Export limit exceeded: 357888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 83505 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (83505 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48574 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.8 High |
| Heap-based buffer overflow in Windows Media allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-3012 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 8 High |
| A flaw was found in Samba’s certificate auto-enrollment Group Policy handling. When certificate auto-enrollment is enabled, Samba may retrieve a CA certificate over an unencrypted HTTP connection and install it into the local trust store without proper verification. An attacker with the ability to intercept or redirect network traffic could exploit this behavior to supply a malicious certificate authority certificate, potentially allowing interception or spoofing of trusted communications. | ||||
| CVE-2026-1933 | 2 Redhat, Samba | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-06-10 | 7.1 High |
| A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read only = yes. Due to missing SMB-layer access checks, authenticated users with underlying filesystem write permissions may create or delete reparse point metadata through SMB operations even on read-only exports. This could allow modification of SMB-visible file behavior, including converting files into symbolic links or other reparse point types. | ||||
| CVE-2026-52758 | 1 Nsa | 1 Ghidra | 2026-06-10 | 8.8 High |
| Ghidra before 12.1 contains a SQL injection vulnerability in BSim filter types that concatenate user-supplied values directly into SQL queries without escaping or parameterization. Remote attackers can inject arbitrary SQL via the BSim network query protocol to read, modify, or delete data in the PostgreSQL database. | ||||
| CVE-2026-24064 | 1 Waves Audio | 1 Waves Central | 2026-06-10 | 7.8 High |
| Waves Central for macOS versions 13.0.9 through 16.5.5 contain a local privilege escalation vulnerability. A trusted XPC client component included with the product is signed with hardened runtime entitlements that permit dynamic library injection. A local attacker can set the DYLD_INSERT_LIBRARIES environment variable to inject an attacker-controlled dynamic library into the trusted client process at launch. The injected code runs within the signed process and can connect to the product's privileged helper service to invoke privileged operations, resulting in arbitrary code execution as root. The issue is fixed in version 16.6.2. | ||||
| CVE-2026-11029 | 1 Google | 2 Android, Chrome | 2026-06-10 | 8.3 High |
| Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-48575 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-48576 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-48578 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-10 | 7.9 High |
| Protection mechanism failure in Windows Secure Boot allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-49069 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Portfolio | 2026-06-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21. | ||||
| CVE-2026-48583 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 7.8 High |
| Use after free in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-49160 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-10 | 7.5 High |
| Uncontrolled resource consumption in HTTP/2 allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-49847 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, a single unauthenticated WebSocket frame containing a deeply nested JSON document crashes the FreeSWITCH process via stack overflow, terminating all calls and sessions on the host. The recursion drives the worker thread's stack pointer into the stack guard page, raising SIGSEGV from the kernel before any usable write primitive develops. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49842 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, mod_verto's WebSocket frame loop intercepts a #-prefixed speed-test protocol (#SPU / #SPB / #SPE) before any authentication check. The declared payload size in #SPU was parsed with atoi() and only rejected non-positive values, so an unauthenticated peer could request up to INT_MAX bytes. The server then wrote roughly size * 10 bytes back during the download phase, on the order of 20 GB per request, yielding strong outbound bandwidth amplification from a short request. This issue has been patched in version 1.11.1. | ||||
| CVE-2026-49475 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, a STUN packet whose declared attribute length is shorter than the structure the parser casts to causes the parser to read and write past the end of the attribute, producing an out-of-bounds memory access on the per-leg media buffer. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-45771 | 2 Freeswitch, Signalwire | 2 Freeswitch, Freeswitch | 2026-06-10 | 7.5 High |
| FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.0, FreeSWITCH's bundled XML parser expands nested <!ENTITY> declarations without a depth or count bound, so a small DTD can describe a body that expands exponentially ("billion laughs"). The PIDF body of a SIP PUBLISH is fed to this parser before any digest check, letting an unauthenticated network attacker force unbounded CPU and memory consumption with a single request. This issue has been patched in version 1.11.0. | ||||
| CVE-2026-52751 | 1 Nsa | 1 Ghidra | 2026-06-10 | 8.8 High |
| Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands. | ||||
| CVE-2026-9758 | 1 Systerel | 1 S2opc | 2026-06-10 | 7.3 High |
| Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted | ||||
| CVE-2026-10725 | 1 Crux | 2 Protocol::http2, Protocol\ | 2026-06-10 | 7.5 High |
| Protocol::HTTP2 versions before 1.13 for Perl is vulnerable to a HTTP/2 Bomb. Protocol::HTTP2's inbound HPACK path has no header-list size limit, so a small HTTP/2 request can expand into large server memory (the "HTTP/2 bomb"). The headers_decode method materialises a full key+value copy per indexed reference with no running size check, and the stream_header_block_add method appends (since version 1.12) every CONTINUATION frame to the per-stream buffer unbounded. MAX_HEADER_LIST_SIZE (default 65536) is advertised in SETTINGS but never consulted on decode. It is absent from the decoder and from the :limits export tag. | ||||
| CVE-2026-11645 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-10 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||