Export limit exceeded: 350584 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350584 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34665 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 7.5 High |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34667 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34673 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34668 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34680 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34688 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34678 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34669 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Improper Input Validation vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34671 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-34672 | 1 Adobe | 1 Cai Content Credentials | 2026-05-13 | 6.2 Medium |
| CAI Content Credentials versions 0.78.2, 0.7.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-35504 | 1 Subnet Solutions | 3 Powersystem Center 2020, Powersystem Center 2024, Powersystem Center 2026 | 2026-05-13 | 5.5 Medium |
| PowerSYSTEM Center email notification service is affected by a CRLF injection vulnerability when using SMTPS communication. | ||||
| CVE-2025-65086 | 1 Ashlar Vellum | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-13 | N/A |
| An Out-of-Bounds Write vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to execute arbitrary code when a specially crafted VC6 file is being parsed. | ||||
| CVE-2025-65087 | 1 Ashlar Vellum | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-13 | N/A |
| An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed. | ||||
| CVE-2025-65088 | 1 Ashlar Vellum | 5 Argon, Cobalt, Cobalt Share and 2 more | 2026-05-13 | N/A |
| An Out-of-Bounds Read vulnerability is present in Ashlar-Vellum Cobalt, Xenon, Argon, Lithium, and Cobalt Share versions 12.6.1204.216 and prior that could allow an attacker to disclose information or execute arbitrary code when a specially crafted VC6 file is being parsed. | ||||
| CVE-2026-44232 | 1 Hackingrepo | 1 Dssrf-js | 2026-05-13 | N/A |
| DSSRF is a Node.js library that provides a wide range of utilities and advanced SSRF defense checks. Prior to 1.3.0, every IPv6 category bypasses is_url_safe. This vulnerability is fixed in 1.3.0. | ||||
| CVE-2026-44246 | 1 Mic-dkfz | 1 Nnunet | 2026-05-13 | 7.2 High |
| nnU-Net is a semantic segmentation framework that automatically adapts its pipeline to a dataset. Prior to 2.4.1, the nnU-Net Issue Triage workflow in .github/workflows/issue-triage.yml is vulnerable to Agentic Workflow Injection. The workflow sets allowed_non_write_users: ${{ github.event.issue.user.login }}, which means any logged-in GitHub user who opens an issue can reach this agentic workflow with attacker-controlled content. Untrusted issue title and body content are embedded directly into the prompt of anthropics/claude-code-action, and the workflow then runs a command-capable Claude agent with permission to comment on and relabel the current issue via gh. Because this workflow is triggered automatically on issues.opened, an external attacker can submit a crafted issue that steers the agent beyond its intended issue-triage purpose and influences authenticated issue actions. This vulnerability is fixed in 2.4.1. | ||||
| CVE-2026-35555 | 1 Subnet Solutions | 2 Powersystem Center 2024, Powersystem Center 2026 | 2026-05-13 | 6.3 Medium |
| PowerSYSTEM Center feature for device project groups allows an authenticated user with limited permissions to perform an unauthorized deletion of project groups. | ||||
| CVE-2026-33570 | 1 Subnet Solutions | 1 Powersystem Center 2020 | 2026-05-13 | 5.7 Medium |
| PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions. | ||||
| CVE-2026-26289 | 1 Subnet Solutions | 3 Powersystem Center 2020, Powersystem Center 2024, Powersystem Center 2026 | 2026-05-13 | 8.2 High |
| PowerSYSTEM Center REST API endpoint for device account export allows an authenticated user with limited permissions to expose sensitive information normally restricted to administrative permissions only. | ||||
| CVE-2026-44258 | 1 Efwgrp | 1 Efw4.x | 2026-05-13 | N/A |
| efw4.X is an Enterprise Framework for Web. Prior to 4.08.010, the elfinder_checkRisk function validates target and targets for path traversal and home containment, but does not validate the dst (destination) parameter used by elfinder_paste. An attacker can copy or move files from within the home directory to any arbitrary destination by setting dst to a base64-encoded traversal path. This bypasses the protected=true security control. This vulnerability is fixed in 4.08.010. | ||||