Export limit exceeded: 10666 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45519 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53732 | 1 Microsoft | 2 365 Copilot, Office | 2026-05-22 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2024-38250 | 1 Microsoft | 26 365 Copilot, Office, Office Long Term Servicing Channel and 23 more | 2026-05-22 | 7.8 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2025-49697 | 1 Microsoft | 11 365 Apps, 365 Copilot, Office and 8 more | 2026-05-22 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-26134 | 1 Microsoft | 2 365 Copilot, Office | 2026-05-22 | 7.8 High |
| Integer overflow or wraparound in Microsoft Office allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-25180 | 1 Microsoft | 33 365 Copilot, Office, Office For Android and 30 more | 2026-05-22 | 5.5 Medium |
| Out-of-bounds read in Microsoft Graphics Component allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2025-47162 | 1 Microsoft | 10 365 Apps, 365 Copilot, Office and 7 more | 2026-05-22 | 8.4 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-49696 | 1 Microsoft | 10 365 Apps, 365 Copilot, Office and 7 more | 2026-05-22 | 8.4 High |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-30388 | 1 Microsoft | 29 365 Copilot, Office, Office Long Term Servicing Channel and 26 more | 2026-05-22 | 7.8 High |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-23246 | 1 Linux | 1 Linux Kernel | 2026-05-22 | 8.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: bounds-check link_id in ieee80211_ml_reconfiguration link_id is taken from the ML Reconfiguration element (control & 0x000f), so it can be 0..15. link_removal_timeout[] has IEEE80211_MLD_MAX_NUM_LINKS (15) elements, so index 15 is out-of-bounds. Skip subelements with link_id >= IEEE80211_MLD_MAX_NUM_LINKS to avoid a stack out-of-bounds write. | ||||
| CVE-2015-8325 | 4 Canonical, Debian, Openbsd and 1 more | 6 Ubuntu Core, Ubuntu Linux, Ubuntu Touch and 3 more | 2026-05-22 | 7.8 High |
| The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as demonstrated by an LD_PRELOAD environment variable. | ||||
| CVE-2026-40170 | 2 Ngtcp2, Tatsuhiro-t | 2 Ngtcp2, Ngtcp2 | 2026-05-22 | 7.5 High |
| ngtcp2 is a C implementation of the IETF QUIC protocol. In versions prior to 1.22.1, ngtcp2_qlog_parameters_set_transport_params() serializes peer transport parameters into a fixed 1024-byte stack buffer without bounds checking. When qlog is enabled, a remote peer can send sufficiently large transport parameters during the QUIC handshake to cause writes beyond the buffer boundary, resulting in a stack buffer overflow. This affects deployments that enable the qlog callback and process untrusted peer transport parameters. This issue has been fixed in version 1.22.1. If developers are unable to immediately upgrade, they can disable the qlog on client. | ||||
| CVE-2026-36189 | 1 Uncrustify | 1 Uncrustify | 2026-05-22 | 6.2 Medium |
| Buffer Overflow vulnerability in Uncrustify Project Affected v.Uncrustify_d-0.82.0-132-bcc41cbdc and Fixed in commit 68e67b9a1435a1bb173b106fedb4a4f510972bdc allows a local attacker to cause a denial of service via the check_template.cpp, check_template function, tokenize_cleanup function, uncrustify executable components | ||||
| CVE-2023-2882 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 9.8 Critical |
| Generation of Incorrect Security Tokens vulnerability in CBOT Chatbot allows Token Impersonation, Privilege Abuse. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2023-2886 | 1 Cbot | 2 Cbot Core, Cbot Panel | 2026-05-22 | 4.3 Medium |
| Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7. | ||||
| CVE-2026-45250 | 1 Freebsd | 1 Freebsd | 2026-05-22 | 7.8 High |
| The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system. | ||||
| CVE-2023-3374 | 1 Bookreen | 1 Bookreen | 2026-05-22 | 9.8 Critical |
| Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0. | ||||
| CVE-2026-23280 | 1 Linux | 1 Linux Kernel | 2026-05-22 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Prevent ubuf size overflow The ubuf size calculation may overflow, resulting in an undersized allocation and possible memory corruption. Use check_add_overflow() helpers to validate the size calculation before allocation. | ||||
| CVE-2026-45803 | 2 Cli, Github | 2 Cli, Cli | 2026-05-21 | 3.5 Low |
| `gh` is GitHub’s official command line tool. From 1.6.0 to before 2.92.0, a security vulnerability has been identified in GitHub CLI that could allow terminal escape sequence injection when users view GitHub Actions workflow logs using gh run view --log or gh run view --log-failed. The vulnerability stems from the way GitHub CLI handles raw Actions log output. The gh run view --log and gh run view --log-failed commands stream workflow log lines to stdout or the configured pager without sanitizing terminal control sequences. An attacker who can influence GitHub Actions log content, for example via a PR triggered workflow, can embed escape sequences that are replayed in the user's terminal when they inspect the run. Depending on the victim's terminal emulator, injected sequences could change the window title, manipulate on screen content, or in some terminal emulators (such as screen) potentially execute arbitrary commands. This vulnerability is fixed in 2.92.0. | ||||
| CVE-2026-8631 | 2 Hp, Hp Inc | 2 Linux Imaging And Printing, Hp Linux Imaging And Printing Software | 2026-05-21 | 9.8 Critical |
| A potential security vulnerability has been identified in the HP Linux Imaging and Printing Software. This potential vulnerability may allow escalation of privileges and/or arbitrary code execution via an integer overflow in the hpcups processing path when handling crafted print data. | ||||
| CVE-2026-45232 | 2 Rsync Project, Samba | 2 Rsync, Rsync | 2026-05-21 | 3.1 Low |
| Rsync versions before 3.4.3 contain an off-by-one out-of-bounds stack write vulnerability in the establish_proxy_connection() function in socket.c that allows network attackers to corrupt stack memory by sending a malformed HTTP proxy response. Attackers can exploit this by positioning themselves between the client and proxy or controlling the proxy server to send a response line of 1023 or more bytes without a newline terminator, causing a null byte to be written to an out-of-bounds stack address when the RSYNC_PROXY environment variable is set. | ||||