Export limit exceeded: 356032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356032 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47273 | 1 Synology | 1 Hyper Backup | 2026-06-05 | 4.3 Medium |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup Task functionality in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users to write specific files via unspecified vectors. | ||||
| CVE-2024-47263 | 1 Synology | 1 Hyper Backup | 2026-06-05 | 4.1 Medium |
| An improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in Backup.Repository webapi component in Synology Hyper Backup before 4.1.2-4036 allows remote authenticated users with administrator privileges to write specific files containing non-sensitive information via unspecified vectors. | ||||
| CVE-2025-8873 | 1 Arista | 1 Eos | 2026-06-05 | 7.5 High |
| On affected platforms running Arista EOS with IPsec configured, a specially crafted packet can cause the dataplane to stop processing all IPsec traffic. The control plane may detect this condition, and attempt to reset the IPsec processing pipeline. After reset traffic may not resume being processed. There is no impact to non-IPsec traffic or to IPsec traffic not originating or terminating on the system. This issue was reported by an Arista customer. | ||||
| CVE-2023-5502 | 1 Arista | 1 Eos | 2026-06-05 | 5.9 Medium |
| On affected platforms running Arista EOS with 802.1x authentication configured on the access/trunk ports, and routing enabled on the access VLAN of the ports, a malicious supplicant may be able to bypass the requirement to perform 802.1x authentication. | ||||
| CVE-2026-11071 | 1 Google | 1 Chrome | 2026-06-05 | 8.8 High |
| Use after free in Base in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11075 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Out of bounds read in V8 in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11080 | 1 Google | 1 Chrome | 2026-06-05 | 8.8 High |
| Use after free in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11087 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Uninitialized Use in ANGLE in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11093 | 1 Google | 1 Chrome | 2026-06-05 | 6.5 Medium |
| Inappropriate implementation in Printing in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-11094 | 1 Google | 1 Chrome | 2026-06-05 | 9.6 Critical |
| Use after free in Codecs in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-27892 | 1 Arista | 1 Eos | 2026-06-05 | 9.6 Critical |
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||||
| CVE-2024-27890 | 1 Arista | 1 Eos | 2026-06-05 | 9.6 Critical |
| Affected platforms running Arista EOS with OpenConfig configured, a gNMI Set request can be run when it should have been rejected. This can result in unexpected configuration being applied to the switch. | ||||
| CVE-2024-27891 | 1 Arista | 1 Eos | 2026-06-05 | 5.3 Medium |
| On affected platforms running Arista EOS with MACsec and egress ACLs configured on the same interfaces, the ACL policies may not be enforced for packets egressing on those ports. This can cause outgoing packets to incorrectly be allowed or denied. | ||||
| CVE-2026-21404 | 1 Navtor | 1 Navbox | 2026-06-05 | 6.3 Medium |
| NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation (SOAP) implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the SOAP interface grants access to privileged WCF methods, enabling an attacker to write or overwrite files within application-defined paths. | ||||
| CVE-2026-50590 | 1 Mimecast | 1 Incydr | 2026-06-05 | 4.5 Medium |
| In Mimecast Incydr before 2.6.0, arbitrary file access can occur. | ||||
| CVE-2026-50591 | 1 Znuny | 1 Znuny | 2026-06-05 | 5.4 Medium |
| In Znuny LTS before 6.5.21 and Znuny before 7.3.3, XSS can occur via stored user preferences. | ||||
| CVE-2026-50593 | 1 Graphite Project | 1 Graphite | 2026-06-05 | 7.3 High |
| Graphite before 1.3.15 has an integer underflow and resultant out-of-bounds write via Graphite actions, because slotat does not ensure that an offset is within the allowed slot-map range. | ||||
| CVE-2026-50592 | 1 Znuny | 1 Znuny | 2026-06-05 | 6.4 Medium |
| In Znuny LTS before 6.5.21 and Znuny before 7.3.3, there is reflected XSS in AdminCommunicationLog (aka the communication log administration view). | ||||
| CVE-2023-52951 | 1 Synology | 2 Note Station Client, Synology Note Station Client | 2026-06-05 | 5.9 Medium |
| A cleartext transmission of sensitive information vulnerability in Synology Note Station Client before 2.2.4-703 allows man-in-the-middle attackers to obtain user credential. | ||||
| CVE-2022-49042 | 1 Synology | 2 Hyper Backup Explorer, Synology Hyper Backup Explorer | 2026-06-05 | 7.8 High |
| An inclusion of functionality from untrusted control sphere vulnerability in MinGW DLL component in Synology Hyper Backup Explorer before 3.0.1-0156 allows local users to execute arbitrary code via unspecified vectors. | ||||