Export limit exceeded: 22789 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22789 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-46197 | 1 Linux | 1 Linux Kernel | 2026-06-10 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: validate SVM ioctl nattr against buffer size Validate nattr field against the buffer size, preventing out-of-bounds buffer access via user-controlled attribute count. (cherry picked from commit 5eca8bfdfa456c3304ca77523718fe24254c172f) | ||||
| CVE-2026-46203 | 1 Linux | 1 Linux Kernel | 2026-06-10 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: fix unclocked access on unbind Make sure that the controller is runtime resumed before disabling it during driver unbind to avoid an unclocked register access. This issue was flagged by Sashiko when reviewing a controller deregistration fix. | ||||
| CVE-2026-11669 | 1 Google | 2 Chrome, Chrome Os | 2026-06-10 | 5.3 Medium |
| Out of bounds read in Media in Google Chrome on ChromeOS prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-66280 | 1 Qnap Systems | 2 Qts, Quts Hero | 2026-06-10 | N/A |
| An integer overflow or wraparound vulnerability has been reported to affect several QNAP operating system versions. If a remote attacker gains an administrator account, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.2.9.3410 build 20260214 and later QuTS hero h5.2.9.3410 build 20260214 and later QuTS hero h5.3.4.3500 build 20260520 and later QuTS hero h6.0.0.3397 build 20260206 and later | ||||
| CVE-2026-48574 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-49841 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 9.8 Critical |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, the mod_verto HTTP request handler allocates a fixed 2 MiB buffer for a POST application/x-www-form-urlencoded body but accepts Content-Length up to just under 10 MiB. The body-read loop is bounded by Content-Length rather than the buffer size, producing an attacker-controlled heap overflow of up to ~8 MiB -- before the HTTP basic-auth check runs. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49840 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 9.1 Critical |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, esl_recv_event() parses Content-Length with atol() and passes the result straight to malloc(len + 1) with no sign or magnitude check. A malicious or man-in-the-middle ESL peer can send a frame with a negative Content-Length to corrupt the heap of, or crash, any process linked against libesl, before the client has authenticated to that peer. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49475 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-11645 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-10 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-45639 | 1 Microsoft | 28 Remote Desktop, Windows 10 1607, Windows 10 1809 and 25 more | 2026-06-10 | 7.5 High |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45455 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-06-10 | 3.3 Low |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42908 | 1 Microsoft | 27 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 24 more | 2026-06-10 | 7.5 High |
| Out-of-bounds read in Windows RDP allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-45466 | 1 Microsoft | 8 365 Apps, Microsoft 365 Apps For Enterprise, Office 2021 and 5 more | 2026-06-10 | 3.3 Low |
| Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-45460 | 1 Microsoft | 8 365 Apps, Office, Office 2019 and 5 more | 2026-06-10 | 4.7 Medium |
| Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-9742 | 1 Mongodb | 1 Mongodb Server | 2026-06-10 | 7.5 High |
| When OIDC authentication is enabled in configuration, clients may set specific values in the "mechanism" parameter of the "authenticate" command that lead to server crash. The authenticate command is accessible to unauthenticated clients, leading to pre-auth denial-of-service in affected product configurations. | ||||
| CVE-2026-44634 | 1 Simpleble | 1 Simpleble | 2026-06-10 | N/A |
| SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE). Prior to version 0.14.0, there are multiple stack-based buffer overflow vulnerabilities in SimpleBLE. There is a stack overflow vulnerability in the dongl backend’s Protocol::simpleble_write function (local, caller-controlled input). A stack overflow vulnerability when processing manufacturer-specific data in BLE advertisements (remote, no pairing or connection required). Lastly, a stack overflow vulnerability when processing service data in BLE advertisements (remote, no pairing or connection required). This issue has been patched in version 0.14.0. | ||||
| CVE-2026-34707 | 3 Adobe, Apple, Microsoft | 3 Incopy, Macos, Windows | 2026-06-10 | 7.8 High |
| InCopy versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-34705 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-06-10 | 5.5 Medium |
| InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-34702 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-06-10 | 7.8 High |
| InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-34701 | 3 Adobe, Apple, Microsoft | 4 Indesign, Indesign Desktop, Macos and 1 more | 2026-06-10 | 7.8 High |
| InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||