Export limit exceeded: 361516 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361516 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-4056 | 3 Gnome, Microsoft, Redhat | 4 Glib, Windows, Enterprise Linux and 1 more | 2026-06-25 | 7.5 High |
| A flaw was found in GLib. A denial of service on Windows platforms may occur if an application attempts to spawn a program using long command lines. | ||||
| CVE-2026-55611 | 1 Mintplexlabs | 1 Anything-llm | 2026-06-25 | 0 Low |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with no ownership check, inside two finally{} blocks that run even when the ownership-checked read fails. As a result a manager or admin (multi-user mode) can delete any other user's parsed file in any workspace — including workspaces they are not a member of — by enumerating integer fileIds. The server even returns "File not found" while still deleting the file. This vulnerability is fixed in 1.14.1. | ||||
| CVE-2024-45620 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in the pkcs15-init tool in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | ||||
| CVE-2024-45619 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 4.3 Medium |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. When buffers are partially filled with data, initialized parts of the buffer can be incorrectly accessed. | ||||
| CVE-2024-45618 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in pkcs15-init in OpenSC. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
| CVE-2024-45616 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. The following problems were caused by insufficient control of the response APDU buffer and its length when communicating with the card. | ||||
| CVE-2024-45617 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. An attacker could use a crafted USB Device or Smart Card, which would present the system with a specially crafted response to APDUs. Insufficient or missing checking of return values of functions leads to unexpected work with variables that have not been initialized. | ||||
| CVE-2024-45615 | 2 Opensc Project, Redhat | 3 Opensc, Enterprise Linux, Rhivos | 2026-06-25 | 3.9 Low |
| A vulnerability was found in OpenSC, OpenSC tools, PKCS#11 module, minidriver, and CTK. The problem is missing initialization of variables expected to be initialized (as arguments to other functions, etc.). | ||||
| CVE-2026-52954 | 1 Linux | 1 Linux Kernel | 2026-06-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: libceph: handle rbtree insertion error in decode_choose_args() A message of type CEPH_MSG_OSD_MAP contains an OSD map that itself contains a CRUSH map. The received CRUSH map may optionally contain choose_args that get decoded in decode_choose_args(). In this function, num_choose_arg_maps is read from the message, and a corresponding number of crush_choose_arg_maps gets decoded afterwards. Each crush_choose_arg_map has a choose_args_index, which serves as the key when inserting it into the choose_args rbtree of the decoded crush_map. If a (potentially corrupted) message contains two crush_choose_arg_maps with the same index, the assertion in insert_choose_arg_map() triggers a kernel BUG when trying to insert the second crush_choose_arg_map. This patch fixes the issue by switching to the non-asserting rbtree insertion function and rejecting the message if the insertion fails. [ idryomov: changelog ] | ||||
| CVE-2026-13028 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13032 | 1 Google | 1 Chrome | 2026-06-25 | 9.6 Critical |
| Use after free in WebGL in Google Chrome on Android prior to 149.0.7827.197 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-13027 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in FileSystem in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13035 | 1 Google | 1 Chrome | 2026-06-25 | 8.8 High |
| Use after free in Bluetooth in Google Chrome on Mac prior to 149.0.7827.197 allowed a remote attacker to execute arbitrary code via a malicious peripheral. (Chromium security severity: High) | ||||
| CVE-2026-53072 | 1 Linux | 1 Linux Kernel | 2026-06-25 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix locking in hci_conn_request_evt() with HCI_PROTO_DEFER When protocol sets HCI_PROTO_DEFER, hci_conn_request_evt() calls hci_connect_cfm(conn) without hdev->lock. Generally hci_connect_cfm() assumes it is held, and if conn is deleted concurrently -> UAF. Only SCO and ISO set HCI_PROTO_DEFER and only for defer setup listen, and HCI_EV_CONN_REQUEST is not generated for ISO. In the non-deferred listening socket code paths, hci_connect_cfm(conn) is called with hdev->lock held. Fix by holding the lock. | ||||
| CVE-2026-48793 | 1 Jellyfin | 1 Jellyfin | 2026-06-25 | 8.8 High |
| Jellyfin is an open source self hosted media server. Prior to 10.11.10, a potential FFmpeg argument injection vulnerability exists in the subtitle conversion code path. SubtitleEncoder.ConvertTextSubtitleToSrtInternal (SubtitleEncoder.cs, line 382) interpolates the subtitle file path into FFmpeg command-line arguments without calling EncodingUtils.NormalizePath(). On Linux, filenames can contain double-quote characters, which break the argument quoting and allow injection of arbitrary FFmpeg arguments. The vulnerability is reachable without authentication via SubtitleController.GetSubtitle, which has no [Authorize] attribute. An attacker who can place a file in a Jellyfin media library directory (shared NAS, Samba share, guest upload) can achieve arbitrary file write on the server and information disclosure. This vulnerability is fixed in 10.11.10. | ||||
| CVE-2026-13021 | 1 Google | 1 Chrome | 2026-06-25 | 4.3 Medium |
| Inappropriate implementation in DeviceBoundSessionCredentials in Google Chrome prior to 149.0.7827.197 allowed a remote attacker to bypass same origin policy via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-13029 | 1 Google | 1 Chrome | 2026-06-25 | 7.5 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.197 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-13034 | 1 Google | 1 Chrome | 2026-06-25 | 4.7 Medium |
| Inappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.197 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-47733 | 1 Rocketchat | 1 Rocket.chat | 2026-06-25 | 4.4 Medium |
| Rocket.Chat is an open-source, secure, fully customizable communications platform. Prior to 8.5.0, the ImageElement component in packages/gazzodown renders user-controlled src values directly into <a href> and <img src> attributes without protocol sanitization. Unlike the analogous LinkSpan component — which uses sanitizeUrl to block javascript:, data:, and vbscript: protocols — ImageElement passes the raw URL through unchanged. An authenticated user can post a markdown image with a javascript: URL that, if clicked on an older browser, would execute arbitrary JavaScript in the viewer's session. This vulnerability is fixed in 8.5.0. | ||||
| CVE-2026-33543 | 1 Fossbilling | 1 Fossbilling | 2026-06-25 | N/A |
| FOSSBilling is a free, open-source billing and client management system. Versions 0.7.2 and prior expose a guest API endpoint, /api/guest/staff/create, intended for initial administrator bootstrap. Due to a flawed admin-existence check, the endpoint remains usable after an administrator already exists. The flawed guard check uses is_countable() on a value that returns a Model_Admin object or null rather than a countable type, causing the expression to always evaluate as true and bypass the intended protection. As a result, an attacker can reach the unprotected endpoint to create a new administrator account and immediately authenticate, gaining a fully privileged admin session even when an admin already exists. This issue has been fixed in version 0.8.0. | ||||