Export limit exceeded: 45241 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45241 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26240 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 9.1 Critical |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-26241 | 2 Qnap, Qnap Systems | 2 File Station, File Station 5 | 2026-06-12 | 9.1 Critical |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-43494 | 1 Linux | 1 Linux Kernel | 2026-06-12 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: net/rds: reset op_nents when zerocopy page pin fails When iov_iter_get_pages2() fails in rds_message_zcopy_from_user(), the pinned pages are released with put_page(), and rm->data.op_mmp_znotifier is cleared. But we fail to properly clear rm->data.op_nents. Later when rds_message_purge() is called from rds_sendmsg() the cleanup loop iterates over the incorrectly non zero number of op_nents and frees them again. Fix this by properly resetting op_nents when it should be in rds_message_zcopy_from_user(). | ||||
| CVE-2026-25700 | 1 Apache | 1 Answer | 2026-06-12 | 7.2 High |
| Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue. | ||||
| CVE-2026-12026 | 1 Google | 1 Chrome | 2026-06-11 | N/A |
| Out of bounds read in Video in Google Chrome on ChromeOS prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-67862 | 1 Fortinet | 2 Fortios, Fortiproxy | 2026-06-11 | 6 Medium |
| An Internal Asset Exposed to Unsafe Debug Access Level or State vulnerability [CWE-1244] vulnerability in Fortinet FortiOS 7.6.0 through 7.6.2, FortiOS 7.4.0 through 7.4.7, FortiOS 7.2.0 through 7.2.10, FortiOS 7.0.0 through 7.0.16, FortiOS 6.4 all versions, FortiProxy 7.6.0 through 7.6.3, FortiProxy 7.4.0 through 7.4.10, FortiProxy 7.2.0 through 7.2.14, FortiProxy 7.0 all versions may allow an authenticated admin to execute lua scripts via crafted CLI commands. | ||||
| CVE-2026-44490 | 1 Axios | 1 Axios | 2026-06-11 | 4.8 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 0.32.0 and 1.16.0, axios exposes two read-side prototype-pollution gadgets. When Object.prototype is polluted by an upstream dependency in the same process (e.g. lodash _.merge / CVE-2018-16487), axios silently picks up the polluted values. (1) lib/utils.js line 406 builds merge()'s accumulator as result = {}, so result[targetKey] (line 414) walks Object.prototype and the polluted bucket's own keys are copied into the merged headers and ride out on the wire. (2) lib/core/mergeConfig.js line 26 builds the hasOwnProperty descriptor as a plain-object literal. Object.defineProperty reads descriptor.get/descriptor.set via the prototype chain, so a polluted Object.prototype.get or Object.prototype.set makes the call throw TypeError synchronously on every axios request. This vulnerability is fixed in 0.32.0 and 1.16.0. | ||||
| CVE-2025-71263 | 2 At&t Bell Labs, Opengroup | 2 Unix, Unix | 2026-06-11 | 7.4 High |
| In UNIX Fourth Research Edition (v4), the su command is vulnerable to a buffer overflow due to the 'password' variable having a fixed size of 100 bytes. A local user can exploit this to gain root privileges. It is unlikely that UNIX v4 is running anywhere outside of a very small number of lab environments. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-44489 | 1 Axios | 1 Axios | 2026-06-11 | 3.7 Low |
| Axios is a promise based HTTP client for the browser and Node.js. From 1.15.2 to before 1.16.0, nested objects created by utils.merge() (e.g., config.proxy) are still constructed as plain {} with Object.prototype in their chain. The setProxy() function at lib/adapters/http.js:209-223 reads proxy.username, proxy.password, and proxy.auth without hasOwnProperty checks. When Object.prototype.username is polluted, setProxy() constructs a Proxy-Authorization header with attacker-controlled credentials and injects it into every proxied HTTP request. This vulnerability is fixed in 1.16.0. | ||||
| CVE-2026-42916 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7.8 High |
| Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42968 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 5.5 Medium |
| Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42915 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-11 | 5.7 Medium |
| Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network. | ||||
| CVE-2026-42914 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 5.3 Medium |
| Windows Kerberos Denial of Service Vulnerability | ||||
| CVE-2026-47906 | 3 Adobe, Apple, Microsoft | 3 Dreamweaver, Macos, Windows | 2026-06-11 | 8.6 High |
| Dreamweaver Desktop versions 21.7 and earlier are affected by a Dependency on Vulnerable Third-Party Component vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. Scope is changed. | ||||
| CVE-2026-45648 | 1 Microsoft | 3 Windows Server 2022, Windows Server 2025, Windows Server 2025 (server Core Installation) | 2026-06-11 | 8.8 High |
| Stack-based buffer overflow in Active Directory Domain Services allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-42567 | 1 Svelte | 1 Svelte | 2026-06-11 | 7.5 High |
| Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7. | ||||
| CVE-2026-45653 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-11 | 7 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48994 | 1 Imagemagick | 1 Imagemagick | 2026-06-11 | 5.9 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-48 and 7.1.2-24, a missing check of a return value could lead to a heap buffer over-write in the MAT decoder on 32-bit systems. This issue has been patched in versions 6.9.13-48 and 7.1.2-24. | ||||
| CVE-2026-23076 | 1 Linux | 1 Linux Kernel | 2026-06-11 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: ctxfi: Fix potential OOB access in audio mixer handling In the audio mixer handling code of ctxfi driver, the conf field is used as a kind of loop index, and it's referred in the index callbacks (amixer_index() and sum_index()). As spotted recently by fuzzers, the current code causes OOB access at those functions. | UBSAN: array-index-out-of-bounds in /build/reproducible-path/linux-6.17.8/sound/pci/ctxfi/ctamixer.c:347:48 | index 8 is out of range for type 'unsigned char [8]' After the analysis, the cause was found to be the lack of the proper (re-)initialization of conj field. This patch addresses those OOB accesses by adding the proper initializations of the loop indices. | ||||
| CVE-2025-71116 | 1 Linux | 1 Linux Kernel | 2026-06-11 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular encoding version, out-of-bounds reads may ensue because the only bounds check that is there is based on that length value. This patch adds explicit bounds checks for each field that is decoded or skipped. | ||||