Export limit exceeded: 355330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-49510 | 2026-06-04 | 6.1 Medium | ||
| Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f. | ||||
| CVE-2026-50206 | 2026-06-04 | N/A | ||
| Incoming VPN network profile settings fail to process special characters safely, enabling command injection via malicious config files. | ||||
| CVE-2026-50207 | 2026-06-04 | N/A | ||
| The system Binder boundary accepts unverified pass-through AT commands, giving local applications the power to read baseband files or disable cellular connectivity. | ||||
| CVE-2026-50225 | 2026-06-04 | N/A | ||
| The registration path /v1/account/register provides no bot mitigation mechanisms, allowing malicious automated systems to flood the database. | ||||
| CVE-2026-50226 | 2026-06-04 | N/A | ||
| Fixed AES-128-CBC keys inside the AcerConnect OTA application let attackers forge authorization credentials for arbitrary IMEI numbers. This allows unauthorized actors to list catalog items and extract protected binaries from pre-signed cloud links. | ||||
| CVE-2026-47320 | 2026-06-04 | 6.1 Medium | ||
| Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3. | ||||
| CVE-2026-47319 | 2026-06-04 | 6.1 Medium | ||
| Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd. | ||||
| CVE-2026-10305 | 2026-06-04 | 6.1 Medium | ||
| Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd. | ||||
| CVE-2026-47306 | 2026-06-04 | 6.1 Medium | ||
| Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945. | ||||
| CVE-2026-8916 | 2026-06-04 | 6.1 Medium | ||
| Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635. | ||||
| CVE-2026-49771 | 2026-06-04 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in 10Web Photo Gallery by 10Web allows Blind SQL Injection. This issue affects Photo Gallery by 10Web: from n/a through 1.8.41. | ||||
| CVE-2026-10840 | 1 Redhat | 2 Openshift Builds, Openshift Pipelines | 2026-06-04 | 9.6 Critical |
| A flaw was found in the OpenShift Pipelines operator. The tekton-scheduler-rolebinding ClusterRoleBinding grants the system:authenticated group write access to Kueue and cert-manager custom resources via the tekton-scheduler-role ClusterRole. When Kueue or cert-manager CRDs are present on the cluster, any authenticated user can disrupt workload scheduling, tamper with scheduling priorities, delete other tenants' Workload objects, or induce cert-manager to overwrite TLS Secrets including the default ingress controller certificate. | ||||
| CVE-2026-34003 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-04 | 7.8 High |
| A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible. | ||||
| CVE-2026-34001 | 2 Redhat, X.org | 9 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 6 more | 2026-06-04 | 7.8 High |
| A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system. | ||||
| CVE-2026-33999 | 1 Redhat | 8 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 5 more | 2026-06-04 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2026-49077 | 2026-06-04 | 5.3 Medium | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Tips and Tricks HQ WP eMember allows Retrieve Embedded Sensitive Data. This issue affects WP eMember: from n/a through v10.2.2. | ||||
| CVE-2026-10800 | 1 Paddlepaddle | 1 Fastdeploy | 2026-06-04 | 3.6 Low |
| A weakness has been identified in PaddlePaddle FastDeploy up to 2.4.1. Affected by this issue is the function hash_features of the file fastdeploy/multimodal/hasher.py of the component MultimodalHasher. Executing a manipulation can lead to use of weak hash. The attack requires local access. A high complexity level is associated with this attack. The exploitation is known to be difficult. This patch is called 374945747652a8d32965591c0c01a00c88b7067f. Applying a patch is advised to resolve this issue. | ||||
| CVE-2025-62582 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaview | 2026-06-04 | 8.1 High |
| Delta Electronics DIAView has multiple vulnerabilities. | ||||
| CVE-2025-62581 | 2 Delta Electronics, Deltaww | 2 Diaview, Diaview | 2026-06-04 | 9.8 Critical |
| Delta Electronics DIAView has multiple vulnerabilities. | ||||
| CVE-2026-46447 | 1 Openstack | 1 Ironic | 2026-06-04 | 5.8 Medium |
| OpenStack Ironic before 35.0.2 allows Boot Script Injection of an iPXE script if the attacker can set node.driver_info or node.instance_info. | ||||