Export limit exceeded: 357106 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357106 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0409 | 1 Netgear | 1 Orbi 370 | 2026-06-09 | N/A |
| A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7. | ||||
| CVE-2026-9213 | 1 Netgear | 4 Mr70, Ms70, Raxe500 and 1 more | 2026-06-09 | N/A |
| A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device. | ||||
| CVE-2026-3088 | 1 Netgear | 8 Rbr860, Rbre950, Rbre960 and 5 more | 2026-06-09 | N/A |
| Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests. | ||||
| CVE-2026-9211 | 1 Netgear | 4 Cax30, Rax30, Rax5 and 1 more | 2026-06-09 | N/A |
| An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation. | ||||
| CVE-2026-9210 | 1 Netgear | 31 Ex3700, Ex3800, Ex6120 and 28 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0417 | 1 Netgear | 27 Mr60, Mr70, Mr80 and 24 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in NETGEAR devices allows authenticated administrators connected to the local network to tamper with the router's integrity. | ||||
| CVE-2026-0418 | 1 Netgear | 35 Cbr750, Ex6120, Ex6130 and 32 more | 2026-06-09 | N/A |
| Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system. | ||||
| CVE-2026-0413 | 1 Netgear | 14 Rbe37x, Rbe77x, Rbr750 and 11 more | 2026-06-09 | N/A |
| Insufficient input validation of buffers vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0414 | 1 Netgear | 1 Rbe97x | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0415 | 1 Netgear | 13 Rbe97x, Rbr750, Rbr840 and 10 more | 2026-06-09 | N/A |
| Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality. | ||||
| CVE-2026-0411 | 1 Netgear | 4 Rbe97x, Rbr350, Rbr760 and 1 more | 2026-06-09 | N/A |
| An information disclosure vulnerability in the NETGEAR Orbi satellites could allow a user connected to your network to gain administrator access to the Orbi router. The listed NETGEAR models are affected by this vulnerability. Orbi WiFi Systems without satellite devices are not impacted by this issue. | ||||
| CVE-2026-9212 | 1 Netgear | 25 Lbr1020, Lbr20, R6700ax and 22 more | 2026-06-09 | N/A |
| Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations. | ||||
| CVE-2026-46492 | 1 Commenthol | 1 Md-fileserver | 2026-06-09 | 7.2 High |
| md-fileserver allows for local viewing of markdown files in a browser. Prior to version 1.10.3, a cross-site scripting (XSS) vulnerability exists in the application’s Markdown rendering logic. When user-supplied Markdown content is rendered, embedded raw HTML—including <script> tags—is processed and injected into the resulting page without sanitization, allowing arbitrary JavaScript execution in the context of the affected domain. This issue has been patched in version 1.10.3. | ||||
| CVE-2026-22926 | 1 Omnissa | 1 Omnissa Workspace One Assist For Macos | 2026-06-09 | 7.8 High |
| Omnissa Workspace ONE® Assist for macOS contains a Local Privilege Escalation Vulnerability. | ||||
| CVE-2026-26142 | 1 Microsoft | 4 Nuance Powerscribe 360, Nuance Powerscribe One, Powerscribe One Version 2023.1 Sp2 and 1 more | 2026-06-09 | 9.8 Critical |
| Deserialization of untrusted data in Nuance PowerScribe allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-40371 | 1 Microsoft | 2 Dynamics 365, Dynamics 365 Server | 2026-06-09 | 8.8 High |
| Improper handling of insufficient permissions or privileges in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42987 | 1 Microsoft | 12 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 9 more | 2026-06-09 | 8.1 High |
| Use after free in Windows Deployment Services allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-49475 | 1 Signalwire | 1 Freeswitch | 2026-06-09 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-9076 | 1 Openssl | 1 Openssl | 2026-06-09 | 7.5 High |
| Issue summary: When CMS password-based decryption (RFC 3211 / PWRI key unwrap) processes attacker-supplied CMS data, an attacker-chosen stream-mode KEK cipher can trigger a heap out-of-bounds read in kek_unwrap_key(). Impact summary: A heap buffer over-read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not revealed to the attacker. The key unwrapping function performs a check-byte test as specified in the RFC that reads 7 bytes from a heap allocation that is based on the wrapped key length from the message. There is a minimum length check based on the block length of the wrapping cipher. However the cipher is selected from an OID carried in the attacker's PWRI keyEncryptionAlgorithm with no requirement that the cipher be a block cipher. When an attacker selects a stream-mode cipher the guard will be ineffective and the allocated buffer containing the unwrapped key can be too small to fit the check-bytes specified in the RFC and a buffer over-read can happen. Applications calling CMS_decrypt() or CMS_decrypt_set1_password() (equivalently openssl cms -decrypt -pwri_password ...) on untrusted CMS data are vulnerable to this issue. No password knowledge is required: the over-read happens during the unwrap attempt before any authentication succeeds. The over-read is limited to a few bytes and is not written to output, so there is no information disclosure. Triggering a crash requires the allocation to border unmapped memory, which is unlikely with the normal allocator. The FIPS modules are not affected by this issue. | ||||
| CVE-2026-6444 | 2026-06-09 | N/A | ||
| A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges. | ||||