Export limit exceeded: 350468 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350468 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44217 | 1 Rexxars | 1 Sse-channel | 2026-05-13 | N/A |
| sse-channel is an SSE-implementation which can be used to any node.js http request/response stream. Prior to 4.0.1, implementations that allow user-provided values to be passed to event, retry or id fields are susceptible to event spoofing, where an attacker could inject arbitrary messages into the stream. This vulnerability is fixed in 4.0.1. | ||||
| CVE-2026-44221 | 1 Arcadedata | 1 Arcadedb | 2026-05-13 | 9 Critical |
| ArcadeDB is a Multi-Model DBMS. Prior to 2.6.4, authenticated users and API tokens scoped to a specific database could read, write, and mutate schema on any other database on the same server. Two distinct defects contributed: (1) ServerSecurityUser.getDatabaseUser() returned a DB user with an uninitialized fileAccessMap, which requestAccessOnFile treated as allow-all; (2) ArcadeDBServer.createDatabase() omitted factory.setSecurity(...) so any database created via POST /api/v1/server {"command":"create database X"} had its entire record-level authorization system silently disabled. In combination, record-level and database-level authorization could be bypassed by any authenticated principal. This vulnerability is fixed in 2.6.4. | ||||
| CVE-2026-44225 | 1 Enesgkky | 1 Pulpy | 2026-05-13 | 9.3 Critical |
| Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath() function is supposed to sandbox this access, but its blocklist is incomplete. Any web app packaged with Pulpy can read and write arbitrary files in the user's home directory — including ~/.ssh/id_rsa, ~/.aws/credentials, and ~/Library/Keychains/. This vulnerability is fixed in 0.1.1. | ||||
| CVE-2026-34677 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34666 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34679 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34670 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34665 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 7.5 High |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34667 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34673 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34668 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34680 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34688 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34678 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34669 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34671 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34672 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-35504 | 1 Subnet Solutions | 3 Powersystem Center 2020, Powersystem Center 2024, Powersystem Center 2026 | 2026-05-13 | 5.5 Medium |
| PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | ||||
| CVE-2025-65086 | 1 Ashlar Vellum | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-13 | N/A |
| An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed. | ||||
| CVE-2025-65087 | 1 Ashlar Vellum | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-13 | N/A |
| An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed. | ||||