Export limit exceeded: 354940 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354940 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39555 | 2 Elated-themes, Wordpress | 2 Askka, Wordpress | 2026-06-02 | 8.1 High |
| Deserialization of Untrusted Data vulnerability in Elated-Themes Askka allows Object Injection. This issue affects Askka: from n/a through 1.3.1. | ||||
| CVE-2026-49782 | 2 Elementor, Wordpress | 2 Elementor Website Builder, Wordpress | 2026-06-02 | 5.4 Medium |
| Missing Authorization vulnerability in Elementor Elementor Website Builder allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Elementor Website Builder: from n/a through 4.1.0. | ||||
| CVE-2026-44367 | 2026-06-02 | 2.7 Low | ||
| Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4. | ||||
| CVE-2026-34460 | 2026-06-02 | 5.4 Medium | ||
| NamelessMC is website software for Minecraft servers. In versions 2.2.4 and prior, the OAuth callback handling does not validate the state parameter server-side before exchanging the authorization code. This allows an attacker to capture a valid OAuth callback URL for their own account and cause a victim's browser to navigate to it, resulting in the victim's session being authenticated as the attacker-linked account (OAuth login CSRF / session swapping). This is patched in version 2.2.5. | ||||
| CVE-2025-59610 | 1 Qualcomm | 472 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, C-v2x 9150 and 469 more | 2026-06-02 | 6.4 Medium |
| Memory Corruption when processing IOCTL requests with mismatched API versions due to concurrent modification of user-space buffer. | ||||
| CVE-2025-59611 | 1 Qualcomm | 100 Aqt1000, Aqt1000 Firmware, Cologne and 97 more | 2026-06-02 | 6.7 Medium |
| Memory corruption in diagnostic services due to absence of input validation | ||||
| CVE-2025-59612 | 1 Qualcomm | 63 Cologne, Cologne Firmware, Fastconnect 6700 and 60 more | 2026-06-02 | 6.7 Medium |
| Memory corruption in windows drivers while sending incorrect trusted application request | ||||
| CVE-2025-59613 | 1 Qualcomm | 89 Cologne, Cologne Firmware, Fastconnect 6700 and 86 more | 2026-06-02 | 6.7 Medium |
| Memory Corruption when output buffer size is smaller than input buffer size during data copying operation. | ||||
| CVE-2025-59614 | 1 Qualcomm | 43 Cologne, Cologne Firmware, Fastconnect 6900 and 40 more | 2026-06-02 | 6.7 Medium |
| Memory Corruption when sending random number generator command with insufficient output buffer size. | ||||
| CVE-2026-24085 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing display command line information due to improper initialization of a variable. | ||||
| CVE-2026-24087 | 1 Qualcomm | 431 Ar8031, Ar8031 Firmware, Ar8035 and 428 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot OEM commands. | ||||
| CVE-2026-24088 | 1 Qualcomm | 493 Ar9380, Ar9380 Firmware, Csr8811 and 490 more | 2026-06-02 | 8.2 High |
| Cryptographic Issue while processing a specific partition which allows unauthorized write access to load a customized bootloader. | ||||
| CVE-2026-24089 | 1 Qualcomm | 439 Ar8031, Ar8031 Firmware, Ar8035 and 436 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with invalid input. | ||||
| CVE-2026-45686 | 2026-06-02 | 7.5 High | ||
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, a remotely reachable integer overflow in OBI's memcached text protocol parser can crash the OBI process and cause denial of service. When parsing memcached storage commands such as set, add, replace, append, prepend, or cas, OBI accepts extremely large <bytes> values and adds the payload delimiter length without checking for overflow. A crafted request with <bytes> set to math.MaxInt or math.MaxInt-1 causes the computed payload length to wrap negative and triggers a runtime panic in LargeBufferReader.Peek. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-24090 | 1 Qualcomm | 435 Ar8031, Ar8031 Firmware, Ar8035 and 432 more | 2026-06-02 | 7.1 High |
| Cryptographic issue while processing partition table entries allows unauthorized modification of boot flow. | ||||
| CVE-2026-45685 | 2026-06-02 | 7.5 High | ||
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.1.0 to before version 0.9.0, malformed MongoDB wire messages can trigger uncaught panics in the MongoDB TCP parser, allowing a remote unauthenticated attacker to crash the telemetry agent and cause a denial of service. The parser operates on raw attacker-controlled network payloads before the input is fully validated, so a single crafted message can terminate telemetry collection for the affected process or node. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-45684 | 2026-06-02 | 4.9 Medium | ||
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. From version 0.7.0 to before version 0.9.0, OBI's log enricher mishandles writev buffers by reading only the first iovec entry but using the total iov_iter.count as the copy length. When log injection is enabled, a crafted multi-segment writev call can make OBI read and overwrite memory beyond the first segment. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-24091 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with improperly formatted input. | ||||
| CVE-2026-45683 | 2026-06-02 | 3.8 Low | ||
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the Java TLS ioctl probe reads user-controlled ioctl pointers with bpf_probe_read instead of bpf_probe_read_user. An instrumented local process can therefore point OBI at kernel memory and cause that memory to be copied into telemetry. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-24092 | 1 Qualcomm | 437 Ar8031, Ar8031 Firmware, Ar8035 and 434 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing fastboot commands to set display mode. | ||||