Export limit exceeded: 22794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22794 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4424 | 2 Libarchive, Redhat | 21 Libarchive, Ai Inference Server, Discovery and 18 more | 2026-06-10 | 7.5 High |
| A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 13 Glib, Ai Inference Server, Enterprise Linux and 10 more | 2026-06-10 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 6 Libtiff, Ai Inference Server, Discovery and 3 more | 2026-06-10 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2026-48566 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-10 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||
| CVE-2021-4479 | 1 Draeger | 1 Atlan A350 | 2026-06-10 | 4 Medium |
| Dräger Atlan A350 versions 1.00 up to and including 1.01 contains an improper input handling vulnerability that allows attackers to cause a denial of service by sending specifically crafted non-Medibus-compliant data through the Medibus interface. Attackers can transmit malformed data to overload the internal processor, gradually disrupting device operation over several hours and causing loss of data transmission, delayed display of real-time curves, and deviation between displayed airway pressure values and screen curves. | ||||
| CVE-2026-11676 | 2 Google, Linux | 3 Chrome, Chrome Os, Linux Kernel | 2026-06-10 | 8.3 High |
| Insufficient validation of untrusted input in Dawn in Google Chrome on Linux and ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-46197 | 1 Linux | 1 Linux Kernel | 2026-06-10 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. (cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f) | ||||
| CVE-2026-46203 | 1 Linux | 1 Linux Kernel | 2026-06-10 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by Sashiko when reviewing a controller deregistration fix. | ||||
| CVE-2026-11669 | 1 Google | 2 Chrome, Chrome Os | 2026-06-10 | 5.3 Medium |
| Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-66280 | 1 Qnap Systems | 2 Qts, Quts Hero | 2026-06-10 | N/A |
| An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later | ||||
| CVE-2026-48574 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-49841 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 9.8 Critical |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49840 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 9.1 Critical |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49475 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-11645 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-10 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-45639 | 1 Microsoft | 28 Remote Desktop, Windows 10 1607, Windows 10 1809 and 25 more | 2026-06-10 | 7.5 High |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45455 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-06-10 | 3.3 Low |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42908 | 1 Microsoft | 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more | 2026-06-10 | 7.5 High |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45466 | 1 Microsoft | 8 365 Apps, Microsoft 365 Apps For Enterprise, Office 2021 and 5 more | 2026-06-10 | 3.3 Low |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-45460 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2026-06-10 | 4.7 Medium |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||