates, secure storage. This issue has been patched in versions 5.5.5 and 6.0.1. | ||||