Export limit exceeded: 359553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359553 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359553 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27878 | 2026-06-19 | 6.5 Medium | ||
| A TraceQL query in Grafana Tempo with a large exemplars hint value can cause the Tempo instance to allocate an excessive amount of memory, resulting in an out-of-memory crash. This could allow an authenticated user to trigger a denial of service against the Tempo service. | ||||
| CVE-2016-20094 | 1 Anydesk | 1 Anydesk | 2026-06-19 | 7.8 High |
| AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during application startup or system reboot. | ||||
| CVE-2026-49287 | 1 Statamic | 1 Cms | 2026-06-19 | 7.4 High |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, the fix for CVE-2026-41175 was incomplete. It addressed the issue in the query builder, but the same protection was not applied to in-memory collection sorting. Manipulating sort parameters could result in the loss of content and assets. This requires a front-end template that passes request input into a tag's sort parameter. It is not exploitable by default — a template would need to be explicitly set up to sort by a visitor-controlled value. This has been fixed in 5.73.23 and 6.20.0. | ||||
| CVE-2026-47645 | 1 Microsoft | 1 365 Copilot | 2026-06-19 | 8.8 High |
| Url redirection to untrusted site ('open redirect') in Microsoft 365 Copilot's Business Chat allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-48582 | 1 Microsoft | 1 Exchange Online | 2026-06-19 | 9.6 Critical |
| Missing authorization in Microsoft Exchange Online allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42824 | 1 Microsoft | 2 365 Copilot, Copilot | 2026-06-19 | 6.5 Medium |
| Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42915 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-19 | 5.5 Medium |
| Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally. | ||||
| CVE-2026-45482 | 1 Microsoft | 1 Visual Studio Code Copilot Chat Extension | 2026-06-19 | 8.4 High |
| Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47636 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-19 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-48584 | 1 Microsoft | 1 Azure Synapse | 2026-06-19 | 9.9 Critical |
| Execution with unnecessary privileges in Azure Synapse allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42895 | 1 Microsoft | 1 365 Copilot | 2026-06-19 | 6.5 Medium |
| Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | ||||
| CVE-2026-45480 | 1 Microsoft | 1 Azure Active Directory | 2026-06-19 | 10 Critical |
| Improper authentication in Azure Active Directory allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32208 | 1 Microsoft | 1 Edge Chromium | 2026-06-19 | 8.8 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Edge (Chromium-based) allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-50559 | 1 Redhat | 2 Apache Camel Quarkus, Quarkus | 2026-06-19 | 7.5 High |
| Quarkus is a Java framework for building cloud-native applications. Prior to versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2, Quarkus HTTP path-based authorization policies can be bypassed using encoded semicolons (%3B) to smuggle matrix parameters past the security layer, and using encoded slashes (%2F) or backslashes (%5C) to access protected static resources. This is a distinct issue from CVE-2026-39852, which addressed only literal semicolon stripping. Versions 3.37.0, 3.36.3, 3.33.2.1, 3.33.3, 3.27.4.1, 3.27.5, and 3.20.6.2 contain a patch. | ||||
| CVE-2026-49295 | 2026-06-19 | 7.1 High | ||
| libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted H.265 bitstream can cause an out-of-bounds array write in `decoder_context::process_reference_picture_set()` (`libde265/decctx.cc:1376`). The root cause is a missing aggregate bound check on predicted short-term reference picture set entries. Individual list sizes are validated, but the combined count after predicted RPS construction can exceed the 16-entry `PocStFoll` array, writing at index 16. Version 1.0.20 patches the issue. | ||||
| CVE-2026-49346 | 2026-06-19 | 7.1 High | ||
| libde265 is an open source implementation of the h.265 video codec. Prior to version 1.1.0, a crafted H.265 bitstream with large SPS dimensions and 16-bit bit depth causes a signed integer overflow in `de265_image_get_buffer()` (`libde265/image.cc:128`). The overflow wraps the plane allocation size to a small value (~1 KB), but the subsequent `fill_image()` call computes the real size using `size_t`, writing ~4 GB into the undersized heap buffer. Version 1.1.0 patches the issue. | ||||
| CVE-2026-49337 | 2026-06-19 | 4.3 Medium | ||
| libde265 is an open source implementation of the h.265 video codec. Prior to version 1.0.20, a crafted sequence of H.265 NAL units causes `decoder_context::read_slice_NAL()` (`libde265/decctx.cc:481`) to attach slice headers to a finished picture object that has no active image unit, resulting in attacker-controlled unbounded heap growth. The retained headers are never freed until the picture is released, which may not happen during continuous streaming. Version 1.0.20 patches the issue. | ||||
| CVE-2026-49291 | 1 Doobidoo | 1 Mcp-memory-service | 2026-06-19 | 8.1 High |
| mcp-memory-service is a semantic memory layer for AI applications. Prior to version 10.65.3, the HTTP MCP JSON-RPC endpoint at `/mcp` requires only OAuth `read` scope for all requests, then dispatches `tools/call` directly to handlers that include mutating tools. A read-only OAuth client can call `store_memory` and `delete_memory` through MCP even though the corresponding REST endpoints require `write` scope. Version 10.65.3 patches the issue. | ||||
| CVE-2026-49288 | 1 Statamic | 1 Cms | 2026-06-19 | 4.3 Medium |
| Statamic is a Laravel and Git powered content management system (CMS). Prior to 5.73.23 and 6.20.0, an authenticated Control Panel user could view metadata and content for resources they don't have permission to view, including entries, assets, users, roles, groups, and other configured resources. Depending on the resource, this could expose titles, custom field values, entry content, asset metadata, and the existence of users, roles, and groups. No data could be modified. This has been fixed in 5.73.23 and 6.20.0. | ||||
| CVE-2026-49336 | 1 Microsoft | 1 Kiota-typescript | 2026-06-19 | N/A |
| @microsoft/kiota-http-fetchlibrary provides TypeScript libraries for Kiota-generated API clients. In versions 1.0.0-preview.97 through 1.0.0-preview.101, `@microsoft/kiota-http-fetchlibrary`'s `RedirectHandler` is documented as stripping `Authorization` and `Cookie` from cross-origin redirect targets, but the default `scrubSensitiveHeaders` callback in `RedirectHandlerOptions` uses case-sensitive property deletion (`delete headers.Authorization`, `delete headers.Cookie`) on a headers object that `FetchRequestAdapter.getRequestFromRequestInformation` has already lower-cased. The delete therefore targets keys that do not exist, the scrub is a no-op, and any Bearer token or Cookie attached by a kiota-generated SDK is forwarded to an attacker-controlled host across a 30x redirect. This is reachable in the default middleware chain (`MiddlewareFactory.getDefaultMiddlewares`) with no custom configuration, and applies to every kiota-generated TypeScript SDK that uses `BaseBearerTokenAuthenticationProvider` or any other authentication provider that sets the `Authorization` request header. Version 1.0.0-preview.102 patches the issue. | ||||