Export limit exceeded: 351640 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351640 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-8547 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-19 | 7.5 High |
| Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0541 | 2 Axis, Axis Communications Ab | 2 Axis Os, Axis Os | 2026-05-19 | 6.7 Medium |
| ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if an attacker convinces the victim to install a malicious ACAP application. | ||||
| CVE-2026-37281 | 2026-05-19 | N/A | ||
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2026-35092 | 2 Corosync, Redhat | 10 Corosync, Enterprise Linux, Enterprise Linux Eus and 7 more | 2026-05-19 | 7.5 High |
| A flaw was found in Corosync. An integer overflow vulnerability in Corosync's join message sanity validation allows a remote, unauthenticated attacker to send crafted User Datagram Protocol (UDP) packets. This can cause the service to crash, leading to a denial of service. This vulnerability specifically affects Corosync deployments configured to use totemudp/totemudpu mode. | ||||
| CVE-2026-35091 | 2 Corosync, Redhat | 10 Corosync, Enterprise Linux, Enterprise Linux Eus and 7 more | 2026-05-19 | 8.2 High |
| A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents | ||||
| CVE-2025-61664 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-05-19 | 4.9 Medium |
| A vulnerability in the GRUB2 bootloader has been identified in the normal module. This flaw, a memory Use After Free issue, occurs because the normal_exit command is not properly unregistered when its related module is unloaded. An attacker can exploit this condition by invoking the command after the module has been removed, causing the system to improperly access a previously freed memory location. This leads to a system crash or possible impacts in data confidentiality and integrity. | ||||
| CVE-2025-54771 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-05-19 | 4.9 Medium |
| A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | ||||
| CVE-2025-54770 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-05-19 | 4.9 Medium |
| A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability | ||||
| CVE-2026-45495 | 1 Microsoft | 1 Edge Chromium | 2026-05-19 | 8.8 High |
| Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | ||||
| CVE-2026-8954 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.5 High |
| Incorrect boundary conditions, integer overflow in the Audio/Video component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8958 | 1 Mozilla | 1 Firefox | 2026-05-19 | 8.6 High |
| Information disclosure, sandbox escape in the Security: Process Sandboxing component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8961 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Spoofing issue in the Form Autofill component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8964 | 2026-05-19 | 7.5 High | ||
| Spoofing issue in the Popup Blocker component. This vulnerability was fixed in Firefox 151. | ||||
| CVE-2026-8970 | 1 Mozilla | 1 Firefox | 2026-05-19 | 7.3 High |
| Privilege escalation in the Security component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||
| CVE-2026-8975 | 1 Mozilla | 1 Firefox | 2026-05-19 | N/A |
| Memory safety bugs present in Firefox ESR 115.35, Firefox ESR 140.10 and Firefox 150. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 151, Firefox ESR 115.36, and Firefox ESR 140.11. | ||||
| CVE-2026-43634 | 1 Hestiacp | 1 Hestiacp | 2026-05-19 | 7.5 High |
| HestiaCP versions 1.2.0 through 1.9.4 contain an IP spoofing vulnerability that allows unauthenticated remote attackers to bypass authentication security controls by supplying an arbitrary IP address in the CF-Connecting-IP HTTP header without verifying the request originated from Cloudflare's network. Attackers can exploit this to circumvent fail2ban brute-force protection, bypass per-user IP allowlists, and poison authentication audit logs by spoofing trusted IP addresses on each request. | ||||
| CVE-2026-2587 | 1 Eclipse | 1 Glassfish | 2026-05-19 | 9.6 Critical |
| A critical Remote Code Execution (RCE) vulnerability was identified in the server-side template rendering mechanism used by the Glassfish gadget handler. The application processes .xml files and evaluates user-supplied values within a context where Expression Language (EL) “expressions” are processed without proper sanitization or escaping. By injecting expressions such as #{7*7}, the server returns 49, confirming server-side EL evaluation. This issue allows a remote attacker to fully compromise the underlying host, enabling capabilities as reading/modifying data, executing arbitrary commands, persistence, and lateral movement. | ||||
| CVE-2026-2586 | 1 Eclipse | 1 Glassfish | 2026-05-19 | 9.1 Critical |
| An authenticated Remote Code Execution (RCE) vulnerability was identified in GlassFish's Administration Console. A user with access to the panel can send crafted requests that allow the execution of arbitrary operating system commands with the privileges of the application service user. | ||||
| CVE-2026-34883 | 1 Portrait | 1 Dell Color Management | 2026-05-19 | 5.3 Medium |
| An issue was discovered in the Portrait Dell Color Management application before 3.7.0 for Dell monitors. On Windows, a symbolic link vulnerability allows a local low-privileged user to escalate privileges to Administrator. During installation, the software writes the file CCFLFamily_07Feb11.edr to C:\ProgramData\Portrait Displays\CW\data\i1D3\ while running with elevated privileges. Because the installer does not properly validate symbolic links or reparse points at the destination path, an attacker can create a malicious link that redirects the write operation to an arbitrary system location, enabling arbitrary file creation or overwrite with elevated privileges. | ||||
| CVE-2026-8955 | 1 Mozilla | 1 Firefox | 2026-05-19 | 6.5 Medium |
| Privilege escalation in the DOM: Workers component. This vulnerability was fixed in Firefox 151 and Firefox ESR 140.11. | ||||