Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43243 1 Microsoft 1 Vp9 Video Extensions 2026-05-28 5.5 Medium
VP9 Video Extensions Information Disclosure Vulnerability
CVE-2020-15368 1 Asrock 2 Rgb Driver, Rgb Driver Firmware 2026-05-28 6.1 Medium
AsrDrv103.sys in the ASRock RGB Driver does not properly restrict access from user space, as demonstrated by triggering a triple fault via a request to zero CR3.
CVE-2026-48896 1 Joomla 1 Joomla\! 2026-05-28 7.5 High
Insufficient state checks lead to a vector that allows to bypass 2FA checks.
CVE-2021-31946 1 Microsoft 1 Paint 3d 2026-05-28 7.8 High
Paint 3D Remote Code Execution Vulnerability
CVE-2021-26701 3 Fedoraproject, Microsoft, Redhat 8 Fedora, .net, .net Core and 5 more 2026-05-28 8.1 High
.NET Core Remote Code Execution Vulnerability
CVE-2023-28531 2 Netapp, Openbsd 4 Brocade Fabric Operating System, Hci Bootstrap Os, Solidfire Element Os and 1 more 2026-05-28 9.8 Critical
ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.
CVE-2019-11068 8 Canonical, Debian, Fedoraproject and 5 more 23 Ubuntu Linux, Debian Linux, Fedora and 20 more 2026-05-28 9.8 Critical
libxslt through 1.1.33 allows bypass of a protection mechanism because callers of xsltCheckRead and xsltCheckWrite permit access even upon receiving a -1 error code. xsltCheckRead can return -1 for a crafted URL that is not actually invalid and is subsequently loaded.
CVE-2026-35223 1 Joomla 2 Joomla!, Joomla\! 2026-05-28 9.8 Critical
An improper access check allows unauthorized access to com_config webservice endpoints.
CVE-2023-51384 2 Debian, Openbsd 2 Debian Linux, Openssh 2026-05-28 5.5 Medium
In ssh-agent in OpenSSH before 9.6, certain destination constraints can be incompletely applied. When destination constraints are specified during addition of PKCS#11-hosted private keys, these constraints are only applied to the first key, even if a PKCS#11 token returns multiple keys.
CVE-2026-34531 1 Miguelgrinberg 1 Flask-httpauth 2026-05-28 6.5 Medium
Flask-HTTPAuth provides Basic, Digest and Token HTTP authentication for Flask routes. Prior to version 4.8.1, in a situation where the client makes a request to a token protected resource without passing a token, or passing an empty token, Flask-HTTPAuth would invoke the application's token verification callback function with the token argument set to an empty string. If the application had any users in its database with an empty string set as their token, then it could potentially authenticate the client request against any of those users. This issue has been patched in version 4.8.1.
CVE-1999-0524 11 Apple, Cisco, Hp and 8 more 14 Mac Os X, Macos, Ios and 11 more 2026-05-28 4 Medium
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
CVE-2023-28260 1 Microsoft 4 .net, Powershell, Visual Studio and 1 more 2026-05-28 7.8 High
.NET DLL Hijacking Remote Code Execution Vulnerability
CVE-2023-21968 4 Debian, Netapp, Oracle and 1 more 17 Debian Linux, 7-mode Transition Tool, Brocade San Navigator and 14 more 2026-05-28 3.7 Low
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 8u361, 8u361-perf, 11.0.18, 17.0.6, 20; Oracle GraalVM Enterprise Edition: 20.3.9, 21.3.5 and 22.3.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability can also be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2017-13165 1 Google 1 Android 2026-05-28 5.3 Medium
An elevation of privilege vulnerability in the kernel file system. Product: Android. Versions: Android kernel. Android ID A-31269937.
CVE-2023-21830 3 Azul, Oracle, Redhat 12 Zulu, Communications Unified Assurance, Graalvm and 9 more 2026-05-28 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Serialization). Supported versions that are affected are Oracle Java SE: 8u351, 8u351-perf; Oracle GraalVM Enterprise Edition: 20.3.8 and 21.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N).
CVE-2023-21835 3 Azul, Oracle, Redhat 10 Zulu, Graalvm, Jdk and 7 more 2026-05-28 5.3 Medium
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Supported versions that are affected are Oracle Java SE: 11.0.17, 17.0.5, 19.0.1; Oracle GraalVM Enterprise Edition: 20.3.8, 21.3.4 and 22.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via DTLS to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Java SE, Oracle GraalVM Enterprise Edition. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).
CVE-2024-54508 2 Apple, Redhat 13 Ipados, Iphone Os, Macos and 10 more 2026-05-28 6.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.6, macOS Sequoia 15.2, tvOS 18.2, visionOS 2.2, watchOS 11.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-23303 1 Linux 1 Linux Kernel 2026-05-28 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log to avoid exposing credentials.
CVE-2026-23307 1 Linux 1 Linux Kernel 2026-05-28 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): check the proper length of a message When looking at the data in a USB urb, the actual_length is the size of the buffer passed to the driver, not the transfer_buffer_length which is set by the driver as the max size of the buffer. When parsing the messages in ems_usb_read_bulk_callback() properly check the size both at the beginning of parsing the message to make sure it is big enough for the expected structure, and at the end of the message to make sure we don't overflow past the end of the buffer for the next message.
CVE-2026-32201 1 Microsoft 4 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 and 1 more 2026-05-28 6.5 Medium
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.