Export limit exceeded: 351621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351621 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20685 | 1 Apple | 1 Private Cloud Compute Server Software | 2026-05-19 | 6.5 Medium |
| An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | ||||
| CVE-2026-32849 | 1 Netbsd | 1 Src | 2026-05-19 | 5.5 Medium |
| NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior when cop->dst_len exceeds INT_MAX. A local attacker with access to /dev/crypto and a compression session type can exploit this vulnerability by providing a dst_len value exceeding INT_MAX to trigger a kernel panic through NULL pointer dereference when CONFIG_SVS is disabled and corrupted UIO pointer arithmetic. | ||||
| CVE-2026-45230 | 1 Dumbwareio | 1 Dumbassets | 2026-05-19 | 9.1 Critical |
| DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit the optional and disabled-by-default authentication control to traverse outside the intended application directory and delete critical files such as server.js or package.json, causing complete denial of service. | ||||
| CVE-2026-8836 | 2 Lwip-tcpip, N | 2 Lwip, Lwip | 2026-05-19 | 9.8 Critical |
| A vulnerability was found in lwIP up to 2.2.1. Affected is the function snmp_parse_inbound_frame of the file src/apps/snmp/snmp_msg.c of the component snmpv3 USM Handler. Performing a manipulation of the argument msgAuthenticationParameters results in stack-based buffer overflow. The attack may be initiated remotely. The patch is named 0c957ec03054eb6c8205e9c9d1d05d90ada3898c. It is suggested to install a patch to address this issue. | ||||
| CVE-2026-47091 | 1 Jarrodwatts | 1 Claude-hud | 2026-05-19 | 3.3 Low |
| Claude HUD through 0.0.12, patched in commit 234d9aa, contains a path traversal vulnerability that allows attackers to read arbitrary files by supplying an unvalidated transcript_path value via stdin JSON. Attackers can access any file readable by the process and the file metadata is written to a persistent cache file with insufficient permissions, creating a forensic record of accessed paths that survives process exit. | ||||
| CVE-2026-47092 | 1 Jarrodwatts | 1 Claude-hud | 2026-05-19 | 7.8 High |
| Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version check, causing execFile() to execute the attacker-supplied executable with cmd.exe arguments, resulting in arbitrary code execution on Windows systems. | ||||
| CVE-2025-65954 | 1 Simplesamlphp | 1 Simplesamlphp-module-casserver | 2026-05-19 | N/A |
| SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0. | ||||
| CVE-2026-8814 | 1 Mattiasw | 1 Exifreader | 2026-05-19 | 5.3 Medium |
| Versions of the package exifreader before 4.39.0 are vulnerable to Improper Handling of Highly Compressed Data (Data Amplification) due to decompressing PNG zTXt metadata without enforcing a built-in maximum decompressed output size. When asynchronous parsing is enabled, a crafted PNG file containing a highly compressed zTXt chunk can cause ExifReader to materialize a disproportionately large Comment value in memory. | ||||
| CVE-2025-15609 | 2 Fortispay, Wordpress | 2 Fortis For Woocommerce, Wordpress | 2026-05-19 | N/A |
| The Fortis for WooCommerce WordPress plugin before 1.3.1 may leak sensitive API keys to unauthenticated attackers, allowing them to query Fortis' API and retrieve sensitive customer information, like past orders, PII, etc. | ||||
| CVE-2026-6902 | 1 Perforce | 1 Helix Core | 2026-05-19 | N/A |
| A vulnerability in Command-Line Client in P4 Server prior to the 2025.2 Patch 2, identified as CVE-2026-6902, has been fixed in P4 Server to address potential security risks. | ||||
| CVE-2026-21789 | 1 Hcltech | 1 Connections | 2026-05-19 | 4.6 Medium |
| HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios. | ||||
| CVE-2026-22810 | 1 Laurent 22 | 1 Joplin | 2026-05-19 | 8.2 High |
| Joplin is an open source note-taking and to-do application that organises notes and lists into notebooks. Versions prior to 3.5.7 contain a path traversal vulnerability in the importer which allows overwriting arbitrary files on disk. The OneNote converter does not sanitize the names of embedded files before writing them to disk. As a result, it's possible for an attacker to create a malicious .one file that includes file names containing ../../, that are then interpreted as part of the target path when extracting attachments from the .one file. This issue has been patched in version 3.5.7. | ||||
| CVE-2026-32323 | 1 Mullvad | 1 Mullvad Vpn | 2026-05-19 | 7.3 High |
| Mullvad VPN is a VPN client app for desktop and mobile. When using macOS with versions 2026.1 and below, Mullvad VPN may allow local privilege escalation during installation or upgrade. The installer package executes binaries from /Applications/Mullvad VPN.app without verifying if the bundle is attacker-controlled or that the path is the legitimate Mullvad application. A user in the admin group can pre-place a crafted application bundle at that location and may be able to achieve code execution as root. Since the issue only affected the installer, there is no immediate need for users to update if they are already running an older version. This issue has been fixed in version 2026.2-beta1. | ||||
| CVE-2026-7163 | 1 Redhat | 2 Multicluster Engine, Multicluster Engine For Kubernetes | 2026-05-19 | 6.1 Medium |
| A vulnerability in the assisted-service REST API, an optional Assisted Installer (assisted-service) component in the Multicluster Engine (MCE), allows an authenticated user with minimal namespace-scoped privileges to obtain administrative credentials for arbitrary clusters provisioned through the hub. The credentials download endpoint (GET /v2/clusters/{cluster_id}/credentials, which returns the kubeadmin password) and the kubeconfig download endpoint are operational in AUTH_TYPE=local mode, the only authentication mode available in on-premises ACM/MCE hub deployments. The local authenticator unconditionally grants full administrative access to any request bearing a valid JWT, with no per-endpoint restrictions. A valid local JWT is embedded as a plaintext query parameter in InfraEnvStatus.ISODownloadURL and is readable by any user who has get rights on an InfraEnv object in their own namespace. The affected components ship as part of Multicluster Engine (MCE). The Red Hat Advanced Cluster Management (ACM) deployments that include MCE are equally affected. This issue does not affect the hosted SaaS offering (console.redhat.com), which uses a different authentication mode. Successful exploitation gives the attacker the kubeadmin password and kubeconfig for any OpenShift cluster provisioned through the affected hub, granting unrestricted root-level administrative access to those spoke clusters. | ||||
| CVE-2025-13601 | 2 Gnome, Redhat | 41 Glib, Ceph Storage, Codeready Linux Builder and 38 more | 2026-05-19 | 7.7 High |
| A heap-based buffer overflow problem was found in glib through an incorrect calculation of buffer size in the g_escape_uri_string() function. If the string to escape contains a very large number of unacceptable characters (which would need escaping), the calculation of the length of the escaped string could overflow, leading to a potential write off the end of the newly allocated string. | ||||
| CVE-2026-44408 | 2026-05-19 | 6.3 Medium | ||
| There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface. | ||||
| CVE-2026-41525 | 1 Kde | 1 Dolphin | 2026-05-19 | 6.5 Medium |
| KDE Dolphin before 25.12.3 allows applications in a Flatpak (or with AppArmor confinement) to open folders outside of the application sandbox without additional scrutiny. Dolphin's implementation of the FileManager1 protocol allows the path given to be any type of file, including scripts or executables. (By default, Dolphin will then prompt the user to determine if they want to launch a script or executable; however, the intended behavior is to block the attempted action, not present a consent prompt.) | ||||
| CVE-2026-24792 | 1 Openharmony | 1 Openharmony | 2026-05-19 | 8.1 High |
| in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps. | ||||
| CVE-2026-28751 | 1 Openharmony | 1 Openharmony | 2026-05-19 | 3.3 Low |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | ||||
| CVE-2026-25781 | 1 Openharmony | 1 Openharmony | 2026-05-19 | 8.4 High |
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS and it cannot be recovered. | ||||