Export limit exceeded: 82243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (82243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24091 | 1 Qualcomm | 1 Snapdragon | 2026-06-01 | 7.2 High |
| Memory corruption while processing fastboot commands with improperly formatted input. | ||||
| CVE-2026-37223 | 2026-06-01 | 7.5 High | ||
| FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp process (port 36422) via SIGABRT. Since iApp and the near-RT RIC share one process, this terminates the entire RIC service and disconnects all E2 Nodes and xApps. | ||||
| CVE-2026-37224 | 2026-06-01 | 7.5 High | ||
| FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs with the same E2 node configuration, triggering SIGABRT. | ||||
| CVE-2026-40964 | 2026-06-01 | 7.5 High | ||
| Authentication Bypass in cf-auth-proxy in Cloud Foundry Foundation all installations allows an unauthenticated remote attacker to gain read access to every log and metric for every application and platform component via minting a JWT that the cf-auth-proxy accepts as a valid logs.admin token. Affected versions: - log-cache_release: all versions through v3.2.6 (inclusive); fixed in v3.2.7 or later - CF Deployment: all versions through v55.?.0 (inclusive); fixed in v55.?.0 or later (bundles log-cache_release v3.2.7) | ||||
| CVE-2018-25432 | 1 Armcode | 1 Arm Whois | 2026-06-01 | 8.4 High |
| Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through exception handler hijacking. | ||||
| CVE-2025-48615 | 1 Google | 1 Android | 2026-06-01 | 7.8 High |
| In getComponentName of MediaButtonReceiverHolder.java, there is a possible desync in persistence due to resource exhaustion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48612 | 1 Google | 1 Android | 2026-06-01 | 7.8 High |
| In setDefaultKey of DefaultPaymentSettings.java, there is a possible way for an application to set the main user's default NFC payment setting due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-48581 | 1 Google | 1 Android | 2026-06-01 | 8.4 High |
| In VerifyNoOverlapInSessions of apexd.cpp, there is a possible way to block security updates due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-37227 | 2026-06-01 | 7.5 High | ||
| FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type (e.g., E2nodeConfigurationUpdate) to crash the near-RT RIC process (port 36421) via SIGABRT. The message passes whitelist validation but triggers an unconditional assertion in the handler. | ||||
| CVE-2026-25276 | 2026-06-01 | 8.8 High | ||
| Memory corruption while using Strongbox due to missing bounds check. | ||||
| CVE-2026-24089 | 2026-06-01 | 7.2 High | ||
| Memory corruption while processing fastboot commands with invalid input. | ||||
| CVE-2025-59606 | 2026-06-01 | 7.8 High | ||
| Memory Corruption when writing to invalid memory locations occurs due to heap memory exhaustion during secure data initialization. | ||||
| CVE-2026-39292 | 1 Hansschouten | 1 Phppagebuilder | 2026-06-01 | 7.3 High |
| Falco Solutions PHPPageBuilder v0.31.0 contains an unrestricted file upload vulnerability in the pagemanager/pagebuilder module that allows remote attackers to upload arbitrary files and achieve remote code execution. The vulnerability exists due to insufficient validation of uploaded file types and executable content. | ||||
| CVE-2026-8501 | 2026-06-01 | 7.8 High | ||
| Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit this vulnerability to perform sensitive and privileged operations on the target system. | ||||
| CVE-2026-45722 | 1 Nextcloud | 1 Tables | 2026-06-01 | 7.1 High |
| Nextcloud is an open source content collaboration platform. From versions 0.9.0 to before 0.9.7, and 1.0.0 to before 1.0.2, a missing sanitization in the Tables app allowed a user with access to the tables app to perform a limited SQL injection in the ORDER BY statement of a query. Compared to normal SQL injections, the ORDER BY is limited to extracting a single bit of information per request or to make the database wait for a given time. This issue has been patched in versions 0.9.7 and 1.0.2. | ||||
| CVE-2026-10179 | 1 Trendnet | 1 Tew-432brp | 2026-06-01 | 8.8 High |
| A flaw has been found in TRENDnet TEW-432BRP 3.10B20. This issue affects the function formSetWlanEncrypt of the file /goform/formSetWlanEncrypt. This manipulation of the argument webpage causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor explains: "This product has been EOL for 15 years (since 2009). As the item has been EOL for such a long time, we are not able to replicate or fix any vulnerabilities." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2019-25718 | 2026-06-01 | 8.4 High | ||
| Dräger Infinity Explorer C700 contains a privilege escalation vulnerability that allows attackers to break out of kiosk mode and access the underlying operating system through a specific dialog interaction. Attackers can exploit this kiosk escape to take control of the operating system and cause the device to display incorrect or no information from the connected Delta Family patient monitor. | ||||
| CVE-2026-24751 | 1 Kiteworks | 1 Secure Data Forms | 2026-06-01 | 8.2 High |
| Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch. | ||||
| CVE-2026-10281 | 1 Enderfga | 1 Claw-orchestrator | 2026-06-01 | 7.3 High |
| A weakness has been identified in Enderfga claw-orchestrator up to 3.5.5. This affects the function EmbeddedServer of the file src/embedded-server.ts of the component API Endpoint. This manipulation causes missing authentication. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. Upgrading to version 3.5.6 mitigates this issue. Patch name: d0b02a800aa0689d9428cc4cc170e0b6589fb2c3. The affected component should be upgraded. | ||||
| CVE-2026-8643 | 1 Pypa | 1 Pip | 2026-06-01 | 8.0 High |
| pip would treat console_scripts and gui_scripts as paths instead of file names without sanitizing the resolved absolute path to the installation directory, leading to entry points being installed outside the installation directory. | ||||