Export limit exceeded: 347435 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347435 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6520 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| OpenFlow v6 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-6521 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| OpenFlow v5 protocol dissector infinite loops in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-6523 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| GNW protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7376 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7375 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| UDS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7379 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| Memory leak in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-7378 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| Crash in sharkd 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-42208 | 1 Berriai | 1 Litellm | 2026-04-30 | 9.8 Critical |
| A flaw was found in LiteLLM. A database query used for proxy API key checks incorrectly incorporated caller-supplied key values directly into the query. This vulnerability allows an unauthenticated attacker to send a specially crafted Authorization header to any Large Language Model (LLM) API route, exploiting the proxy's error-handling path. Successful exploitation could enable the attacker to read and potentially modify data within the proxy's database, leading to unauthorized access to the proxy and its managed credentials. | ||||
| CVE-2026-42510 | 1 Openstack | 1 Ironic | 2026-04-30 | 6.6 Medium |
| OpenStack Ironic before 35.0.1 allows ipmitool execution in a non-default configuration that has a console interface. | ||||
| CVE-2026-37750 | 1 Mahmoudai1 | 1 School Management System | 2026-04-30 | 6.1 Medium |
| A reflected Cross-Site Scripting (XSS) vulnerability in School Management System by mahmoudai1 allows unauthenticated remote attackers to execute arbitrary JavaScript in victim's browsers via the unsanitized type parameter in register.php. | ||||
| CVE-2026-7346 | 1 Google | 1 Chrome | 2026-04-30 | 8.1 High |
| Inappropriate implementation in Tint in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-0205 | 1 Sonicwall | 1 Sonicos | 2026-04-30 | 6.8 Medium |
| A post-authentication Path Traversal vulnerability in SonicOS allows an attacker to interact with usually restricted services. | ||||
| CVE-2026-35155 | 1 Dell | 1 Idrac10 | 2026-04-30 | 7.1 High |
| Dell iDRAC10, versions 1.20.70.50 and 1.30.05.10, contains an Insufficiently Protected Credentials vulnerability. A race condition vulnerability exists that could allow an authenticated low‑privileged attacker to gain elevated access. | ||||
| CVE-2026-7336 | 1 Google | 1 Chrome | 2026-04-30 | 8.8 High |
| Use after free in WebRTC in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7347 | 1 Google | 1 Chrome | 2026-04-30 | 8.1 High |
| Use after free in Chromoting in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-7352 | 1 Google | 1 Chrome | 2026-04-30 | 8.3 High |
| Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-7363 | 1 Google | 1 Chrome | 2026-04-30 | 8.8 High |
| Use after free in Canvas in Google Chrome on Linux, ChromeOS prior to 147.0.7727.138 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-5550 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-04-29 | 8.8 High |
| A vulnerability was identified in Tenda AC10 16.03.10.10_multi_TDE01. This affects the function fromSysToolChangePwd of the file /bin/httpd. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. Multiple endpoints might be affected. | ||||
| CVE-2026-5549 | 1 Tenda | 2 Ac10, Ac10 Firmware | 2026-04-29 | 5.3 Medium |
| A vulnerability was determined in Tenda AC10 16.03.10.10_multi_TDE01. Affected by this issue is some unknown functionality of the file /webroot_ro/pem/privkeySrv.pem of the component RSA 2048-bit Private Key Handler. Executing a manipulation can lead to use of hard-coded cryptographic key . The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2018-25259 | 1 Lizardsystems | 1 Terminal Services Manager | 2026-04-29 | 8.4 High |
| Terminal Services Manager 3.1 contains a stack-based buffer overflow vulnerability in the computer names field that allows local attackers to execute arbitrary code by triggering structured exception handling. Attackers can craft a malicious input file with shellcode and jump instructions that overwrite the SEH handler pointer to execute calc.exe or other payloads when imported through the add computers wizard. | ||||