Export limit exceeded: 20585 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (20585 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-46145 | 1 Linux | 1 Linux Kernel | 2026-05-29 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: RDMA/mana: Validate rx_hash_key_len Sashiko points out that rx_hash_key_len comes from a uAPI structure and is blindly passed to memcpy, allowing the userspace to trash kernel memory. Bounds check it so the memcpy cannot overflow. | ||||
| CVE-2026-46190 | 1 Linux | 1 Linux Kernel | 2026-05-29 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: mtd: spi-nor: debugfs: fix out-of-bounds read in spi_nor_params_show() Sashiko noticed an out-of-bounds read [1]. In spi_nor_params_show(), the snor_f_names array is passed to spi_nor_print_flags() using sizeof(snor_f_names). Since snor_f_names is an array of pointers, sizeof() returns the total number of bytes occupied by the pointers (element_count * sizeof(void *)) rather than the element count itself. On 64-bit systems, this makes the passed length 8x larger than intended. Inside spi_nor_print_flags(), the 'names_len' argument is used to bounds-check the 'names' array access. An out-of-bounds read occurs if a flag bit is set that exceeds the array's actual element count but is within the inflated byte-size count. Correct this by using ARRAY_SIZE() to pass the actual number of string pointers in the array. | ||||
| CVE-2026-46195 | 1 Linux | 1 Linux Kernel | 2026-05-29 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: smb: client: validate dacloffset before building DACL pointers parse_sec_desc(), build_sec_desc(), and the chown path in id_mode_to_cifs_acl() all add the server-supplied dacloffset to pntsd before proving a DACL header fits inside the returned security descriptor. On 32-bit builds a malicious server can return dacloffset near U32_MAX, wrap the derived DACL pointer below end_of_acl, and then slip past the later pointer-based bounds checks. build_sec_desc() and id_mode_to_cifs_acl() can then dereference DACL fields from the wrapped pointer in the chmod/chown rewrite paths. Validate dacloffset numerically before building any DACL pointer and reuse the same helper at the three DACL entry points. | ||||
| CVE-2021-28465 | 1 Microsoft | 1 Web Media Extensions | 2026-05-28 | 7.8 High |
| Web Media Extensions Remote Code Execution Vulnerability | ||||
| CVE-2026-48864 | 2 Opensuse, Redhat | 9 Libsolv, Enterprise Linux, Hardened Images and 6 more | 2026-05-28 | 7.8 High |
| A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | ||||
| CVE-2019-19378 | 1 Linux | 1 Linux Kernel | 2026-05-28 | 7.8 High |
| In the Linux kernel 5.0.21, mounting a crafted btrfs filesystem image can lead to slab-out-of-bounds write access in index_rbio_pages in fs/btrfs/raid56.c. | ||||
| CVE-2019-13721 | 2 Google, Redhat | 2 Chrome, Rhel Extras | 2026-05-28 | 8.8 High |
| Use after free in PDFium in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. | ||||
| CVE-2026-44723 | 1 Vowpalwabbit | 1 Vowpal Wabbit | 2026-05-28 | 5 Medium |
| Vowpal Wabbit is a machine learning system. The workflow .github/workflows/python_checks.yml embeds ${{ github.event.pull_request.title }} directly inside double-quoted bash strings in four separate steps across four jobs, each passing it as a CLI argument to the Python test script run_tests_model_gen_and_load.py. The shell interprets the expanded string before invoking Python, allowing an attacker to break out of the quotes and execute arbitrary commands on the runner. The pull_request trigger fires on PRs targeting any branch (branches: ['*']), with no additional access gate. This vulnerability is fixed by the 998e390e80a7e8192d7849b7784bc113dbd190ad commit. | ||||
| CVE-2023-38233 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-05-28 | 7.8 High |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-44465 | 1 Zed-industries | 1 Zed | 2026-05-28 | 8.6 High |
| Zed is a code editor. Prior to 0.227.1, Zed IDE executes arbitrary commands when opening a folder with a malicious .git/config file that abuses the core.fsmonitor Git configuration option. This allows an attacker to achieve Remote Code Execution (RCE) when a victim open a folder in untrusted mode. This vulnerability is fixed in 0.227.1. | ||||
| CVE-2023-38231 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2026-05-28 | 7.8 High |
| Adobe Acrobat Reader versions 23.003.20244 (and earlier) and 20.005.30467 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-9458 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-05-28 | 9.8 Critical |
| A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. The impacted element is the function setWanCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument enabled leads to os command injection. The attack may be performed from remote. The exploit is publicly available and might be used. | ||||
| CVE-2026-44461 | 1 Zed-industries | 1 Zed | 2026-05-28 | 8.6 High |
| Zed is a code editor. Prior to 0.227.1, Zed builds SSH/WSL remote commands as a shell command string that starts with exec env ..., but environment variable keys are inserted without shell quoting or validation. If an attacker can control an environment variable key (for example via project terminal settings), shell expansions in the key (such as $(...)) are evaluated by the remote shell when a terminal is opened. This can lead to arbitrary command execution on the remote host under the victim user's account. This vulnerability is fixed in 0.227.1. | ||||
| CVE-2023-47359 | 1 Videolan | 1 Vlc Media Player | 2026-05-28 | 9.8 Critical |
| Videolan VLC prior to version 3.0.20 contains an incorrect offset read that leads to a Heap-Based Buffer Overflow in function GetPacket() and results in a memory corruption. | ||||
| CVE-2026-9434 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-05-28 | 9.8 Critical |
| A security vulnerability has been detected in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setWiFiWpsCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument wscDisabled leads to os command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-42250 | 2026-05-28 | N/A | ||
| bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of service). This issue was fixed in bzip2 patch 35d122a3df8b0cc4082a4d89fdc6ee99f375fe67 | ||||
| CVE-2026-9476 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-05-28 | 9.8 Critical |
| A vulnerability was identified in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setPasswordCfg of the file /cgi-bin/cstecgi.cgi of the component Web Management Interface. Such manipulation of the argument admpass leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-46232 | 1 Linux | 1 Linux Kernel | 2026-05-28 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: HID: playstation: Clamp num_touch_reports A device would never lie about the number of touch reports would it? If it does the loop in dualshock4_parse_report will read off the end of the touch_reports array, up to about 2 KiB for the maximum number of 256 loop iteraions. The data that is read is emitted via evdev if the DS4_TOUCH_POINT_INACTIVE bit happens to be set. Protect against this by clamping the num_touch_reports value provided by the device to the maximum size of the touch_reports array. | ||||
| CVE-2026-9531 | 1 Totolink | 1 Ca750-poe | 2026-05-28 | 6.3 Medium |
| A weakness has been identified in Totolink CA750-PoE 6.2c.510. Impacted is the function setUpgradeUboot of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. This manipulation of the argument FileName causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-44346 | 1 Bentoml | 1 Bentoml | 2026-05-28 | 8.8 High |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.39, a malicious bentofile.yaml containing a newline-injected value in envs[*].name produces unquoted RUN directives in the BentoML-generated Dockerfile. When the victim runs bentoml containerize on the imported bento, those RUN directives execute on the host during docker build. This vulnerability is fixed in 1.4.39. | ||||