Export limit exceeded: 340656 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6190 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25969 | 1 Imagemagick | 1 Imagemagick | 2026-02-26 | 5.3 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-15, a memory leak exists in `coders/ashlar.c`. The `WriteASHLARImage` allocates a structure. However, when an exception is thrown, the allocated memory is not properly released, resulting in a potential memory leak. Version 7.1.2-15 contains a patch. | ||||
| CVE-2023-6681 | 3 Fedoraproject, Latchset, Redhat | 7 Fedora, Jwcrypto, Ansible Automation Platform and 4 more | 2026-02-26 | 5.3 Medium |
| A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack. | ||||
| CVE-2025-71154 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: usb: rtl8150: fix memory leak on usb_submit_urb() failure In async_set_registers(), when usb_submit_urb() fails, the allocated async_req structure and URB are not freed, causing a memory leak. The completion callback async_set_reg_cb() is responsible for freeing these allocations, but it is only called after the URB is successfully submitted and completes (successfully or with error). If submission fails, the callback never runs and the memory is leaked. Fix this by freeing both the URB and the request structure in the error path when usb_submit_urb() fails. | ||||
| CVE-2025-71153 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix memory leak in get_file_all_info() In get_file_all_info(), if vfs_getattr() fails, the function returns immediately without freeing the allocated filename, leading to a memory leak. Fix this by freeing the filename before returning in this error case. | ||||
| CVE-2025-71151 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory and information leak in smb3_reconfigure() In smb3_reconfigure(), if smb3_sync_session_ctx_passwords() fails, the function returns immediately without freeing and erasing the newly allocated new_password and new_password2. This causes both a memory leak and a potential information leak. Fix this by calling kfree_sensitive() on both password buffers before returning in this error case. | ||||
| CVE-2025-71147 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with a cleanup helper. | ||||
| CVE-2025-71146 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conncount: fix leaked ct in error paths There are some situations where ct might be leaked as error paths are skipping the refcounted check and return immediately. In order to solve it make sure that the check is always called. | ||||
| CVE-2025-61146 | 2 Libsixel Project, Saitoha | 2 Libsixel, Libsixel | 2026-02-26 | 4 Medium |
| saitoha libsixel until v1.8.7 was discovered to contain a memory leak via the component malloc_stub.c. | ||||
| CVE-2026-26047 | 1 Moodle | 1 Moodle | 2026-02-26 | 6.5 Medium |
| A denial-of-service vulnerability was identified in Moodle’s TeX formula editor. When rendering TeX content using mimetex, insufficient execution time limits could allow specially crafted formulas to consume excessive server resources. An authenticated user could abuse this behavior to degrade performance or cause service interruption. | ||||
| CVE-2025-3032 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-02-26 | 7.4 High |
| Leaking of file descriptors from the fork server to web content processes could allow for privilege escalation attacks. This vulnerability affects Firefox < 137 and Thunderbird < 137. | ||||
| CVE-2025-20616 | 2026-02-26 | 5.5 Medium | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2025-29828 | 1 Microsoft | 10 Windows 11 22h2, Windows 11 22h2, Windows 11 23h2 and 7 more | 2026-02-26 | 8.1 High |
| Missing release of memory after effective lifetime in Windows Cryptographic Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-26423 | 1 Google | 1 Android | 2026-02-26 | 6.2 Medium |
| In validateIpConfiguration of WifiConfigurationUtil.java, there is a possible way to trigger a permanent DoS due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-43462 | 1 Apple | 6 Ios, Ipados, Iphone Os and 3 more | 2026-02-26 | 7.5 High |
| The issue was addressed with improved memory handling. This issue is fixed in tvOS 26.1, watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, visionOS 26.1. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2025-71163 | 1 Linux | 1 Linux Kernel | 2026-02-26 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface. | ||||
| CVE-2025-47148 | 1 F5 | 3 Big-ip, Big-ip Access Policy Manager, Big-ip Ssl Orchestrator | 2026-02-26 | 6.5 Medium |
| When the BIG-IP system is configured as both a Security Assertion Markup Language (SAML) service provider (SP) and Identity Provider (IdP), with single logout (SLO) enabled on an access policy, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-47150 | 1 F5 | 3 F5os, F5os-a, F5os-c | 2026-02-26 | 6.5 Medium |
| When SNMP is configured on F5OS Appliance and Chassis systems, undisclosed requests can cause an increase in SNMP memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-54805 | 1 F5 | 6 Big-ip, Big-ip Next, Big-ip Next Cloud-native Network Functions and 3 more | 2026-02-26 | 6.5 Medium |
| When an iRule is configured on a virtual server via the declarative API, upon re-instantiation, the cleanup process can cause an increase in the Traffic Management Microkernel (TMM) memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-61974 | 1 F5 | 6 Big-ip, Big-ip Next, Big-ip Next Cloud-native Network Functions and 3 more | 2026-02-26 | 7.5 High |
| When a client SSL profile is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2025-48615 | 1 Google | 1 Android | 2026-02-26 | 7.8 High |
| In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||