Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-61021 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-26 | 7.5 High |
| An issue in the sqlo_natural_join_cond component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2026-40211 | 1 Powerdns | 1 Dnsdist | 2026-06-26 | 5.3 Medium |
| An attacker can send crafted DNS over HTTP/3 queries, triggering an exception that prevents some buffer from being freed right away. The buffer will be freed at the end of the QUIC connection, but on some setups it might be possible to open enough concurrent DoH3 streams to trigger an out-of-memory condition, resulting in a denial of service. | ||||
| CVE-2026-56006 | 2 H5p, Wordpress | 2 H5p, Wordpress | 2026-06-26 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in H5P <= 1.17.6 versions. | ||||
| CVE-2026-56050 | 2 Themeisle, Wordpress | 2 Ppom For Woocommerce, Wordpress | 2026-06-26 | 6.5 Medium |
| Improper Access Control vulnerability in Themeisle PPOM for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PPOM for WooCommerce: from n/a through 33.0.18. | ||||
| CVE-2024-9050 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-06-25 | 7.8 High |
| A flaw was found in the libreswan client plugin for NetworkManager (NetkworkManager-libreswan), where it fails to properly sanitize the VPN configuration from the local unprivileged user. In this configuration, composed by a key-value format, the plugin fails to escape special characters, leading the application to interpret values as keys. One of the most critical parameters that could be abused by a malicious user is the `leftupdown`key. This key takes an executable command as a value and is used to specify what executes as a callback in NetworkManager-libreswan to retrieve configuration settings back to NetworkManager. As NetworkManager uses Polkit to allow an unprivileged user to control the system's network configuration, a malicious actor could achieve local privilege escalation and potential code execution as root in the targeted machine by creating a malicious configuration. | ||||
| CVE-2025-0685 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Openshift and 1 more | 2026-06-25 | 6.4 Medium |
| A flaw was found in grub2. When reading data from a jfs filesystem, grub's jfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_jfs_lookup_symlink() function will write past the internal buffer length during grub_jfs_read_file(). This issue can be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. | ||||
| CVE-2025-0678 | 2 Gnu, Redhat | 5 Grub2, Enterprise Linux, Openshift and 2 more | 2026-06-25 | 7.8 High |
| A flaw was found in grub2. When reading data from a squash4 filesystem, grub's squash4 fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the direct_read() will perform a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and may result in arbitrary code execution, by-passing secure boot protections. | ||||
| CVE-2025-0684 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Openshift and 1 more | 2026-06-25 | 6.4 Medium |
| A flaw was found in grub2. When performing a symlink lookup from a reiserfs filesystem, grub's reiserfs fs module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciouly crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_reiserfs_read_symlink() will call grub_reiserfs_read_real() with a overflown length parameter, leading to a heap based out-of-bounds write during data reading. This flaw may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution, by-passing secure boot protections. | ||||
| CVE-2025-1057 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 4.3 Medium |
| A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas the updated registrar expects str. This issue leads to an exception when processing agent registration requests, causing the agent to fail. | ||||
| CVE-2025-0686 | 2 Gnu, Redhat | 4 Grub2, Enterprise Linux, Openshift and 1 more | 2026-06-25 | 6.4 Medium |
| A flaw was found in grub2. When performing a symlink lookup from a romfs filesystem, grub's romfs filesystem module uses user-controlled parameters from the filesystem geometry to determine the internal buffer size, however, it improperly checks for integer overflows. A maliciously crafted filesystem may lead some of those buffer size calculations to overflow, causing it to perform a grub_malloc() operation with a smaller size than expected. As a result, the grub_romfs_read_symlink() may cause out-of-bounds writes when the calling grub_disk_read() function. This issue may be leveraged to corrupt grub's internal critical data and can result in arbitrary code execution by-passing secure boot protections. | ||||
| CVE-2025-10990 | 1 Redhat | 4 Rhel Satellite Client, Satellite, Satellite Capsule and 1 more | 2026-06-25 | 7.5 High |
| A flaw was found in REXML. A remote attacker could exploit inefficient regular expression (regex) parsing when processing hex numeric character references (&#x...;) in XML documents. This could lead to a Regular Expression Denial of Service (ReDoS), impacting the availability of the affected component. This issue is the result of an incomplete fix for CVE-2024-49761. | ||||
| CVE-2026-42005 | 1 Powerdns | 1 Authoritative | 2026-06-25 | 4.3 Medium |
| An attacker can send a web request that causes unlimited memory allocation in the internal web server, leading to a denial of service. The internal web server is disabled by default. | ||||
| CVE-2026-42388 | 1 Powerdns | 1 Recursor | 2026-06-25 | 5.9 Medium |
| Incomplete validation of the SOA record present in a catalog zone might lead to a crash. | ||||
| CVE-2026-57619 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-06-25 | 6.5 Medium |
| Contributor Sensitive Data Exposure in Elementor Website Builder <= 4.1.3 versions. | ||||
| CVE-2026-27366 | 2 Mainwp, Wordpress | 2 Mainwp Child, Wordpress | 2026-06-25 | 7.5 High |
| Unauthenticated Broken Access Control in MainWP Child <= 6.1.1 versions. | ||||
| CVE-2025-2251 | 1 Redhat | 2 Jboss Enterprise Application Platform, Jbosseapxp | 2026-06-25 | 6.2 Medium |
| A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted serialized object, leading to remote code execution without requiring authentication. | ||||
| CVE-2025-2487 | 1 Redhat | 5 Directory Server, Directory Server Eus, Enterprise Linux and 2 more | 2026-06-25 | 4.9 Medium |
| A flaw was found in the 389-ds-base LDAP Server. This issue occurs when issuing a Modify DN LDAP operation through the ldap protocol, when the function return value is not tested and a NULL pointer is dereferenced. If a privileged user performs a ldap MODDN operation after a failed operation, it could lead to a Denial of Service (DoS) or system crash. | ||||
| CVE-2025-31179 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The xstrftime() function may lead to a segmentation fault, causing a system crash. | ||||
| CVE-2025-31178 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The GetAnnotateString() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-32051 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 5.9 Medium |
| A flaw was found in libsoup. The libsoup soup_uri_decode_data_uri() function may crash when processing malformed data URI. This flaw allows an attacker to cause a denial of service (DoS). | ||||