Export limit exceeded: 351886 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351886 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3592 | 1 Isc | 1 Bind | 2026-05-20 | 5.3 Medium |
| BIND resolvers are vulnerable to an amplified resource consumption/exhaustion attack. If a victim resolver makes a query to a specially crafted zone, the resolver will consume disproportionate resources. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.48, 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, 9.11.3-S1 through 9.16.50-S1, 9.18.11-S1 through 9.18.48-S1, and 9.20.9-S1 through 9.20.22-S1. | ||||
| CVE-2026-3593 | 1 Isc | 1 Bind | 2026-05-20 | 7.4 High |
| A use-after-free vulnerability exists within the DNS-over-HTTPS implementation. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.0 through 9.18.48 and 9.18.11-S1 through 9.18.48-S1 are NOT affected. | ||||
| CVE-2026-5947 | 1 Isc | 1 Bind | 2026-05-20 | 7.5 High |
| Undefined behavior may result due to a race condition leading to a use-after-free violation. If BIND receives an incoming DNS message signed with SIG(0), it begins work to validate that signature. If, during that validation, the "recursive-clients" limit is reached (as would occur during a query flood), and that same DNS message is discarded per the limit, there is a brief window of time while the SIG(0) validation may attempt to read the now-discarded DNS message. This issue affects BIND 9 versions 9.20.0 through 9.20.22, 9.21.0 through 9.21.21, and 9.20.9-S1 through 9.20.22-S1. BIND 9 versions 9.18.28 through 9.18.49 and 9.18.28-S1 through 9.18.49-S1 are NOT affected. | ||||
| CVE-2024-36343 | 1 Amd | 17 Epyc 4004, Epyc 4005, Ryzen 6000 Series Processors With Radeon Graphics and 14 more | 2026-05-20 | N/A |
| Improper input validation in the System Management Mode (SMM) communications buffer could allow a privileged attacker to perform an out of bounds read or write to a limited section of the Top of Memory Segment (TSEG) memory region, potentially resulting in loss of confidentiality or integrity. | ||||
| CVE-2023-5983 | 1 Botanikyazilim | 1 Pharmacy Automation | 2026-05-20 | 7.5 High |
| Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Botanik Software Pharmacy Automation allows Retrieve Embedded Sensitive Data. This issue affects Pharmacy Automation: before 2.1.133.0. | ||||
| CVE-2026-6068 | 1 Nasm | 2 Nasm, Netwide Assembler | 2026-05-20 | 6.5 Medium |
| NASM contains a heap use after free vulnerability in response file (-@) processing where a dangling pointer to freed memory is stored in the global depend_file and later dereferenced, as the response-file buffer is freed before the pointer is used, allowing for data corruption or remote code execution. | ||||
| CVE-2026-6844 | 2 Gnu, Redhat | 6 Binutils, Enterprise Linux, Hardened Images and 3 more | 2026-05-20 | 5.5 Medium |
| A flaw was found in the `readelf` utility of the binutils package. A local attacker could exploit two Denial of Service (DoS) vulnerabilities by providing a specially crafted Executable and Linkable Format (ELF) file. One vulnerability, a resource exhaustion (CWE-400), can lead to an out-of-memory condition. The other, a null pointer dereference (CWE-476), can cause a segmentation fault. Both issues can result in the `readelf` utility becoming unresponsive or crashing, leading to a denial of service. | ||||
| CVE-2023-5989 | 1 Uyumsoft | 1 Lioxerp | 2026-05-20 | 6.1 Medium |
| An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uyumsoft Information System and Technologies' LioXERP allows an authenticated user to execute Stored XSS. This issue affects LioXERP: before v.146. | ||||
| CVE-2026-6845 | 2 Gnu, Redhat | 6 Binutils, Enterprise Linux, Hardened Images and 3 more | 2026-05-20 | 5 Medium |
| A flaw was found in binutils, specifically within the `readelf` utility. This vulnerability allows a local attacker to cause a Denial of Service (DoS) by tricking a user into processing a specially crafted Executable and Linkable Format (ELF) file. The exploitation of this flaw can lead to the system becoming unresponsive due to excessive resource consumption or a program crash. | ||||
| CVE-2026-43617 | 1 Rsync Project | 1 Rsync | 2026-05-20 | 4.8 Medium |
| Rsync version 3.4.2 and prior contain an authorization bypass vulnerability in the rsync daemon's hostname-based access control list enforcement when configured with chroot. Attackers can bypass hostname-based deny rules by controlling the PTR record for their source IP address, allowing connections from hostnames that administrators intended to deny when reverse DNS resolution fails and defaults to UNKNOWN. | ||||
| CVE-2023-6011 | 1 Dece | 1 Geodi | 2026-05-20 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DECE Software Geodi allows Stored XSS. This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2026-35070 | 1 Dell | 1 Smartfabric Storage Software | 2026-05-20 | 6.4 Medium |
| Dell SmartFabric Storage Software, versions prior to 1.4.5, contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | ||||
| CVE-2023-5921 | 1 Decesoftware | 1 Geodi | 2026-05-20 | 7.1 High |
| Improper Enforcement of Behavioral Workflow vulnerability in DECE Software Geodi allows Functionality Bypass. This issue affects Geodi: before 8.0.0.27396. | ||||
| CVE-2026-6452 | 2 Ktulhu, Wordpress | 2 Bigfishgames Syndicate, Wordpress | 2026-05-20 | 4.3 Medium |
| The Bigfishgames Syndicate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the bigfishgames_syndicate_submenu() function. This makes it possible for unauthenticated attackers to reset plugin settings and update them via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-8423 | 2 Javibola, Wordpress | 2 Javibola Custom Theme Test, Wordpress | 2026-05-20 | 4.3 Medium |
| The JaviBola Custom Theme Test plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the options page. This makes it possible for unauthenticated attackers to change the site's active theme by modifying the jbct_theme option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6118 | 1 Neutron | 34 Ipc2224-sr3-npf-36, Ipc2224-sr3-npf-36 Firmware, Ipc2624-sr3-npf-36 and 31 more | 2026-05-20 | 7.5 High |
| Path Traversal: '/../filedir' vulnerability in Neutron IP Camera allows Absolute Path Traversal. This issue affects IP Camera: before b1130.1.0.1. | ||||
| CVE-2023-6122 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2026-05-20 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Gelişmiş C2C Pazaryeri Yazılımı allows Reflected XSS. This issue affects Softomi Gelişmiş C2C Pazaryeri Yazılımı: before 12122023. | ||||
| CVE-2026-6846 | 3 Gnu, Iputils, Redhat | 7 Binutils, Iputils, Enterprise Linux and 4 more | 2026-05-20 | 7.8 High |
| A flaw was found in binutils. A heap-buffer-overflow vulnerability exists when processing a specially crafted XCOFF (Extended Common Object File Format) object file during linking. A local attacker could trick a user into processing this malicious file, which could lead to arbitrary code execution, allowing the attacker to run unauthorized commands, or cause a denial of service, making the system unavailable. | ||||
| CVE-2023-6145 | 1 Softomi | 1 Advanced C2c Marketplace Software | 2026-05-20 | 9.8 Critical |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in İstanbul Soft Informatics and Consultancy Limited Company Softomi Advanced C2C Marketplace Software allows SQL Injection. This issue affects Softomi Advanced C2C Marketplace Software: before 12122023. | ||||
| CVE-2023-6150 | 1 Eskom | 1 E-belediye | 2026-05-20 | 7.5 High |
| Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105. | ||||