Export limit exceeded: 357340 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357340 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50639 | 2026-06-10 | 6.5 Medium | ||
| Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics,separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections. | ||||
| CVE-2026-10740 | 1 Aws | 1 S2n-quic | 2026-06-10 | 5.3 Medium |
| Unbounded memory allocation in the CRYPTO frame reassembler in s2n-quic before 1.8.2 may allow an unauthenticated remote actor to cause a denial of service (degraded availability) by sending crafted QUIC Initial packets. To remediate this issue, users should upgrade to v1.8.2. | ||||
| CVE-2026-7930 | 1 Google | 1 Chrome | 2026-06-10 | 9.6 Critical |
| Is not a vulnerability, is a feature bug. | ||||
| CVE-2026-4447 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-10 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 146.0.7680.153 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0677 | 2 Totalsuite, Wordpress | 2 Totalcontest, Wordpress | 2026-06-10 | 6.3 Medium |
| Deserialization of Untrusted Data vulnerability in TotalSuite TotalContest Lite totalcontest-lite allows Object Injection.This issue affects TotalContest Lite: from n/a through <= 2.9.1. | ||||
| CVE-2025-70420 | 1 Genesys | 1 Latitude | 2026-06-10 | N/A |
| DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. | ||||
| CVE-2026-36778 | 1 Tenda | 1 O3 Wireless Router | 2026-06-10 | 4.9 Medium |
| Shenzhen Tenda Technology Co., Ltd Tenda O3 Wireless Router v1.0.0.5(4180) was discovered to contain a stack overflow in the username parameter of the R7WebsSecurityHandler function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-36791 | 1 Tenda | 1 O3v3 | 2026-06-10 | 7.5 High |
| Shenzhen Tenda Technology Co., Ltd Tenda O3v3 v1.0.0.5 was discovered to contain a stack overflow in the save_list_data parameter of the formSetCfm function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-49823 | 2026-06-10 | 7.7 High | ||
| Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, a Fission Function spec carries three reference types — Secret, ConfigMap, and Package. The first two were namespace-validated by the admission webhook; PackageRef.Namespace was not. This issue has been patched in version 1.24.0. | ||||
| CVE-2026-11626 | 2026-06-10 | N/A | ||
| CleanWipe Removal Tool (macOS), prior to 16.0.0.65, may be susceptible to an Local Privilege Escalation vulnerability, which is a type of issue whereby an attacker with limited privilege access on an affected system can escalate their privileges to gain administrative control. | ||||
| CVE-2026-10142 | 2026-06-10 | 7.5 High | ||
| kafka-python prior to 2.3.2 contains a denial-of-service vulnerability in the protocol parser that allows a malicious broker or machine-in-the-middle attacker to exhaust memory or hang connections by sending a crafted 4-byte frame length value without bounds validation. Attackers can send a specially crafted frame length through the receive_bytes() function to trigger either a multi-gigabyte memory allocation or an uncaught ValueError that leaves the connection in a broken state, causing requests to hang and consumers to stop heartbeating until restart. | ||||
| CVE-2026-46669 | 2026-06-10 | N/A | ||
| OpenVM is a performant and modular zkVM framework built for customization and extensibility. Prior to version 1.6.0, the openvm-pairing guest library's try_honest_pairing_check function invokes Theorem 3 of https://eprint.iacr.org/2024/640.pdf but does not check that the scaling factor s is in a proper subfield of Fp12. This allows incorrect results to the pairing check. This issue has been patched in version 1.6.0. | ||||
| CVE-2026-46654 | 2026-06-10 | N/A | ||
| Plonky3 is a toolkit for polynomial IOPs (PIOPs). Prior to versions 0.4.3 and 0.5.3, an attacker controlling prover-side observations can craft distinct transcripts that produce identical challenges, breaking the binding property of Fiat-Shamir. This issue has been patched in versions 0.4.3 and 0.5.3. | ||||
| CVE-2026-45600 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-10 | 7.8 High |
| Access of resource using incompatible type ('type confusion') in Windows Kernel-Mode Drivers allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-35188 | 1 Openssl | 1 Openssl | 2026-06-10 | 5 Medium |
| Issue summary: A malicious server can exploit TLS OCSP stapling by delivering a crafted response through the status_request extension, triggering a double-free in the client's certificate verification path. Impact summary: Successful exploitation allows an attacker to corrupt heap memory via a double-free, potentially leading to a Denial of Service or possibly an attacker controlled code execution or other undefined behavior. If OCSP stapling is enabled and the TLS client connects to a malicious server, a crafted OCSP stapled response can trigger a double free in the TLS client when the stapled response is checked. The OCSP stapling is not enabled by default. Reliable code execution through a double-free is technically complex and highly environment-dependent but the Denial of Service impact is straightforward to achieve, warranting Moderate severity. No FIPS modules are affected by this issue as the affected code is outside the OpenSSL FIPS module boundary. | ||||
| CVE-2026-33828 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 7.8 High |
| Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-11666 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-10 | 5.4 Medium |
| Insufficient validation of untrusted input in Input in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-36723 | 1 Bookcars | 1 Bookcars | 2026-06-10 | 8.8 High |
| An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables unauthorized access to sensitive files, the overwriting of critical application files, and remote code execution (RCE). | ||||
| CVE-2026-11596 | 1 Connectwise | 1 Screenconnect | 2026-06-10 | 4.7 Medium |
| In ScreenConnect™ versions prior to 26.2, input validation within the Host Pass creation functionality could allow an authenticated user with Host Pass creation privileges the ability to specify a token expiration duration beyond the intended maximum when generating delegated access tokens. | ||||
| CVE-2026-34335 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||