Export limit exceeded: 357302 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357302 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-11029 | 1 Google | 2 Android, Chrome | 2026-06-10 | 8.3 High |
| Insufficient validation of untrusted input in Drag and Drop in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-45542 | 1 Espressif | 1 Esp-idf | 2026-06-10 | 7.1 High |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 (SRP6a) session-setup path of the protocomm component. The first-phase handler (handle_session_command0() in components/protocomm/src/security/security2.c) trusts the length of a client-supplied protobuf field for the SRP6a username and copies it into a buffer whose size is derived from a narrower destination type. The resulting truncation-versus-copy asymmetry corrupts the heap when an oversized value is supplied. This issue has been patched in versions 5.2.7, 5.3.6, 5.4.5, 5.5.5, and 6.0.1. | ||||
| CVE-2026-9213 | 1 Netgear | 4 Mr70, Ms70, Raxe500 and 1 more | 2026-06-10 | N/A |
| A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper traffic between the router and the Internet, to execute code on the device. | ||||
| CVE-2026-26239 | 1 Qnap Systems | 1 File Station 5 | 2026-06-10 | N/A |
| A buffer overflow vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5208 and later | ||||
| CVE-2026-45160 | 1 Espressif | 1 Esp-idf | 2026-06-10 | 6.5 Medium |
| ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.2.7, 5.3.5, 5.4.4, 5.5.4, and 6.0.1, an out-of-bounds read flaw exists in the DHCP server option parser (parse_options() in components/lwip/apps/dhcpserver/dhcpserver.c) shipped with ESP-IDF's lwIP component. The parser walks the BOOTP/DHCP options field without validating that each option's length byte and declared payload length stay within the received packet buffer. A crafted DHCP request can cause the parser to read past the end of the options buffer into adjacent heap memory. The issue affects the DHCP server used by ESP-IDF's SoftAP and any configuration where the device runs as a DHCP server on a local network. This issue has been patched in versions 5.2.8, 5.3.6, 5.4.5, 5.5.5, and 6.0.2. | ||||
| CVE-2026-49069 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Portfolio | 2026-06-10 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Portfolio allows Reflected XSS. This issue affects WPZOOM Portfolio: from n/a through 1.4.21. | ||||
| CVE-2026-24724 | 1 Qnap Systems | 1 File Station 5 | 2026-06-10 | N/A |
| An incorrect authorization vulnerability has been reported to affect File Station 6. If a remote attacker gains a user account, they can then exploit the vulnerability to bypass intended access restrictions. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-9212 | 1 Netgear | 25 Lbr1020, Lbr20, R6700ax and 22 more | 2026-06-10 | N/A |
| Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations. | ||||
| CVE-2026-49497 | 1 Nsa | 1 Ghidra | 2026-06-10 | 3.3 Low |
| Ghidra before 12.1 contains a path traversal vulnerability in SameDirDebugInfoProvider that fails to validate filenames from ELF binary .gnu_debuglink sections before constructing file paths. Attackers can craft malicious ELF binaries with traversal sequences to probe filesystem existence and leak CRC32 hashes of arbitrary files during automatic DWARF analysis. | ||||
| CVE-2026-26241 | 1 Qnap Systems | 1 File Station 5 | 2026-06-10 | N/A |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-26240 | 1 Qnap Systems | 1 File Station 5 | 2026-06-10 | N/A |
| A buffer overflow vulnerability has been reported to affect File Station 5. The remote attackers can then exploit the vulnerability to modify memory or crash processes. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.5243 and later | ||||
| CVE-2026-11859 | 1 Thinkst Applied Research | 1 Canarytokens | 2026-06-10 | N/A |
| An HTML injection vulnerability in the "fetch links" email sent by Thinkst Applied Research Canarytokens, enabling Interface Manipulation, Cross-Site Scripting (XSS) in emails clients that render HTML emails. This issue affects Canarytokens: from Docker tag sha-c0f3cf142 before sha-08c3f93d, from Git commit c0f3cf142 before 08c3f93d. | ||||
| CVE-2026-52751 | 1 Nsa | 1 Ghidra | 2026-06-10 | 8.8 High |
| Ghidra before 12.1 contains an unsafe deserialization vulnerability in client-side Shared-Project RMI connection code that allows unauthenticated remote code execution. Attackers can craft a malicious project file with a ghidra:// URL that, when opened via File → Open Project, deserializes untrusted objects using a Jython 2.7.4 gadget chain to execute arbitrary commands. | ||||
| CVE-2026-52759 | 1 Nsa | 1 Ghidra | 2026-06-10 | 5.5 Medium |
| Ghidra before 12.1.1 contains an uncontrolled memory allocation vulnerability in the Mach-O binary parser that allows attackers to cause denial of service. An attacker can supply a crafted Mach-O binary with an arbitrarily large ncmds load command count value, forcing the parser to allocate excessive heap memory without validating file size, crashing the Ghidra JVM. | ||||
| CVE-2026-53441 | 1 Jenkins Project | 1 Jenkins | 2026-06-10 | N/A |
| Jenkins 2.483 through 2.567 (both inclusive), LTS 2.492.1 through 2.555.2 (both inclusive) does not escape the user-provided description of a generic offline cause that could be set through the `POST config.xml` API, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Agent/Configure permission. | ||||
| CVE-2026-9758 | 1 Systerel | 1 S2opc | 2026-06-10 | 7.3 High |
| Improper comparison with the certificates trusted list in S2OPC allows an attacker well-formed untrusted certificate to be considered trusted | ||||
| CVE-2026-29114 | 1 Dahua | 1 Ipc | 2026-06-10 | N/A |
| A vulnerability has been found in some Dahua products. An attacker may obtain the device’s CA root certificate. If that CA is installed and trusted on client systems, the attacker could issue fraudulent certificates trusted by those clients and undermine the certificate trust chain. | ||||
| CVE-2026-29115 | 1 Dahua | 1 Ipc | 2026-06-10 | N/A |
| A vulnerability has been found in some Dahua products could allow an authenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service. | ||||
| CVE-2026-29116 | 1 Dahua | 1 Ipc/sd/nvr/xvr/evs/vto/vth/asi/tpc | 2026-06-10 | N/A |
| A vulnerability has been found in some Dahua products could allow an unauthenticated remote attacker to send a specially crafted packet, triggering an exception that causes the system to reboot unexpectedly, resulting in a denial of service. | ||||
| CVE-2026-45500 | 1 Microsoft | 7 Exchange Server 2016, Exchange Server 2019, Exchange Server Se and 4 more | 2026-06-10 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||