Export limit exceeded: 355184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 355184 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355184 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-10661 | 1 Ahujasid | 1 Blender-mcp | 2026-06-03 | 4.3 Medium |
| A vulnerability has been found in ahujasid blender-mcp up to 7636d13bded82eca58eb93c3f4cd8708dfdfbe8b. Impacted is the function Open of the file src/blender_mcp/server.py. The manipulation of the argument input_image_url leads to injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided. The identifier of the patch is 5b37be25242e73dc4cf1328974d30458b9e5d67e. To fix this issue, it is recommended to deploy a patch. | ||||
| CVE-2026-10704 | 1 Sourcecodester | 2 Pizzafy E-commerce System, Pizzafy Ecommerce System | 2026-06-03 | 7.3 High |
| A vulnerability was detected in SourceCodester Pizzafy E-Commerce System 1.0. Affected by this vulnerability is the function Login of the file /admin/admin_class_novo.php of the component Administrative Control Panel. The manipulation of the argument Username results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-5760 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-06-03 | 9.8 Critical |
| SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). | ||||
| CVE-2026-0096 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0097 | 1 Google | 1 Android | 2026-06-03 | 8 High |
| In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0098 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0099 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-0100 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-7453 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 5.5 Medium |
| A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can cause a Stack Exhaustion vulnerability, leading to a denial-of-service condition. | ||||
| CVE-2026-7450 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 5.5 Medium |
| A maliciously crafted PAR file, when parsed through Autodesk 3ds Max, can force a NULL Pointer Dereference vulnerability. Successful exploitation may cause the application to crash, leading to a denial-of-service condition. | ||||
| CVE-2026-0661 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 8.4 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0660 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 8.4 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can cause a Stack-Based Buffer Overflow vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-28578 | 1 Google | 1 Android | 2026-06-03 | 5.5 Medium |
| In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28580 | 1 Google | 1 Android | 2026-06-03 | 7.8 High |
| In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-45289 | 1 Cloudburstmc | 1 Protocol | 2026-06-03 | 5.3 Medium |
| CloudburstMC Protocol is a protocol library for Minecraft Bedrock Edition. Prior to version 3.0.0.Beta12-20260420.182526-15, CloudburstMC Protocol is partially missing validation for FULL type authentication tokens (Cloudburst/Protocol). This vulnerability impacts publicly accessible software depending on the affected versions of Protocol, specifically the EncryptionUtils methods to validate auth payloads for FULL type tokens. This issue has been patched in version 3.0.0.Beta12-20260420.182526-15. | ||||
| CVE-2026-0538 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 8.4 High |
| A maliciously crafted GIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-0537 | 1 Autodesk | 1 3ds Max | 2026-06-03 | 8.4 High |
| A maliciously crafted RGB file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | ||||
| CVE-2026-50052 | 2026-06-03 | N/A | ||
| In Vinyl Cache before 9.0.1 and Varnish Cache before 9.0.3, a deficiency in HTTP/2 request parsing can be exploited to launch a backend request desync attack (request smuggling), which in turn can be used for cache poisoning, authentication bypass, or possibly even information disclosure and manipulation. The attack vector only exists if HTTP/2 support is enabled by setting the feature parameter to contain +http2. HTTP/2 support is disabled by default. | ||||
| CVE-2026-35075 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 9.8 Critical |
| An unauthenticated remote attacker can recover a default, hard coded password from a firmware image and thus gain full access to all affected devices. | ||||
| CVE-2026-35078 | 1 Mbs | 18 Double A Profibus Firmware, Double A X Link Firmware, Double X Can Firmware and 15 more | 2026-06-03 | 8.1 High |
| The ugw-logstop method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input. | ||||