Export limit exceeded: 357175 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357175 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44819 | 1 Microsoft | 11 365 Apps, Office 2016, Office 2019 and 8 more | 2026-06-09 | 7.8 High |
| Heap-based buffer overflow in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-46261 | 1 Linux | 1 Linux Kernel | 2026-06-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: spi: wpcm-fiu: Fix potential NULL pointer dereference in wpcm_fiu_probe() platform_get_resource_byname() can return NULL, which would cause a crash when passed the pointer to resource_size(). Move the fiu->memory_size assignment after the error check for devm_ioremap_resource() to prevent the potential NULL pointer dereference. | ||||
| CVE-2026-42570 | 1 Svelte | 1 Devalue | 2026-06-09 | 7.5 High |
| Svelte devalue is a JavaScript library that serializes values into strings when JSON.stringify isn't sufficient for the job. From version 5.6.3 to before version 5.8.1, devalue.parse could, due to quirks in some JavaScript engines, be convinced to allocate much more memory than was needed when deserializing sparse arrays, leading to excessive memory consumption. This issue has been patched in version 5.8.1. | ||||
| CVE-2026-42573 | 1 Svelte | 1 Svelte | 2026-06-09 | N/A |
| Svelte is a performance oriented web framework. Prior to version 5.55.7, Svelte was vulnerable to DOM clobbering of its internal framework state on elements, potentially leading to XSS attacks. This issue has been patched in version 5.55.7. | ||||
| CVE-2026-42567 | 1 Svelte | 1 Svelte | 2026-06-09 | N/A |
| Svelte is a performance oriented web framework. From version 5.51.5 to before version 5.55.7, an internal regex in the Svelte runtime can take exponential time to test in <svelte:element this={tag}></svelte:element>. This issue has been patched in version 5.55.7. | ||||
| CVE-2026-42599 | 1 Svelte | 1 Svelte | 2026-06-09 | N/A |
| Svelte is a performance oriented web framework. Prior to version 5.55.7, when using spread syntax to render attributes from untrusted data, event handler properties are included in the rendered HTML output. If an application spreads user-controlled or external data as element attributes, an attacker can inject malicious event handlers that execute in victims' browsers. Note that this vulnerability only triggers if the user's browser has JavaScript enabled but Svelte's hydration mechanism does not reach the vulnerable element before the event fires. This issue has been patched in version 5.55.7. | ||||
| CVE-2026-42836 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-09 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Function Discovery Service (fdwsd.dll) allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42903 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-09 | 6.5 Medium |
| Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-42906 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-09 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42907 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-09 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42911 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-09 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42968 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-09 | 5.5 Medium |
| Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42971 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-09 | 5.5 Medium |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42973 | 1 Microsoft | 21 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 18 more | 2026-06-09 | 5.5 Medium |
| Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-42981 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-06-09 | 8.1 High |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42974 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-06-09 | 8.1 High |
| Integer underflow (wrap or wraparound) in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44807 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-06-09 | 7.8 High |
| Use after free in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44801 | 1 Microsoft | 28 Remote Desktop, Windows 10 1607, Windows 10 1809 and 25 more | 2026-06-09 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42993 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-09 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-46262 | 1 Linux | 1 Linux Kernel | 2026-06-09 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl_xcvr: Revert fix missing lock in fsl_xcvr_mode_put() This reverts commit f51424872760 ("ASoC: fsl_xcvr: fix missing lock in fsl_xcvr_mode_put()"). The original patch attempted to acquire the card->controls_rwsem lock in fsl_xcvr_mode_put(). However, this function is called from the upper ALSA core function snd_ctl_elem_write(), which already holds the write lock on controls_rwsem for the whole put operation. So there is no need to simply hold the lock for fsl_xcvr_activate_ctl() again. Acquiring the read lock while holding the write lock in the same thread results in a deadlock and a hung task, as reported by Alexander Stein. | ||||