Export limit exceeded: 354377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (354377 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48810 | 2026-05-29 | 4.3 Medium | ||
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, while investigating the ThreadPolicy::delete issue reported previously, the same missing mailbox membership check was found in the sibling ThreadPolicy::edit method. A user with the PERM_EDIT_CONVERSATIONS permission who created a message or internal note in Mailbox A can rewrite that thread's body after an administrator removes them from Mailbox A, because the policy checks only authorship and a global permission flag — not current mailbox membership. This vulnerability is fixed in 1.8.221. | ||||
| CVE-2026-48811 | 2026-05-29 | 4.3 Medium | ||
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.221, FreeScout allows a non-admin user to permanently delete an internal note (private thread) from any conversation, even after that user's access to the mailbox containing the conversation has been revoked. The ThreadPolicy::delete authorization policy does not verify mailbox membership, so a former team member retains destructive write access to notes they created. This vulnerability is fixed in 1.8.221. | ||||
| CVE-2026-41104 | 1 Microsoft | 2 Planetary Computer, Planetary Computer Pro | 2026-05-29 | 10 Critical |
| Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-40425 | 2026-05-29 | 5.7 Medium | ||
| The administrator account for the Danelec MacGregor Voyage Data Recorder web interface can directly edit sensitive files related to authentication, potentially changing the root password. | ||||
| CVE-2026-42929 | 2026-05-29 | 8.3 High | ||
| Danelec MacGregor Voyage Data Recorder includes default accounts with hard-coded credentials. | ||||
| CVE-2026-44611 | 2026-05-29 | 5.4 Medium | ||
| Danelec MacGregor Voyage Data Recorder passwords are stored with a hashing method which limits password length and is susceptible to brute force attacks. | ||||
| CVE-2026-45700 | 2026-05-29 | N/A | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's planar bitmap decoder has an out-of-bounds heap write when decoding RLE planar data. In libfreerdp/codec/planar.c, freerdp_bitmap_decompress_planar() validates the X destination coordinate nXDst against the caller-provided destination stride (nDstStep) even when it is writing into the internal temp buffer pTempData. An attacker can bypass the check with a large nDstStep and a large nXDst, causing planar_decompress_plane_rle() to write past the end of pTempData. This vulnerability is fixed in 3.26.0. | ||||
| CVE-2026-42951 | 2026-05-29 | 5.4 Medium | ||
| An authenticated user can download a backup of the Danelec MacGregor Voyage Data Recorder device which includes account data and password hashes. | ||||
| CVE-2026-22554 | 1 Mediaarea | 2 Mediainfo, Mediainfolib | 2026-05-29 | 7.8 High |
| MediaArea MediaInfoLib Channel Splitting heap-based buffer overflow vulnerability | ||||
| CVE-2026-44420 | 2026-05-29 | 8.8 High | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP client can trigger a heap-buffer-overflow write in FreeRDP's server-side clipboard (cliprdr) channel by sending a CB_CLIP_CAPS PDU with a too-small capabilitySetLength. This can crash the server process (remote DoS) and may be exploitable for code execution because it corrupts heap memory. This vulnerability is fixed in 3.26.0. | ||||
| CVE-2026-42941 | 2026-05-29 | 8.3 High | ||
| The Danelec MacGregor Voyage Data Recorder device includes a default username and password, with no enforced password change. | ||||
| CVE-2026-44422 | 2026-05-29 | 7.5 High | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, FreeRDP's RDPEAR NDR parser accepts one non-null NDR pointer ref-id for multiple logical pointer fields without tracking the pointed object's expected NDR type or ownership. When the same ref-id is reused across two pointer fields, the parser assigns the same heap object to both output fields. The generic destructor later walks each field independently and destroys/frees both pointers. This causes a malicious-server-triggerable heap use-after-free / double-free in the FreeRDP client's RDPEAR authentication-redirection path. This vulnerability is fixed in 3.26.0. | ||||
| CVE-2026-45321 | 16 Abhishake1, Agentworkhq, Antoinebcx and 13 more | 213 Supersurkhet\/cli, Supersurkhet\/sdk, Taskflow-corp\/cli and 210 more | 2026-05-29 | 9.6 Critical |
| On 2026-05-11, between approximately 19:20 and 19:26 UTC, 84 malicious versions across 42 @tanstack/* packages were published to the npm registry. The publishes were authenticated via the legitimate GitHub Actions OIDC trusted-publisher binding for TanStack/router, but the publish workflow itself was not modified. The attacker chained three known vulnerability classes — a pull_request_target "Pwn Request" misconfiguration, GitHub Actions cache poisoning across the fork↔base trust boundary, and runtime memory extraction of the OIDC token from the Actions runner process — to publish credential-stealing malware under a trusted identity. Each affected package received exactly two malicious versions, published a few minutes apart. | ||||
| CVE-2026-44421 | 2026-05-29 | 8.8 High | ||
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.26.0, a malicious RDP server can trigger a heap-buffer-overflow write in the FreeRDP client by sending crafted RDPGFX PDUs. The bug is in gdi_CacheToSurface: it validates a destination rectangle that is clamped to UINT16_MAX, but then performs the copy using the original cacheEntry->width/height. This can cause a large out-of-bounds heap write and may lead to client crashes or code execution. This bug is reachable from a malicious RDP server, but only when the client has RDPGFX enabled. This vulnerability is fixed in 3.26.0. | ||||
| CVE-2026-48735 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-05-29 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1. | ||||
| CVE-2026-48156 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-05-29 | 3.3 Low |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0. | ||||
| CVE-2026-48155 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-05-29 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0. | ||||
| CVE-2026-6824 | 2026-05-29 | 8.4 High | ||
| A stored cross-site scripting (XSS) vulnerability exists in certain 1xxx series NVR devices due to insufficient sanitization of user-supplied input in specific functional modules. Attackers can inject malicious scripts, which are then persistently stored on the device backend. When administrators or users access affected pages, the stored scripts are executed in their browsers, leading to potential session hijacking, unauthorized actions, or data theft. | ||||
| CVE-2026-46599 | 2026-05-29 | N/A | ||
| The TIFF decoder does not place a limit on the size of PackBits-compressed data. A maliciously-crafted image can exploit this to cause a small image (both in terms of pixel width/height and encoded size) to make the decoder decode large amounts of compressed data. | ||||
| CVE-2026-10066 | 1 Shibby | 1 Tomato | 2026-05-29 | 8.8 High |
| A security vulnerability has been detected in Shibby Tomato up to 1.28. This issue affects the function sub_9068 of the file tomatoups.cgi of the component UPS Service. The manipulation leads to stack-based buffer overflow. The attack can be initiated remotely. This project is superseded by FreshTomato. This vulnerability only affects products that are no longer supported by the maintainer. | ||||