Export limit exceeded: 349269 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349269 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26164 | 1 Microsoft | 2 365 Copilot Business Chat, 365 Copilot Chat | 2026-05-08 | 7.5 High |
| Improper neutralization of special elements in output used by a downstream component ('injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42087 | 1 Openc3 | 1 Cosmos | 2026-05-08 | 9.6 Critical |
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. From version 6.7.0 to before version 7.0.0-rc3, a SQL injection vulnerability exists in the Time-Series Database (TSDB) component of COSMOS. The tsdb_lookup function in the cvt_model.rb file directly places user-supplied input into a SQL query without sanitizing the input. As a result, a user can break out of the initial SQL statement and execute arbitrary SQL commands, including deleting data. This issue has been patched in version 7.0.0-rc3. | ||||
| CVE-2024-46507 | 1 Yeti-platform | 1 Yeti | 2026-05-08 | 7.3 High |
| A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server. | ||||
| CVE-2013-10075 | 1 Chorny | 1 Apache\ | 2026-05-08 | 9.1 Critical |
| Apache::Session versions through 1.94 for Perl re-creates deleted sessions. The session stores Apache::Session::Store::File and Apache::Session::Store::DB_File will create a session that does not exist. This can lead to sessions being revived, potentially with data that was to be deleted. | ||||
| CVE-2026-42826 | 1 Microsoft | 1 Azure Devops | 2026-05-08 | 10 Critical |
| Exposure of sensitive information to an unauthorized actor in Azure DevOps allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42189 | 2026-05-08 | 7.5 High | ||
| Russh is a Rust SSH client & server library. Prior to version 0.60.1, a pre-authentication denial-of-service vulnerability exists in the server's keyboard-interactive authentication handler. A malicious client can crash any russh-based server that implements keyboard-interactive auth (e.g., for 2FA/TOTP) with a single malformed packet, requiring no credentials. This issue has been patched in version 0.60.1. | ||||
| CVE-2026-41105 | 1 Microsoft | 1 Azure Monitor Action Group Notification System | 2026-05-08 | 8.1 High |
| Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-33109 | 1 Microsoft | 1 Azure Managed Instance For Apache Cassandra | 2026-05-08 | 9.9 Critical |
| Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-32803 | 1 Dell | 1 Powerscale Onefs | 2026-05-08 | 3.3 Low |
| Dell PowerScale OneFS versions 9.5.0.0 through 9.5.1.6, 9.6.0.0 through 9.7.1.13, 9.8.0.0 through 9.10.1.5 and 9.11.0.0 through 9.12.0.1 contains an Insufficient Logging vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information tampering. | ||||
| CVE-2026-42160 | 2026-05-08 | N/A | ||
| Data Space Portal is an open-source Software as a Service (SaaS) solution designed to streamline Dataspace management. From version 2.1.1 to before version 7.3.2, there is insufficient authorization in the dataspace-portal backend regarding self-registered "PENDING" organization / user accounts. This issue has been patched in version 7.3.2. | ||||
| CVE-2026-41570 | 2 Phpunit Project, Sebastianbergmann | 2 Phpunit, Phpunit | 2026-05-08 | 7.8 High |
| PHPUnit is a testing framework for PHP. In versions 12.5.21 and 13.1.5, PHPUnit forwards PHP INI settings to child processes (used for isolated/PHPT test execution) as -d name=value command-line arguments without neutralizing INI metacharacters. Because PHP's INI parser interprets " as a string delimiter, ; as the start of a comment, and most importantly a newline as a directive separator, a value containing a newline is parsed by the child process as multiple INI directives. An attacker able to influence a single INI value can therefore inject arbitrary additional directives into the child's configuration, including auto_prepend_file, extension, disable_functions, open_basedir, and others. Setting auto_prepend_file to an attacker-controlled path yields remote code execution in the child process. This issue has been patched in versions 12.5.22 and 13.1.6. | ||||
| CVE-2026-43111 | 1 Linux | 1 Linux Kernel | 2026-05-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: HID: roccat: fix use-after-free in roccat_report_event roccat_report_event() iterates over the device->readers list without holding the readers_lock. This allows a concurrent roccat_release() to remove and free a reader while it's still being accessed, leading to a use-after-free. Protect the readers list traversal with the readers_lock mutex. | ||||
| CVE-2026-43091 | 1 Linux | 1 Linux Kernel | 2026-05-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: xfrm: Wait for RCU readers during policy netns exit xfrm_policy_fini() frees the policy_bydst hash tables after flushing the policy work items and deleting all policies, but it does not wait for concurrent RCU readers to leave their read-side critical sections first. The policy_bydst tables are published via rcu_assign_pointer() and are looked up through rcu_dereference_check(), so netns teardown must also wait for an RCU grace period before freeing the table memory. Fix this by adding synchronize_rcu() before freeing the policy hash tables. | ||||
| CVE-2026-43125 | 1 Linux | 1 Linux Kernel | 2026-05-08 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: dlm: validate length in dlm_search_rsb_tree The len parameter in dlm_dump_rsb_name() is not validated and comes from network messages. When it exceeds DLM_RESNAME_MAXLEN, it can cause out-of-bounds write in dlm_search_rsb_tree(). Add length validation to prevent potential buffer overflow. | ||||
| CVE-2026-33811 | 2026-05-08 | 7.5 High | ||
| When using LookupCNAME with the cgo DNS resolver, a very long CNAME response can trigger a double-free of C memory and a crash. | ||||
| CVE-2026-29972 | 2026-05-08 | 8.2 High | ||
| nanoMODBUS through v1.22.0 has a stack-based buffer overflow in recv_read_registers_res() in nanomodbus.c. When a client calls nmbs_read_holding_registers() or nmbs_read_input_registers(), the library writes register data from the server response to the caller-provided buffer based on the response's byte_count field before validating that byte_count matches the requested quantity. A malicious Modbus TCP server can send a response with byte_count=250 (125 registers) regardless of the requested quantity, causing up to 248 bytes of attacker-controlled data to overflow the buffer, potentially allowing remote code execution. | ||||
| CVE-2026-29974 | 2026-05-08 | 7.5 High | ||
| An issue was discovered in kosma minmea 0.3.0. The minmea_scan functions format specifier copies NMEA field data to a caller-provided buffer without a size parameter. Applications using minmea_scan on untrusted input are vulnerable to a stack buffer overflow. | ||||
| CVE-2026-38360 | 2026-05-08 | 9.8 Critical | ||
| Directory Traversal vulnerability in fohrloop dash-uploader v.0.1.0 through v.0.7.0a2 allows a remote attacker to execute arbitrary code via the dash_uploader/httprequesthandler.py, aseHttpRequestHandler.get_temp_root(), BaseHttpRequestHandler._post() components | ||||
| CVE-2026-43431 | 1 Linux | 1 Linux Kernel | 2026-05-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: xhci: Fix NULL pointer dereference when reading portli debugfs files Michal reported and debgged a NULL pointer dereference bug in the recently added portli debugfs files Oops is caused when there are more port registers counted in xhci->max_ports than ports reported by Supported Protocol capabilities. This is possible if max_ports is more than maximum port number, or if there are gaps between ports of different speeds the 'Supported Protocol' capabilities. In such cases port->rhub will be NULL so we can't reach xhci behind it. Add an explicit NULL check for this case, and print portli in hex without dereferencing port->rhub. | ||||
| CVE-2026-43432 | 1 Linux | 1 Linux Kernel | 2026-05-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Fix memory leak in xhci_disable_slot() xhci_alloc_command() allocates a command structure and, when the second argument is true, also allocates a completion structure. Currently, the error handling path in xhci_disable_slot() only frees the command structure using kfree(), causing the completion structure to leak. Use xhci_free_command() instead of kfree(). xhci_free_command() correctly frees both the command structure and the associated completion structure. Since the command structure is allocated with zero-initialization, command->in_ctx is NULL and will not be erroneously freed by xhci_free_command(). This bug was found using an experimental static analysis tool we are developing. The tool is based on the LLVM framework and is specifically designed to detect memory management issues. It is currently under active development and not yet publicly available, but we plan to open-source it after our research is published. The bug was originally detected on v6.13-rc1 using our static analysis tool, and we have verified that the issue persists in the latest mainline kernel. We performed build testing on x86_64 with allyesconfig using GCC=11.4.0. Since triggering these error paths in xhci_disable_slot() requires specific hardware conditions or abnormal state, we were unable to construct a test case to reliably trigger these specific error paths at runtime. | ||||