Export limit exceeded: 354956 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354956 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0069 | 1 Google | 1 Android | 2026-06-02 | 5.5 Medium |
| In verifySignature of ApkChecksums.java, there is a possible way to cause a crash due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-49753 | 1 Elixir-mint | 1 Mint | 2026-06-02 | N/A |
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in elixir-mint Mint allows attacker-controlled HTTP/1 servers to desynchronise response framing on shared connections. Mint's HTTP/1 Content-Length parser, Mint.HTTP1.Parse.content_length_header/1 in lib/mint/http1/parse.ex, parses the header value with Integer.parse/1, which accepts an optional + or - sign prefix. The length >= 0 guard rejects negatives, but inputs such as +0 or +123 are returned as valid lengths. RFC 7230 specifies Content-Length = 1*DIGIT, with no sign character permitted. A fronting proxy or load balancer that strictly enforces the grammar will reject or reframe a header like Content-Length: +0, while Mint silently treats it as zero. When Mint reuses the socket (keep-alive, pipelining, or any pooled connection shared across requesters), the parser disagreement is a response-smuggling primitive: the proxy delimits the body one way, Mint another, and bytes from one response get attributed to the next. Where the same Mint connection is shared across trust boundaries, an attacker-controlled upstream can leak bytes into a different consumer's response stream. This issue affects mint: from 0.1.0 before 1.9.0. | ||||
| CVE-2026-0075 | 1 Google | 1 Android | 2026-06-02 | 5.9 Medium |
| In multiple functions, there is a possible way to access the contacts database due to a SQL injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0096 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In getAppLabel of ForgetDeviceDialogFragment.java, there is a possible trick the user into forgetting a device due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-45681 | 1 Opentelemetry | 1 Opentelemetry-ebpf-instrumentation | 2026-06-02 | 5.9 Medium |
| OpenTelemetry eBPF Instrumentation provides eBPF instrumentation based on the OpenTelemetry standard. Prior to version 0.9.0, the per-CPU message-buffer fallback path uses a 256-byte backup buffer but preserves the original payload size, which can be up to 8KB. If a CPU mismatch occurs, OBI can read beyond the fallback buffer and leak adjacent memory into telemetry. This issue has been patched in version 0.9.0. | ||||
| CVE-2026-0097 | 1 Google | 1 Android | 2026-06-02 | 8 High |
| In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0098 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0099 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In onNullBinding of HostEmulationManager.java, there is a possible way to launch an activity from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2026-0100 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-45554 | 1 Zauberzeug | 1 Nicegui | 2026-06-02 | 5.3 Medium |
| NiceGUI is a Python-based UI framework. Prior to version 3.12.0, two FastAPI routes that serve per-component static assets in NiceGUI accept a sub-path parameter that may resolve to a directory rather than a file. Requests that resolve to a directory raise an unhandled RuntimeError inside Starlette's FileResponse, which Uvicorn writes to the server log as a full traceback. Because the routes are reachable without authentication, a remote attacker can amplify log volume and consume disk and log-pipeline capacity on any publicly reachable NiceGUI server. This issue has been patched in version 3.12.0. | ||||
| CVE-2026-28578 | 1 Google | 1 Android | 2026-06-02 | 5.5 Medium |
| In multiple functions of DevicePolicyManagerService.java, there is a possible desync from persistence due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28580 | 1 Google | 1 Android | 2026-06-02 | 7.8 High |
| In multiple functions, there is a possible desync in persistence due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-28581 | 1 Google | 1 Android | 2026-06-02 | 4 Medium |
| In fixInitiatingUserIfNecessary of CallIntentProcessor.java, there is a possible way to make an emergency call due to a logic error in the code. This could lead to local with null execution privileges needed. User interaction is null for exploitation. | ||||
| CVE-2026-28586 | 1 Google | 1 Android | 2026-06-02 | 3.3 Low |
| In multiple functions of AppOpsService.java, there is a possible missing permission check due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-59601 | 1 Qualcomm | 17 Fastconnect 7800, Fastconnect 7800 Firmware, Qca7005 and 14 more | 2026-06-02 | 6.5 Medium |
| Information Disclosure when resetting device to factory default settings through powerline interface allows unauthorized access to device configuration. | ||||
| CVE-2025-59604 | 1 Qualcomm | 531 Ar8035, Ar8035 Firmware, Cologne and 528 more | 2026-06-02 | 7.8 High |
| Memory Corruption when running a memory copy operation due to invalid writes caused by a null pointer. | ||||
| CVE-2025-59605 | 1 Qualcomm | 281 Ar8035, Ar8035 Firmware, Csra6620 and 278 more | 2026-06-02 | 7.8 High |
| Memory Corruption when processing device identifier strings that exceed the expected maximum length. | ||||
| CVE-2025-59606 | 1 Qualcomm | 282 Cologne, Cologne Firmware, Cq7790 and 279 more | 2026-06-02 | 7.8 High |
| Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||||
| CVE-2026-39831 | 1 Golang | 2 Crypto, Ssh | 2026-06-02 | 9.1 Critical |
| The Verify() method for FIDO/U2F security key types (sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com) did not check the User Presence flag. Signatures generated without physical touch were accepted, allowing unattended use of a hardware security key. To restore the previous behavior, return a "no-touch-required" extension in Permissions.Extensions from PublicKeyCallback. | ||||
| CVE-2026-37226 | 2026-06-02 | 7.5 High | ||
| FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iApp process (port 36422) by sending a subscription request with an arbitrary global_e2_node_id. | ||||