Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (356047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36785 | 1 Tenda | 1 Fh451 | 2026-06-07 | N/A |
| Shenzhen Tenda Technology Co., Ltd Tenda FH451 V1.0.0.9 was discovered to contain a stack overflow in the page parameter of the fromDhcpListClient function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | ||||
| CVE-2026-6274 | 1 Dts Electronics | 1 Redline Wr3200 | 2026-06-07 | 9.8 Critical |
| Improper Authentication, Missing authentication for critical function, Weak Authentication vulnerability in DTS Electronics Industry and Trade Ltd. Co. Redline WR3200 allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Redline WR3200: from 7.1.3 before 7.1.8. | ||||
| CVE-2026-8914 | 1 Teltonika-networks | 2 Rutos, Tswos | 2026-06-07 | N/A |
| In Teltonika Networks RUTOS devices, running versions 7.22 through 7.23.2 and TSWOS devices running versions 1.09 through 1.09.1, due to unsafe calls to an eval function in rpc-profile, a vulnerability exists where a lower privileged user could perform command injection as the root user. | ||||
| CVE-2026-21032 | 1 Samsung Mobile | 1 Samsung Assistant | 2026-06-07 | N/A |
| Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | ||||
| CVE-2026-21033 | 1 Samsung Mobile | 1 Samsung Assistant | 2026-06-07 | N/A |
| Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | ||||
| CVE-2026-21034 | 1 Samsung Mobile | 1 Samsung Auto | 2026-06-07 | N/A |
| Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration. | ||||
| CVE-2026-21035 | 1 Samsung Mobile | 1 Samsung Plus Tv | 2026-06-07 | N/A |
| Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. | ||||
| CVE-2026-21036 | 1 Samsung Mobile | 1 Samsung Internet | 2026-06-07 | N/A |
| Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | ||||
| CVE-2026-21037 | 1 Samsung Mobile | 1 Samsung Members | 2026-06-07 | N/A |
| Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | ||||
| CVE-2026-21038 | 1 Samsung Mobile | 1 Android Usb Driver For Windows | 2026-06-07 | N/A |
| Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory. | ||||
| CVE-2026-50257 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in miSyncDestroyFence(). A client that sets up multiple fence triggers can trigger a use-after-free function pointer call. An attacker would connect to the X server to set up a fence and await that fence, then a second X connection destroys the fence, causing the use-after-free. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50256 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50259 | 3 Redhat, X.org, Xorg | 3 Enterprise Linux, Xorg-server, Xwayland | 2026-06-07 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50258 | 2 Redhat, X.org | 2 Enterprise Linux, X Server | 2026-06-07 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50260 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50261 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50264 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 7.8 High |
| An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50262 | 2 Redhat, X.org | 2 Enterprise Linux, Xorg-server | 2026-06-07 | 5.5 Medium |
| An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default. | ||||
| CVE-2026-25657 | 1 Ericsson | 1 Packet Core Gateway (pcg) | 2026-06-07 | N/A |
| Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Syntactically Invalid Structure (CWE-228) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops. | ||||
| CVE-2026-25658 | 1 Ericsson | 1 Packet Core Gateway (pcg) | 2026-06-07 | N/A |
| Ericsson Packet Core Gateway (PCG) versions prior to 1.30 contain an Improper Handling of Missing Values (CWE-230) vulnerability where an attacker continuously sending a specially crafted message can cause service degradation. The impact continues as long the attack persists but the system recovers from the crashes when the attack stops. | ||||