Export limit exceeded: 80648 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80648 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35405 | 2 Libp2p, Protocol | 2 Rust-libp2p, Libp2p | 2026-04-24 | 7.5 High |
| libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. Keep doing this long enough (or with multiple sybil peers) and the server process gets OOM killed. This vulnerability is fixed in 0.17.1. | ||||
| CVE-2021-40656 | 1 Libsixel | 1 Libsixel | 2026-04-24 | 8.8 High |
| libsixel before 1.10 is vulnerable to Buffer Overflow in libsixel/src/quant.c:867. | ||||
| CVE-2026-35457 | 2 Libp2p, Protocol | 2 Rust-libp2p, Libp2p | 2026-04-24 | 8.2 High |
| libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed in 0.17.1. | ||||
| CVE-2026-40882 | 1 Openremote | 1 Openremote | 2026-04-24 | 7.6 High |
| OpenRemote is an open-source internet-of-things platform. Prior to version 1.22.0, the Velbus asset import path parses attacker-controlled XML without explicit XXE hardening. An authenticated user who can call the import endpoint may trigger XML external entity processing, which can lead to server-side file disclosure and SSRF. The target file must be less than 1023 characters. Version 1.22.0 fixes the issue. | ||||
| CVE-2026-40937 | 1 Rustfs | 1 Rustfs | 2026-04-24 | 8.3 High |
| RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-alpha.94, all four notification target admin API endpoints in `rustfs/src/admin/handlers/event.rs` use a `check_permissions` helper that validates authentication only (access key + session token), without performing any admin-action authorization via `validate_admin_request`. Every other admin handler in the codebase correctly calls `validate_admin_request` with a specific `AdminAction`. This is the only admin handler file that skips authorization. A non-admin user can overwrite a shared admin-defined notification target by name, causing subsequent bucket events to be delivered to an attacker-controlled endpoint. This enables cross-user event interception and audit evasion. 1.0.0-alpha.94 contains a patch. | ||||
| CVE-2022-27046 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| libsixel 1.8.6 suffers from a Heap Use After Free vulnerability in in libsixel/src/dither.c:388. | ||||
| CVE-2020-36120 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 7.5 High |
| Buffer Overflow in the "sixel_encoder_encode_bytes" function of Libsixel v1.8.6 allows attackers to cause a Denial of Service (DoS). | ||||
| CVE-2022-27044 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| libsixel 1.8.6 is affected by Buffer Overflow in libsixel/src/quant.c:876. | ||||
| CVE-2019-19777 | 2 Nothings, Saitoha | 2 Stb Image.h, Libsixel | 2026-04-24 | 8.8 High |
| stb_image.h (aka the stb image loader) 2.23, as used in libsixel and other products, has a heap-based buffer over-read in stbi__load_main. | ||||
| CVE-2019-20094 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_init_frame at fromgif.c. | ||||
| CVE-2020-21547 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| Libsixel 1.8.2 contains a heap-based buffer overflow in the dither_func_fs function in tosixel.c. | ||||
| CVE-2020-21548 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| Libsixel 1.8.3 contains a heap-based buffer overflow in the sixel_encode_highcolor function in tosixel.c. | ||||
| CVE-2019-20140 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| An issue was discovered in libsixel 1.8.4. There is a heap-based buffer overflow in the function gif_out_code at fromgif.c. | ||||
| CVE-2019-19778 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| An issue was discovered in libsixel 1.8.2. There is a heap-based buffer over-read in the function load_sixel at loader.c. | ||||
| CVE-2019-20205 | 1 Saitoha | 1 Libsixel | 2026-04-24 | 8.8 High |
| libsixel 1.8.4 has an integer overflow in sixel_frame_resize in frame.c. | ||||
| CVE-2026-32173 | 1 Microsoft | 3 Azure Sre Agent, Azure Sre Agent Gateway, Azure Sre Agent Gateway Signalr Hub | 2026-04-24 | 8.6 High |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-33827 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-24 | 8.1 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-33104 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-24 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33101 | 1 Microsoft | 12 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 9 more | 2026-04-24 | 7.8 High |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33100 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-24 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||