Search Results (45960 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-0409 1 Netgear 1 Orbi 370 2026-06-10 N/A
A NETGEAR security issue that could allow an attacker with ability to intercept and tamper with traffic between the router and the Internet to run commands on your device when the device administrator performs certain specific management actions. This issue affects NETGEAR Orbi 370 series devices before V12.1.2.7.
CVE-2026-30141 1 Bitbank2 1 Animatedgif 2026-06-10 9.8 Critical
An issue was discovered in bitbank2 AnimatedGIF v2.2.0. A buffer overflow in the DecodeLZW function allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via a crafted GIF file.
CVE-2026-36771 1 Tenda 1 W3 Wireless Router 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W3 Wireless Router v1.0.0.3(2204) was discovered to contain a stack overflow in the wl_radio parameter of the formwrlSSIDset function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2026-36805 1 Tenda 1 G0 2026-06-10 N/A
Shenzhen Tenda Technology Co., Ltd Tenda G0 v15.11.0.5 was discovered to contain multiple buffer overflows in the Saveqqlist function via the qqStr and markStr parameters. These vulnerabilities allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-36819 1 Tenda 1 W20e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the bindMACAddr parameter of the fromSetDhcpRules function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2026-36822 1 Tenda 1 W20e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the macAddr parameter of the formDelStaState function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.
CVE-2023-29146 1 Malwarebytes 1 Endpoint Detection And Response 2026-06-10 8.2 High
The utility functions used by Malwarebytes EDR 1.0.11 on Linux for calculating a cryptographic hash of data bytes truncate the hashed data if it exceeds 4GB. This leads to an integer wrap-around if the data is larger than the maximum unsigned integer value (32-bit). Attackers could create a colliding hash value for two different strings by attaching 4GB of data to a string that is less than 4GB in size.
CVE-2026-36770 1 Tenda 1 Us W3v1.0br 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda US_W3V1.0BR v1.0.0.3 was discovered to contain a stack overflow in the Go parameter of the ask_to_reboot function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input.
CVE-2025-54509 1 Amd 6 Epyc 8004 Series Processors, Epyc 9004 Series Processors, Epyc 9005 Series Processors and 3 more 2026-06-10 N/A
Improper access control for register interface in the input-output memory management unit (IOMMU) could allow a privileged attacker to cause non-coherent accesses by the AMD secure processor (ASP) potentially resulting in loss of integrity.
CVE-2026-44803 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-44812 1 Microsoft 29 Excel, Powerpoint, Windows 10 1607 and 26 more 2026-06-10 7.8 High
Integer overflow or wraparound in Windows Win32K - GRFX allows an unauthorized attacker to execute code locally.
CVE-2026-41116 1 Dell 1 Inventory Collector 2026-06-10 6.3 Medium
Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access ('Link Following') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write.
CVE-2025-71316 1 Sqlite 1 Sqlite 2026-06-10 9.8 Critical
SQLite 'sqldiff.exe' does not securely handle the way the Microsoft Windows C runtime converts Unicode characters to ANSI codepages. An attacker could use the '-L' option to load an arbitrary DLL with a crafted command line argument string that results in command line file arguments being misinterpreted as command line options. Fixed on or around 2025-12-26.
CVE-2026-11640 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 8.3 High
Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical)
CVE-2026-11655 2 Apple, Google 2 Macos, Chrome 2026-06-10 8.3 High
Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11659 2 Google, Linux 2 Chrome, Linux Kernel 2026-06-10 9.6 Critical
Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11697 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 9.6 Critical
Insufficient validation of untrusted input in UI in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11667 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-10 7.5 High
Out of bounds read in WebRTC in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the GPU process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2026-47926 1 Adobe 1 Acrobat Reader 2026-06-10 5.5 Medium
Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-36821 1 Tenda 1 W20e 2026-06-10 7.5 High
Shenzhen Tenda Technology Co., Ltd Tenda W20E v15.11.0.6 was discovered to contain a buffer overflow in the picCropName parameter of the formCropAndSetWewifiPic function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request.