Export limit exceeded: 361176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45617 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
| CVE-2024-45615 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | ||||
| CVE-2025-60474 | 1 Gpac | 1 Mp4box | 2026-06-25 | N/A |
| A buffer overflow in the gf_media_import function (/media_tools/av_parsers.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input. | ||||
| CVE-2026-52954 | 1 Linux | 1 Linux Kernel | 2026-06-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain choose_args that get decoded in decode_choose_args(). In this function, num_choose_arg_maps is read from the message, and a corresponding number of crush_choose_arg_maps gets decoded afterwards. Each crush_choose_arg_map has a choose_args_index, which serves as the key when inserting it into the choose_args rbtree of the decoded crush_map. If a (potentially corrupted) message contains two crush_choose_arg_maps with the same index, the assertion in insert_choose_arg_map() triggers a kernel BUG when trying to insert the second crush_choose_arg_map. This patch fixes the issue by switching to the non-asserting rbtree insertion function and rejecting the message if the insertion fails. [ idryomov: changelog ] | ||||
| CVE-2026-13028 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13032 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13027 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13035 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High) | ||||
| CVE-2025-60473 | 1 Gpac | 1 Mp4box | 2026-06-25 | N/A |
| A NULL pointer dereference in the gf_filter_in_parent_chain function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted file. | ||||
| CVE-2026-53072 | 1 Linux | 1 Linux Kernel | 2026-06-25 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER When protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls hci_connect_cfm(conn) without hdev->lock. Generally hci_connect_cfm() assumes it is held, and if conn is deleted concurrently -> UAF. Only SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen, and HCI_EV_CONN_REQUEST is not generated for ISO. In the non-deferred listening socket code paths, hci_connect_cfm(conn) is called with hdev->lock held. Fix by holding the lock. | ||||
| CVE-2026-48793 | 1 Jellyfin | 1 Jellyfin | 2026-06-25 | 8.8 High |
| Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal (SubtitleEncoder.cs, line 382) interpolates the subtitle file path into FFmpeg command-line arguments without calling EncodingUtils.NormalizePath(). On Linux, filenames can contain double-quote characters, which break the argument quoting and allow injection of arbitrary FFmpeg arguments. The vulnerability is reachable without authentication via SubtitleController.GetSubtitle, which has no [Authorize] attribute. An attacker who can place a file in a Jellyfin media library directory (shared NAS, Samba share, guest upload) can achieve arbitrary file write on the server and information disclosure. This vulnerability is fixed in 10.11.10. | ||||
| CVE-2026-13021 | 1 Google | 1 Chrome | 2026-06-25 | 4.3 Medium |
| Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13029 | 1 Google | 1 Chrome | 2026-06-25 | 7.5 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-13034 | 1 Google | 1 Chrome | 2026-06-25 | 4.7 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-47733 | 1 Rocketchat | 1 Rocket.chat | 2026-06-25 | 4.4 Medium |
| Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a href> and <img src> attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses sanitizeUrl to block javascript:, data:, and vbscript: protocols — ImageElement passes the raw URL through unchanged. An authenticated user can post a markdown image with a javascript: URL that, if clicked on an older browser, would execute arbitrary JavaScript in the viewer's session. This vulnerability is fixed in 8.5.0. | ||||
| CVE-2026-33543 | 1 Fossbilling | 1 Fossbilling | 2026-06-25 | N/A |
| FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0. | ||||
| CVE-2025-60466 | 1 Gpac | 1 Mp4box | 2026-06-25 | N/A |
| A use-after-free in the gf_filter_pid_get_packet function (/filter_core/filter_pid.c) of GPAC Project/MP4Box before 26.02.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted media file. | ||||
| CVE-2025-60468 | 1 Gpac | 1 Mp4box | 2026-06-25 | N/A |
| GPAC Multimedia Open Source Project GPAC Project/MP4Box 2.5-DEV-rev1593-gfe88c3545-master is affected by: Buffer Overflow. The impact is: cause a denial of service (local). The component is: filter_core/filter_pid.c (L:574-580): function gf_filter_pid_inst_swap_delete_task() improperly accesses freed objects during PID instance swap/delete cleanup, leading to heap use-after-free. The attack vector is: Local (AV:L): a local, authenticated user who processes a specially crafted MPEG-2 TS/MP4 file with MP4Box can trigger the bug during filter teardown (PID instance swap/delete), causing a crash. ¶¶ In GPAC s MP4Box, gf_filter_pid_inst_swap_delete_task() in filter_core/filter_pid.c may dereference objects after they have been freed when cleaning up PID instances after a swap/delete operation. Crafted inputs (e.g., malformed MPEG-2 TS) can trigger a heap use-after-free and crash; exploitation may be possible. | ||||
| CVE-2026-48789 | 1 Mintplexlabs | 1 Anything-llm | 2026-06-25 | 4.3 Medium |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject Windows-style parent paths returned by path.relative(), such as "..". This vulnerability is fixed in 1.13.0. | ||||
| CVE-2026-44016 | 1 Docling-project | 1 Docling | 2026-06-25 | 8.2 High |
| Docling simplifies document processing by parsing diverse formats and providing integrations with the generative AI ecosystem. FIn versions >= 2.82.0, < 2.91.0, if the HTML backend was explicitly configured for rendering (rendering option by default deactivated), then the Playwright-based rendering feature could allow JavaScript execution and unrestricted network access when processing untrusted HTML documents. An attacker could craft malicious HTML that executes arbitrary JavaScript in the rendering context or makes unauthorized network requests to internal services, potentially leading to SSRF attacks, data exfiltration, or remote code execution in the rendering environment. This vulnerability is fixed in 2.91.0. | ||||