Export limit exceeded: 361374 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361374 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-12975 | 1 Redhat | 1 Apicurio Registry | 2026-06-26 | 8.5 High |
| A flaw was found in Apicurio Registry. The ContentTypeUtil.isParsableXml() method creates a SAXParserFactory without enabling secure processing features or disabling external entity resolution. An attacker with artifact-write permission (or unauthenticated when the registry runs with default configuration) can upload a crafted XML document to trigger blind server-side request forgery (SSRF) via external DTD/entity fetch, or cause denial of service via entity expansion. | ||||
| CVE-2026-48930 | 1 Nodejs | 1 Nodejs | 2026-06-26 | N/A |
| A flaw in Node.js TLS hostname handling can cause Embedded-nul hostnames can lead to silent authority rebinding due to c-string truncation in resolver bindings. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. | ||||
| CVE-2026-48928 | 1 Nodejs | 1 Nodejs | 2026-06-26 | N/A |
| A inconsistency in Node.js hostname matching can cause a trust-policy bypass in multi-context mTLS setups. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. | ||||
| CVE-2026-22879 | 1 Vtk | 1 Vtk | 2026-06-26 | 8.1 High |
| vtk vtk-dicom vtkDICOMItem::NewDataElement heap-based buffer overflow vulnerability | ||||
| CVE-2026-48934 | 1 Nodejs | 1 Nodejs | 2026-06-26 | N/A |
| A flaw in Node.js TLS host verification can cause an attacker to bypass certification validation. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. | ||||
| CVE-2026-48936 | 1 Nodejs | 1 Nodejs | 2026-06-26 | N/A |
| A flaw in Node.js Permission API can cause a local server to be started (via a Unix domain socket), even without the `--allow-net` permission. This vulnerability affects one supported release line: **Node.js 26**. | ||||
| CVE-2026-48615 | 1 Nodejs | 1 Nodejs | 2026-06-26 | N/A |
| A flaw in Node.js proxy tunnel error handling could expose proxy credentials in `ERR_PROXY_TUNNEL` error messages. When proxy credentials are embedded in the proxy URL, they may be exposed through error handling paths and captured by logs, diagnostics, or other error consumers. This vulnerability affects all supported release lines: **Node.js 22**, **Node.js 24**, and **Node.js 26**. | ||||
| CVE-2026-57920 | 2026-06-26 | 7.7 High | ||
| Peplink InControl 2 through 2.14.2 before 2026-06-03 allows use of a semicolon to bypass access-control rules for certain /rest/o/{orgId} endpoints. | ||||
| CVE-2026-40702 | 1 Evoke | 1 Evoke Csms | 2026-06-26 | 9.4 Critical |
| WebSocket endpoints lack proper authentication mechanisms, enabling attackers to impersonate charging stations. As a result, attackers can exploit this weakness to gain unauthorized access to sensitive data or perform unauthorized actions. Given that no authentication is required, this can lead to privilege escalation and potentially compromise the security of the entire system. | ||||
| CVE-2026-57521 | 1 Bitwarden | 1 Server | 2026-06-26 | 4.3 Medium |
| Bitwarden Server before 2026.5.0 contains a broken access control vulnerability that allows any authenticated user to access arbitrary organization billing data by supplying an arbitrary organizationId to the PreviewInvoiceController endpoints without membership or authorization checks. Attackers can exploit the missing ManageOrganizationBillingRequirement on the preview invoice endpoints to retrieve Stripe-computed tax totals, subscription status, and billing details derived from any target organization's real customer and subscription data. | ||||
| CVE-2026-7531 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| Use-after-free in PQC hybrid key-share handling. This is an incomplete-fix follow-up to CVE-2026-5460 (released in 5.9.1): a malicious TLS 1.3 server sending a truncated PQC hybrid KeyShare can still trigger the error cleanup path to operate on freed memory. | ||||
| CVE-2026-6731 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| X.509 name constraint bypass via the Subject Common Name when treated as a DNS-type name. A certificate whose Subject CN violates an issuing CA's DNS name constraints could be accepted. | ||||
| CVE-2026-6681 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| The PKCS#7 decode path ignores the caller-supplied output buffer size (outputSz), allowing decoded content to be written past the bounds of the provided buffer. This affects wolfSSL 5.9.0 and earlier and was fixed in the 5.9.1 release. | ||||
| CVE-2026-6679 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| A heap buffer overflow could occur in the DTLS 1.3 ACK serialization path before the connecting peer is authenticated. The buffer overflow was due to an integer truncation when computing the length of the ACK record-number list, causing an undersized buffer to be allocated and then overrun. This affects builds using DTLS 1.3 and wolfSSL version 5.9.0 and earlier. A fix was added to the 5.9.1 release. | ||||
| CVE-2026-6678 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| Integer underflow in wc_PKCS7_DecryptOri when handling crafted Other Recipient Info, leading to incorrect length handling during decryption. | ||||
| CVE-2026-6450 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| A CRL critical extension bypass exists in ParseCRL_Extensions where critical extensions are not properly enforced, allowing a crafted CRL with an unhandled critical extension to be accepted. This only affects builds with CRL support enabled and where a crafted CRL had a trusted signature when parsed. | ||||
| CVE-2026-6412 | 1 Wolfssl | 1 Wolfssl | 2026-06-26 | N/A |
| Certificate policy and RFC 8446 compliance concerns regarding the continued acceptance of SHA-1/MD5 in certificate processing. | ||||
| CVE-2026-12473 | 1 Open Health Imaging Foundation | 1 Dicom Web Viewer Framework | 2026-06-26 | 8.2 High |
| Two data sources (DICOMWebProxy and DICOMJSON) shipped in the default configuration fetch an arbitrary URL parameter without validation. A global authentication service in OHIF automatically injects the authenticated user's OIDC Bearer token into the resulting requests, sending it to the attacker-controlled server. DICOMweb data sources are not impacted. | ||||
| CVE-2026-56445 | 1 Pydicom | 1 Pynetdicom Library | 2026-06-26 | 9.1 Critical |
| The qrscp application's C-STORE handler uses a specific instance from attacker-supplied DICOM datasets directly in os.path.join() without sanitization, allowing file writes to arbitrary paths. | ||||
| CVE-2026-44622 | 1 Evoke | 1 Evoke Csms | 2026-06-26 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||