Export limit exceeded: 351558 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351558 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47315 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47316 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47317 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47312 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-26462 | 1 Sourceforge | 1 Offline Hospital Management System | 2026-05-19 | N/A |
| Offline Hospital Management System 5.3.0 allows remote code execution due to an improper Electron renderer configuration. The application enables Node.js integration while disabling context isolation, allowing JavaScript executed in the renderer process to access Node.js APIs and execute arbitrary operating system commands. | ||||
| CVE-2026-39079 | 1 Prestashop | 1 Upsshipping | 2026-05-19 | 7.5 High |
| An issue in prestashop upsshipping all versions through at least 2.4.0 allows a remote attacker to obtain sensitive information via the /modules/upsshipping/logs/, and /modules/upsshipping/lib/UPSBaseApi.php components | ||||
| CVE-2025-57282 | 1 Ngrok | 1 Ngrok | 2026-05-19 | 8.8 High |
| ngrok v4.3.3 and 5.0.0-beta.2 is vulnerable to Command Injection. | ||||
| CVE-2026-36438 | 1 Intelbras | 1 Vip-1230-d-g4 | 2026-05-19 | 5.3 Medium |
| An issue in Intelbras VIP-1230-D-G4 Version V2.800.00IB00C.0.T allows a remote attacker to obtain sensitive information via password reset functionality under /OutsideCmd | ||||
| CVE-2026-38719 | 1 Eipstackgroup | 1 Opener | 2026-05-19 | 6.2 Medium |
| OpENer v2.3-558-g1e99582 contains an out-of-bounds read vulnerability in the Common Packet Format (CPF) parser, specifically in CreateCommonPacketFormatStructure() in source/src/enet_encap/cpf.c. A crafted ENIP/CPF message can supply an attacker-controlled item_count value that is not consistently validated against the remaining data_length of the CPF slice | ||||
| CVE-2026-41085 | 1 Thermofisher | 1 Torrent Suite | 2026-05-19 | 8.8 High |
| Thermo Fisher Scientific Torrent Suite Dx through 5.14.2 has a privilege escalation vulnerability that may allow an authenticated user with limited access privileges to gain unauthorized administrator-level privileges through exploitation of specific system interfaces. | ||||
| CVE-2023-24215 | 1 Novus | 1 Airgate 4g Firmware | 2026-05-19 | N/A |
| Incorrect access control in the /uci/get/ endpoint of NOVUS AirGate 4G firmware v1.1.16 allows unauthenticated attackers to obtain administrator credentials via a crafted POST request. | ||||
| CVE-2026-41119 | 1 Dell | 1 Live Optics | 2026-05-19 | 6.8 Medium |
| Dell Live Optics Windows and Personal Edition collectors contain an improper certificate validation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability leading to loss of confidentiality and integrity. | ||||
| CVE-2026-4320 | 1 Creartia Internet Consulting | 1 Icms Content Management | 2026-05-19 | N/A |
| Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for credentials. | ||||
| CVE-2026-42009 | 1 Redhat | 5 Enterprise Linux, Hardened Images, Hummingbird and 2 more | 2026-05-19 | 7.5 High |
| A flaw was found in gnutls. A remote attacker could exploit an issue in the Datagram Transport Layer Security (DTLS) packet reordering logic. The comparator function, responsible for ordering DTLS packets by sequence numbers, did not correctly handle packets with duplicate sequence numbers. This could lead to unstable packet ordering or undefined behavior, resulting in a denial of service. | ||||
| CVE-2026-20685 | 1 Apple | 1 Private Cloud Compute Server Software | 2026-05-19 | 6.5 Medium |
| An attacker in a privileged network position may be able to leak sensitive information. A path handling issue was addressed with improved validation. This issue is fixed in PCC Release 5E290.3. | ||||
| CVE-2026-8843 | 1 Mongodb | 2 Mongodb, Mongodb Server | 2026-05-19 | 6.5 Medium |
| Creating a "2dsphere_bucket" index on a non-timeseries bucket collection will succeed, but any subsequent attempt to insert a document which triggers updating that index will crash the server. A similar issue occurs when creating "queryable_encrypted_range" indices. This issue affects MongoDB Server v7.0 versions prior to 7.0.32, v8.0 versions prior to 8.0.21 and v8.2 versions prior to 8.2.6 | ||||
| CVE-2026-45829 | 1 Chroma | 1 Chromadb | 2026-05-19 | 10.0 Critical |
| A pre-authentication, code injection vulnerability in version 1.0.0 or later of the ChromaDB Python project allows an unauthenticated attacker to run arbitrary code on the server by sending a malicious model repository and trust_remote_code set to true in the /api/v2/tenants/{tenant}/databases/{db}/collections endpoint. | ||||
| CVE-2026-32849 | 1 Netbsd | 1 Src | 2026-05-19 | 5.5 Medium |
| NetBSD prior to commit ec8451e contains a signed integer overflow vulnerability in the cryptodev_op() function in sys/opencrypto/cryptodev.c where the local variable iov_len is declared as a signed int but assigned from an unsigned cop->dst_len value, causing undefined behavior when cop->dst_len exceeds INT_MAX. A local attacker with access to /dev/crypto and a compression session type can exploit this vulnerability by providing a dst_len value exceeding INT_MAX to trigger a kernel panic through NULL pointer dereference when CONFIG_SVS is disabled and corrupted UIO pointer arithmetic. | ||||
| CVE-2026-32848 | 1 Netbsd | 1 Src | 2026-05-19 | 4.7 Medium |
| NetBSD prior to commit ec8451e contains a race condition vulnerability in cryptodev_op() within the opencrypto subsystem that allows local attackers to trigger a double-free condition by concurrently issuing CIOCCRYPT operations on the same session identifier on SMP systems. Attackers can exploit mutable per-operation state embedded in the csession struct to corrupt kernel heap memory. | ||||
| CVE-2026-45230 | 1 Dumbwareio | 1 Dumbassets | 2026-05-19 | 9.1 Critical |
| DumbAssets through 1.0.11 contains a path traversal vulnerability in the POST /api/delete-file endpoint and filesToDelete array parameters that allows unauthenticated attackers to delete arbitrary files by supplying ../ sequences that bypass directory boundary validation. Attackers can exploit the optional and disabled-by-default authentication control to traverse outside the intended application directory and delete critical files such as server.js or package.json, causing complete denial of service. | ||||