Export limit exceeded: 351827 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351827 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8391 | 1 Mozilla | 1 Firefox | 2026-05-19 | 5.3 Medium |
| Other issue in the JavaScript Engine component. This vulnerability was fixed in Firefox 150.0.3, Firefox ESR 115.36, Firefox ESR 140.11, and Thunderbird 140.11. | ||||
| CVE-2026-32134 | 1 Nanomq | 1 Nanomq | 2026-05-19 | 5.9 Medium |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for clean_start=0 clients. The transport's p_peer callback (tcptran_pipe_peer()) iterates cpipe->subinfol while copying session metadata from the cached old pipe to the new reconnecting pipe, without checking whether the pointer is NULL. Under a reconnect race, cpipe->subinfol can be freed and set to NULL before session restore invokes this function, resulting in a remote unauthenticated Denial-of-Service (process crash) condition. This issue has been fixed in version 0.24.11. | ||||
| CVE-2026-23557 | 1 Xen | 1 Xen | 2026-05-19 | 6.5 Medium |
| Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen. | ||||
| CVE-2026-23558 | 1 Xen | 1 Xen | 2026-05-19 | 7.8 High |
| The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may then be freed while mappings of them would still be inserted into the guest's secondary (P2M) page tables. | ||||
| CVE-2026-8946 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | 7.5 High |
| Incorrect boundary conditions in the Audio/Video: Web Codecs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8947 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | 7.3 High |
| Use-after-free in the DOM: Bindings (WebIDL) component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-8953 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | 9.6 Critical |
| Sandbox escape due to use-after-free in the Disability Access APIs component. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2026-29963 | 1 Hsclabs | 1 Mailinspector | 2026-05-19 | 7.5 High |
| HSC MailInspector 5.3.3-7 has a Path Traversal vulnerability due to improper validation of user-supplied input in the /tap/dw.php endpoint. The text parameter is used to construct file paths without adequate normalization or restriction to a safe base directory. A remote attacker can exploit this flaw to access arbitrary files on the underlying operating system, resulting in unauthorized disclosure of sensitive information. | ||||
| CVE-2026-8966 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Information disclosure in the IP Protection component. This vulnerability was fixed in Firefox 151 and Thunderbird 151. | ||||
| CVE-2026-8954 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-19 | 7.5 High |
| Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151, Firefox ESR 140.11, Thunderbird 151, and Thunderbird 140.11. | ||||
| CVE-2022-26934 | 1 Microsoft | 28 365 Apps, Office, Office Long Term Servicing Channel and 25 more | 2026-05-19 | 6.5 Medium |
| Windows Graphics Component Information Disclosure Vulnerability | ||||
| CVE-2022-24509 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2026-42832 | 1 Microsoft | 8 Excel, Excel For Android, Office and 5 more | 2026-05-19 | 7.7 High |
| Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2021-42295 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 5.5 Medium |
| Visual Basic for Applications Information Disclosure Vulnerability | ||||
| CVE-2021-42296 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Word Remote Code Execution Vulnerability | ||||
| CVE-2022-21840 | 1 Microsoft | 10 365 Apps, Excel, Office and 7 more | 2026-05-19 | 8.8 High |
| Microsoft Office Remote Code Execution Vulnerability | ||||
| CVE-2022-21841 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2022-24461 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2022-24473 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Excel Remote Code Execution Vulnerability | ||||
| CVE-2022-24510 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2026-05-19 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||