Search Results (45836 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-52722 1 Redhat 1 Enterprise Linux 2026-06-15 7.1 High
A signed integer overflow vulnerability was found in GStreamer's VMnc decoder. A crafted VMnc stream with large cursor dimensions can overflow signed integer payload-size arithmetic, bypassing a length check and leading to out-of-bounds reads. A remote attacker could trick a user into opening a specially crafted VMnc file, potentially causing a crash or information disclosure.
CVE-2026-12200 1 Ritlabs 1 Tinyweb Server 2026-06-15 7.3 High
A security vulnerability has been detected in Ritlabs TinyWeb Server up to 1.94 on Win32. This impacts an unknown function in the library libeay32.dll.html of the component Header Handler. The manipulation of the argument Authorization leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-52721 1 Redhat 1 Enterprise Linux 2026-06-15 5.3 Medium
Multiple out-of-bounds read vulnerabilities were found in GStreamer's pcapparse element. Malformed PCAP records can trigger reads beyond buffer boundaries during IPv4/TCP header parsing. This element is primarily used in debugging pipelines, limiting real-world exposure. A local attacker could trick a user into processing a specially crafted PCAP file, potentially leading to a crash or information disclosure.
CVE-2026-52720 1 Redhat 1 Enterprise Linux 2026-06-15 8.8 High
A heap buffer overflow vulnerability was found in GStreamer's librfb (RFB/VNC client). The rectangle bounds check incorrectly validates area rather than individual dimensions, allowing a malicious VNC server to send a rectangle that extends beyond the framebuffer. A remote attacker could set up a malicious VNC server and trick a user into connecting, resulting in an out-of-bounds heap write that could lead to code execution or a crash.
CVE-2026-12192 1 Galayou 1 Y4 2026-06-15 8.8 High
A vulnerability was determined in GALAYOU Y4 1.0.0. Impacted is an unknown function of the component Web Server. This manipulation causes buffer overflow. The attack is only possible within the local network. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-12208 1 Jsonata-js 1 Jsonata 2026-06-15 5.3 Medium
A weakness has been identified in jsonata-js jsonata up to 2.2.0. The affected element is the function createFrame of the file src/jsonata.js of the component Function Binding Frame System. This manipulation causes improperly controlled modification of object prototype attributes. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-12220 1 Yealink 1 Sip-t46u 2026-06-15 8 High
A vulnerability has been found in Yealink SIP-T46U 108.86.0.118. This affects the function mod_upgrade.SparePartsUpload of the file /api/upgrade/accupgradebychunk of the component Firmware Chunk Upload handler. Such manipulation of the argument uid leads to stack-based buffer overflow. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-45441 2026-06-15 7.5 High
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
CVE-2026-42992 1 Microsoft 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more 2026-06-15 7.5 High
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42993 1 Microsoft 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more 2026-06-15 7.5 High
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-44799 1 Microsoft 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more 2026-06-15 7.5 High
Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network.
CVE-2026-42980 1 Microsoft 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more 2026-06-15 7.8 High
Integer underflow (wrap or wraparound) in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally.
CVE-2026-45593 1 Microsoft 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more 2026-06-15 7.8 High
Use after free in Windows SDK allows an authorized attacker to elevate privileges locally.
CVE-2025-25006 1 Microsoft 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more 2026-06-15 5.3 Medium
Improper handling of additional special element in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-25007 1 Microsoft 5 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 2 more 2026-06-15 5.3 Medium
Improper validation of syntactic correctness of input in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-59249 1 Microsoft 7 Exchange, Exchange Server, Exchange Server 2016 and 4 more 2026-06-15 8.8 High
Weak authentication in Microsoft Exchange Server allows an authorized attacker to elevate privileges over a network.
CVE-2026-21527 1 Microsoft 9 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 6 more 2026-06-15 6.5 Medium
User interface (ui) misrepresentation of critical information in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network.
CVE-2026-11290 1 Google 2 Android, Chrome 2026-06-15 5 Medium
Integer overflow in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a local attacker to cause a denial of service via a malicious file. (Chromium security severity: Low)
CVE-2018-1273 4 Apache, Broadcom, Oracle and 1 more 4 Ignite, Spring Data Commons, Financial Services Crime And Compliance Management Studio and 1 more 2026-06-15 9.8 Critical
Spring Data Commons, versions prior to 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property binder vulnerability caused by improper neutralization of special elements. An unauthenticated remote malicious user (or attacker) can supply specially crafted request parameters against Spring Data REST backed HTTP resources or using Spring Data's projection-based request payload binding hat can lead to a remote code execution attack.
CVE-2018-1274 2 Broadcom, Pivotal Software 2 Spring Data Commons, Spring Data Rest 2026-06-15 7.5 High
Spring Data Commons, versions 1.13 to 1.13.10, 2.0 to 2.0.5, and older unsupported versions, contain a property path parser vulnerability caused by unlimited resource allocation. An unauthenticated remote malicious user (or attacker) can issue requests against Spring Data REST endpoints or endpoints using property path parsing which can cause a denial of service (CPU and memory consumption).