Export limit exceeded: 11429 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11429 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14543 | 1 Rti | 1 Connext Professional | 2026-05-04 | 9.1 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-42403 | 1 Apache | 1 Neethi | 2026-05-03 | 7.5 High |
| Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, leading to a stack overflow or application hang. An attacker can craft malicious policy documents with circular references to cause a Denial of Service condition Users are recommended to upgrade to version 3.2.2, which fixes this issue. | ||||
| CVE-2026-40685 | 1 Exim | 1 Exim | 2026-05-02 | 6.5 Medium |
| In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping. | ||||
| CVE-2026-6526 | 1 Wireshark | 1 Wireshark | 2026-05-02 | 5.5 Medium |
| RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 | ||||
| CVE-2026-34444 | 1 Scoder | 1 Lupa | 2026-05-01 | 10.0 Critical |
| Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution. | ||||
| CVE-2026-7510 | 1 Owasp | 1 Defectdojo | 2026-05-01 | 6.3 Medium |
| A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended. | ||||
| CVE-2026-6527 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-6528 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service | ||||
| CVE-2026-5409 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5299 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5401 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| AFP Spotlight protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5406 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| FC-SWILS protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5408 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| BT-DHT protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-6868 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| HTTP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-34219 | 2 Libp2p, Protocol | 2 Rust-libp2p, Libp2p-gossipsub | 2026-05-01 | 5.9 Medium |
| libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to version 0.49.4, the Rust libp2p Gossipsub implementation contains a remotely reachable panic in backoff expiry handling. After a peer sends a crafted PRUNE control message with an attacker-controlled, near-maximum backoff value, the value is accepted and stored as an Instant near the representable upper bound. On a later heartbeat, the implementation performs unchecked Instant + Duration arithmetic (backoff_time + slack), which can overflow and panic with: overflow when adding duration to instant. This issue is reachable from any Gossipsub peer over normal TCP + Noise + mplex/yamux connectivity and requires no further authentication beyond becoming a protocol peer. This issue has been patched in version 0.49.4. | ||||
| CVE-2026-40684 | 1 Exim | 1 Exim | 2026-05-01 | 5.9 Medium |
| In Exim before 4.99.2, on systems using musl libc (not glibc), an attacker can crash the connection instance when malformed DNS data is present in PTR records. This is caused by a dn_expand oddity in octal printing. | ||||
| CVE-2026-6537 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| ZigBee protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-30922 | 1 Pyasn1 | 1 Pyasn1 | 2026-05-01 | 7.5 High |
| pyasn1 is a generic ASN.1 library for Python. Prior to 0.6.3, the `pyasn1` library is vulnerable to a Denial of Service (DoS) attack caused by uncontrolled recursion when decoding ASN.1 data with deeply nested structures. An attacker can supply a crafted payload containing thousands of nested `SEQUENCE` (`0x30`) or `SET` (`0x31`) tags with "Indefinite Length" (`0x80`) markers. This forces the decoder to recursively call itself until the Python interpreter crashes with a `RecursionError` or consumes all available memory (OOM), crashing the host application. This is a distinct vulnerability from CVE-2026-23490 (which addressed integer overflows in OID decoding). The fix for CVE-2026-23490 (`MAX_OID_ARC_CONTINUATION_OCTETS`) does not mitigate this recursion issue. Version 0.6.3 fixes this specific issue. | ||||
| CVE-2026-39911 | 2 Hashgraph, Hedera | 2 Guardian, Guardian | 2026-05-01 | 8.8 High |
| Hashgraph Guardian through version 3.5.1, fixed in commit 45fbe2f, contains an unsandboxed JavaScript execution vulnerability in the Custom Logic policy block worker that allows authenticated Standard Registry users to execute arbitrary code by passing user-supplied JavaScript expressions directly to the Node.js Function() constructor without isolation. Attackers can import native Node.js modules to read arbitrary files from the container filesystem, access process environment variables containing sensitive credentials such as RSA private keys, JWT signing keys, and API tokens, and forge valid authentication tokens for any user including administrators. | ||||
| CVE-2026-6520 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||