Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361150 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361150 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-53159 | 1 Linux | 1 Linux Kernel | 2026-06-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA. | ||||
| CVE-2026-53171 | 1 Linux | 1 Linux Kernel | 2026-06-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: accel/ethosu: fix arithmetic issues in dma_length() dma_length() derives DMA region usage from command stream values and updates region_size[]: len = ((len + stride[0]) * size0 + stride[1]) * size1 region_size[region] = max(..., len + dma->offset) Several arithmetic issues can corrupt the derived region size: - signed stride values may underflow when added to len - intermediate multiplications may overflow - len + dma->offset may overflow during region_size updates - dma_length() error returns were not validated by the caller region_size[] is later used by ethosu_job.c to validate command stream accesses against GEM buffer sizes. Arithmetic wraparound can therefore under-report region usage and bypass the bounds validation. Fix by validating signed additions, using overflow helpers for multiplications and offset updates, and propagating dma_length() failures to the caller. | ||||
| CVE-2026-52810 | 1 Gogs | 1 Gogs | 2026-06-25 | N/A |
| Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string (so ?service=git-upload-pack is evaluated as read access) while routing still runs git receive-pack, allowing push where only read should be allowed. This vulnerability is fixed in 0.14.3. | ||||
| CVE-2026-39955 | 1 Cacti | 1 Cacti | 2026-06-25 | 9.8 Critical |
| Cacti is an open source performance and fault management framework. Versions 1.2.30 and prior have pre-authentication SQL Injection via unanchored FILTER_VALIDATE_REGEXP in graph_view.php. This issue has been fixed in version 1.2.31. | ||||
| CVE-2025-61028 | 1 Openlink | 1 Virtuoso-opensource | 2026-06-25 | 7.5 High |
| An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | ||||
| CVE-2026-54828 | 2026-06-25 | 7.5 High | ||
| Unauthenticated Broken Access Control in Motors <= 1.4.109 versions. | ||||
| CVE-2026-47154 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, a malformed GetProfileResponse message can trigger out-of-bounds reads while iterating interval entries and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Simple Metering cluster may be impacted. | ||||
| CVE-2026-47153 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, a malformed Level Control Step command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. | ||||
| CVE-2026-47152 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, a malformed Level Control Move command can terminate the process through a divide-by-zero fault. This command must come from a device that has already joined the network. Only devices supporting the Level Control cluster may be impacted. | ||||
| CVE-2026-47151 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed ClearWeekdaySchedule messages can trigger out-of-bounds writes into Door Lock schedule state. The size and location of this data is limited. These messages must come from a device that has already joined the network. Only devices supporting the Door Lock cluster may be impacted. | ||||
| CVE-2026-47150 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed IAS Zone enrollment messages can trigger an out-of-bounds state-table write and terminate the process. The size and location of this write is limited. These messages must come from a device that has already joined the network. Only devices supporting the IAS Zone cluster may be impacted. | ||||
| CVE-2026-47148 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed GetGroupMembership commands can trigger repeated reads past the end of the message payload and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Groups cluster may be impacted. | ||||
| CVE-2026-57429 | 2026-06-25 | 6.5 Medium | ||
| Contributor Broken Access Control in Slim SEO <= 4.6.2 versions. | ||||
| CVE-2026-47147 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed OTA requests can drive the OTA server parser into out-of-bounds reads. A limited amount of data from RAM is read back to the requester. The size and location of this data is limited. These requests must come from a device that has already joined the network. Only devices supporting the OTA Server cluster may be impacted. | ||||
| CVE-2026-56122 | 2026-06-25 | 7.5 High | ||
| Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traverse outside the webroot directory using traversal-prefixed paths in a single HTTP request to read any file accessible to the servlet engine process, including sensitive system files when the service runs with elevated privileges. | ||||
| CVE-2026-47146 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted. | ||||
| CVE-2026-47145 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed Color Control messages can lead to asserts that terminate the process. These messages must come from a device that has already joined the network. Only devices supporting the Color Control cluster may be impacted. | ||||
| CVE-2026-47149 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed or out-of-range Door Lock user identifiers can trigger out-of-bounds table reads and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. Only devices supporting the Door Lock cluster may be impacted. | ||||
| CVE-2026-4526 | 2026-06-25 | N/A | ||
| In EmberZNet v9.0.2 and earlier, malformed global ZCL messages can trigger out-of-bounds reads in framework parsing logic and terminate the process. These messages must come from a device that has already joined the network, and no information leakage back to the sender was observed. | ||||
| CVE-2026-2815 | 2026-06-25 | N/A | ||
| Incorrect use of the PUF key for user key generation in EFR32xG27 results in predictable keys | ||||