Export limit exceeded: 10636 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45435 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45435 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41213 | 1 Node-oauth | 2 Node-oauth2-server, Node-oauth\/oauth2-server | 2026-06-02 | 5.9 Medium |
| @node-oauth/oauth2-server is a module for implementing an OAuth2 server in Node.js. The token exchange path accepts RFC7636-invalid code_verifier values (including one-character strings) for S256 PKCE flows. Because short/weak verifiers are accepted and failed verifier attempts do not consume the authorization code, an attacker who intercepts an authorization code can brute-force code_verifier guesses online until token issuance succeeds. | ||||
| CVE-2026-40447 | 2 Samsung, Samsung Open Source | 2 Escargot, Escargot | 2026-06-02 | 5.1 Medium |
| Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||||
| CVE-2026-10291 | 1 Enderfga | 1 Claw-orchestrator | 2026-06-02 | 4.3 Medium |
| A security vulnerability has been detected in Enderfga claw-orchestrator up to 3.7.0. The impacted element is the function validateRegex of the file claw-orchestrator/src/embedded-server.ts of the component Session Grep Endpoint. The manipulation of the argument body.pattern leads to inefficient regular expression complexity. The attack may be initiated remotely. Upgrading to version 3.7.1 is sufficient to resolve this issue. The identifier of the patch is 3f970a974c65a94555c25af9f2796f11315e4584. It is recommended to upgrade the affected component. | ||||
| CVE-2026-0061 | 1 Google | 1 Android | 2026-06-02 | 5.9 Medium |
| In multiple functions of WindowState.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-39830 | 1 Golang | 2 Crypto, Ssh | 2026-06-02 | 9.1 Critical |
| A malicious SSH peer could send unsolicited global request responses to fill an internal buffer, blocking the connection's read loop. The blocked goroutine could not be released by calling Close(), resulting in a resource leak per connection. Unsolicited global responses are now discarded. | ||||
| CVE-2026-44367 | 1 Aiven-open | 1 Klaw | 2026-06-02 | 2.7 Low |
| Klaw is a self-service Apache Kafka Topic Management/Governance tool/portal. Prior to version 2.10.4, a vulnerability exists in the user registration and login mechanisms due to inconsistent handling of username case sensitivity, leading to a targeted Denial of Service (DoS) and complete account lockout. This issue has been patched in version 2.10.4. | ||||
| CVE-2026-29013 | 1 Libcoap | 1 Libcoap | 2026-06-02 | 9.8 Critical |
| libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause out-of-bounds reads through integer wraparound in allocation size computation. | ||||
| CVE-2026-10292 | 1 Utt | 1 Hiper 1200gw | 2026-06-02 | 8.8 High |
| A vulnerability was detected in UTT HiPER 1200GW up to 2.5.3-170306. This affects the function strcpy of the file /goform/formTaskEdit. The manipulation results in stack-based buffer overflow. The attack may be launched remotely. The exploit is now public and may be used. | ||||
| CVE-2026-7254 | 1 Ibm | 1 Openbmc | 2026-06-02 | 5.3 Medium |
| IBM OPENBMC FW1110.00 through FW1110.11 is vulnerable to denial of service attacks by unauthenticated network users. | ||||
| CVE-2026-7365 | 1 Ibm | 3 Operations Analytics - Log Analysis, Operations Analytics Log Analysis, Operations Analytics Log Analysis | 2026-06-02 | 8.4 High |
| IBM Operations Analytics - Log Analysis and IBM SmartCloud Analytics - Log Analysis uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. | ||||
| CVE-2026-43958 | 1 Redhat | 1 Enterprise Linux | 2026-06-02 | 7.8 High |
| A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary code execution, impacting the integrity and confidentiality of data. | ||||
| CVE-2025-59612 | 1 Qualcomm | 63 Cologne, Cologne Firmware, Fastconnect 6700 and 60 more | 2026-06-02 | 6.7 Medium |
| Memory corruption in windows drivers while sending incorrect trusted application request | ||||
| CVE-2025-59613 | 1 Qualcomm | 89 Cologne, Cologne Firmware, Fastconnect 6700 and 86 more | 2026-06-02 | 6.7 Medium |
| Memory Corruption when output buffer size is smaller than input buffer size during data copying operation. | ||||
| CVE-2026-24085 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing display command line information due to improper initialization of a variable. | ||||
| CVE-2026-24087 | 1 Qualcomm | 431 Ar8031, Ar8031 Firmware, Ar8035 and 428 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot OEM commands. | ||||
| CVE-2026-24089 | 1 Qualcomm | 439 Ar8031, Ar8031 Firmware, Ar8035 and 436 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with invalid input. | ||||
| CVE-2026-24091 | 1 Qualcomm | 547 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Apq8098 and 544 more | 2026-06-02 | 7.2 High |
| Memory corruption while processing fastboot commands with improperly formatted input. | ||||
| CVE-2026-24092 | 1 Qualcomm | 437 Ar8031, Ar8031 Firmware, Ar8035 and 434 more | 2026-06-02 | 7.2 High |
| Memory Corruption when processing fastboot commands to set display mode. | ||||
| CVE-2026-25258 | 1 Qualcomm | 43 Cologne, Cologne Firmware, Fastconnect 6900 and 40 more | 2026-06-02 | 7.8 High |
| Memory corruption while processing IOCTL calls for escape operations. | ||||
| CVE-2026-10232 | 1 Assimp | 1 Assimp | 2026-06-02 | 5.3 Medium |
| A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::~aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks. The project tagged the reported issue as bug. | ||||