Export limit exceeded: 352828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352828 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24162 | 1 Nvidia | 1 Merlin Transformers4rec | 2026-05-26 | 7.8 High |
| NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-9575 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-26 | 7.3 High |
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-46430 | 2026-05-26 | 4.3 Medium | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server bound to 0.0.0.0:5553 on Linux/macOS by default because the platform-dependent host default in engine/flags.go:39-46 set host = "" for non-Windows, and utils.JoinHostPort("", ":5553") resolves to ":5553". This vulnerability is fixed in 1.17.7. | ||||
| CVE-2026-46431 | 2026-05-26 | 4.3 Medium | ||
| Algernon is a small self-contained pure-Go web server. Prior to 1.17.7, the SSE event server's Access-Control-Allow-Origin response header was hardcoded to the wildcard * regardless of the caller's Origin. Because EventSource does not preflight and does not send cookies, the wildcard is sufficient to let any third-party page the developer visits open a cross-origin EventSource to the SSE port and read the live filename stream from JavaScript. This vulnerability is fixed in 1.17.7. | ||||
| CVE-2026-42001 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 7.5 High |
| Insufficient Validation of Autoprimary SOA Queries | ||||
| CVE-2026-42002 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 5.9 Medium |
| Concurrency and locking defects in GSS-TSIG | ||||
| CVE-2026-24212 | 1 Nvidia | 1 Isaac Launchable | 2026-05-26 | 7.5 High |
| NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-2264 | 1 Google | 1 Cloud Apigee-x | 2026-05-26 | N/A |
| A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy. | ||||
| CVE-2026-42396 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 4.9 Medium |
| Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | ||||
| CVE-2026-48897 | 2026-05-26 | N/A | ||
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2026-44776 | 2026-05-26 | N/A | ||
| Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not assigned to can download the full file contents, query file sizes, and read metadata for that content. This affects /api/Download/volume-size, /api/Download/chapter-size, /api/Download/series-size, /api/Download/volume, /api/Download/chapter, /api/Download/series, and /api/Chapter. This vulnerability is fixed in 0.9.0. | ||||
| CVE-2026-40384 | 2026-05-26 | N/A | ||
| An improper validation of the search parameter of the com_media files API endpoint leads to a path traversal vulnerability. | ||||
| CVE-2026-34486 | 1 Apache | 1 Tomcat | 2026-05-26 | 7.5 High |
| Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | ||||
| CVE-2026-32181 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-05-26 | 5.5 Medium |
| Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||||
| CVE-2026-26151 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-26 | 7.1 High |
| Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-20921 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-05-26 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20817 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-05-26 | 7.8 High |
| Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-48864 | 1 Redhat | 5 Enterprise Linux, Hummingbird, Openshift and 2 more | 2026-05-26 | 7.8 High |
| A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | ||||
| CVE-2026-9574 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-26 | 7.3 High |
| A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7374 | 1 Redhat | 1 Container Native Virtualization | 2026-05-26 | 9.9 Critical |
| A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster. | ||||