Export limit exceeded: 355727 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355727 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40290 | 1 Linaro | 1 Op-tee | 2026-06-04 | 7.8 High |
| OP-TEE is a Trusted Execution Environment (TEE) designed as companion to a non-secure Linux kernel running on Arm; Cortex-A cores using the TrustZone technology. Starting in version 3.16.0 and prior to 4.11.0, a user-after-free (UAF) race condition exists in the shared memory teardown logic of FF-A within OP-TEE SPMC/SP flows. This only applies when OP-TEE is configured as an SPMC for S-EL0 SPs, that is, with `CFG_SECURE_PARTITION=y`. The function `sp_mem_remove()`, responsible for freeing entries in `smem->receivers` and `smem->regions`, fails to acquire the global `sp_mem_lock` before performing the `free()` operations. Concurrently, other code paths, such as `sp_mem_get_receiver()`, iterate over these same lists without holding a lock, or, like `sp_mem_is_shared()`, iterate while holding the lock but are not serialized against the unprotected `free()` in `sp_mem_remove()`. This creates a cross-thread race where a thread iterating the list can acquire a pointer to an entry (e.g., `struct sp_mem_map_region` or `struct sp_mem_receiver`), and then another thread calls `sp_mem_remove()`, freeing the object. When the first thread resumes and dereferences the pointer, it results in a Use-After-Free vulnerability. Version 4.11.0 fixes the issue. | ||||
| CVE-2026-42211 | 2 Remix-run, Shopify | 2 React-router, React-router | 2026-06-04 | 8.1 High |
| React Router is a router for React. In versions 7.0.0 through 7.14.1, when using Framework Mode, a combination of steps could potentially allow unauthorized remote code execution (RCE) through external requests. This attack requires the application code to have an existing prototype pollution vulnerability, which can then be leveraged in a 2-step attack where the second step triggers unauthorized RCE on the remote server. This does not impact applications using Declarative Mode (`<BrowserRouter>`) or Data Mode (`createBrowserRouter/<RouterProvider>`). This is patched in version 7.14.2. | ||||
| CVE-2026-26378 | 2 Koha, Koha-community | 2 Koha, Koha | 2026-06-04 | 5.4 Medium |
| Cross Site Scripting vulnerability in Koha 25.11 and before allows a remote attacker to execute arbitrary code via file upload function in Invoice features | ||||
| CVE-2026-40181 | 2 Remix-run, Shopify | 2 React-router, React-router | 2026-06-04 | 6.1 Medium |
| React Router is a router for React. In versions 7.0.0 through 7.14.0 and 6.7.0 through 6.30.3, certain URLs passed to the redirect function can trigger an open redirect to an external domain due to path values starting with // being reinterpreted as protocol-relative URLs. The level of impact depends on the validation done by the application prior to returning the redirect. This does not impact applications using Declarative Mode (<BrowserRouter>). This is patched in versions 7.14.1 and 6.30.4. | ||||
| CVE-2026-34077 | 3 Remix-run, Shopify, Turbo-stream | 4 React-router, Turbo-stream, React-router and 1 more | 2026-06-04 | 7.5 High |
| React Router is a router for React. In versions 7.7.0 through 7.13.1, when using React Router's unstable React Server Components (RSC) APIs, there is a potential client-side Cross-Site Scripting (XSS) vulnerability in the RSC redirect handling if redirects come from untrusted sources. This does not impact applications that are not using the unstable RSC APIs in React Router. This is patched in version 7.13.2. | ||||
| CVE-2026-45022 | 2 Go-git, Go-git Project | 2 Go-git, Go-git | 2026-06-04 | 7.5 High |
| go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alpha.3, go-git may parse malformed Git objects in a way that differs from upstream Git. When commit or tag objects contain ambiguous or malformed headers, go-git’s decoded representation may expose values differently from how Git itself would interpret or reject the same object. Additionally, go-git’s commit signing and verification logic operates over commit data reconstructed from go-git’s parsed representation rather than the original raw object bytes. As a result, go-git may sign or verify a commit payload that is not byte-for-byte equivalent to the object stored in the repository. This can cause a signature to appear valid for a commit whose displayed or effective metadata differs from the object that was intended to be signed. This vulnerability is fixed in 5.19.0 and 6.0.0-alpha.3. | ||||
| CVE-2026-1871 | 1 Tp-link | 3 Tapo C200, Tapo C200 Firmware, Tapo C200 V5 | 2026-06-04 | 6.5 Medium |
| TP-Link Tapo C200 v5 contains a stack-based buffer overflow flaw in RTSP authentication handling due to improper validation of Authorization header field lengths, which can be triggered by a crafted authentication request. Successful exploitation causes the affected RTSP core service process to crash and triggers an automatic system reboot, resulting in a denial of service (DoS) condition. This prevents legitimate users from accessing the camera’s live video stream or management interface until the service restarts. | ||||
| CVE-2026-24221 | 1 Nvidia | 1 Nvtabular | 2026-06-04 | 7.8 High |
| NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering and information disclosure. | ||||
| CVE-2026-24237 | 1 Nvidia | 1 Nvtabular | 2026-06-04 | 7.8 High |
| NVIDIA NVTabular contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-44839 | 2 Broadcom, Rabbitmq | 2 Rabbitmq Server, Rabbitmq-server | 2026-06-04 | 4.8 Medium |
| RabbitMQ is a messaging and streaming broker. From 3.7.0 to before 4.1.2 and 4.0.13, This vulnerability is fixed in 4.1.2 and 4.0.13. | ||||
| CVE-2026-40713 | 1 Dell | 1 Thinos | 2026-06-04 | 6.1 Medium |
| Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access control vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-37462 | 1 Osrg | 1 Gobgp | 2026-06-04 | 7.5 High |
| An integer underflow in the BGPUpdate.DecodeFromBytes function (/bgp/bgp.go) of gobgp v4.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted BGP UPDATE message. | ||||
| CVE-2026-22054 | 2026-06-04 | N/A | ||
| Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | ||||
| CVE-2026-22055 | 2026-06-04 | N/A | ||
| Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations. | ||||
| CVE-2026-38570 | 1 Bacnetstack | 1 Bacnet Stack | 2026-06-04 | N/A |
| bacnet_stack 1.3.1 contains an Out-of-bounds Read in bacnet_tag_number_decode which allows attackers to cause a denial of service. | ||||
| CVE-2026-40715 | 1 Dell | 1 Thinos | 2026-06-04 | 7.8 High |
| Dell ThinOS 10, versions prior to ThinOS10 2602_10.0765, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Privilege Escalation. | ||||
| CVE-2026-4424 | 2 Libarchive, Redhat | 21 Libarchive, Ai Inference Server, Discovery and 18 more | 2026-06-04 | 7.5 High |
| A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | ||||
| CVE-2026-10701 | 1 Mozilla | 1 Firefox | 2026-06-04 | 7.5 High |
| Incorrect boundary conditions in the Graphics: Text component. This vulnerability was fixed in Firefox 151.0.3. | ||||
| CVE-2026-41207 | 2026-06-04 | N/A | ||
| The netty incubator codec.bhttp is a java language binary http parser. Prior to version 0.0.21.Final, HKDF_expand returns non-NULL on failure. The byte[] is filled with zeros and has no way to distinguish success from failure. Since this output is used as HKDF key material for the response AEAD, a failure silently produces an all-zero key. When EVP_HPKE_CTX_export fails it also returns an empty byte[] array filled with zeros. This byte[] feeds directly into OHttpCrypto.createResponseAEAD(...). A silent all-zero export secret would produce a deterministic, attacker-predictable AEAD key. Version 0.0.21.Final patches the issue. | ||||
| CVE-2026-25551 | 2026-06-04 | 7.8 High | ||
| Seagull Software BarTender 2021 R1 through 12.0.1 contains an insecure deserialization vulnerability that allows low-privileged local users to escalate privileges. The DataServiceSingleton .NET Remoting endpoint is bound to localhost on TCP port 7375 via BtSystem.Service.exe, limiting the attack surface to local access only. The endpoint is configured with BinaryServerFormatterSinkProvider and TypeFilterLevel set to Full. A low-privileged local attacker can send YSoSerial.NET-generated BinaryFormatter payloads to the localhost-bound endpoint to achieve code execution as NT AUTHORITY\\SYSTEM. | ||||