Export limit exceeded: 357589 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357589 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44171 | 2026-06-12 | 6.3 Medium | ||
| MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, mbstream did not check for /../ in the path when unpacking the archive. A proper backup can never contain such paths, but a specially crafted archive could have caused mbstream to create files outside of the target-dir path. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. | ||||
| CVE-2026-47653 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-06-12 | 8.8 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-44169 | 2026-06-12 | 4.3 Medium | ||
| MariaDB server is a community developed fork of MySQL server. From versions 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, a user getting EXECUTE access to a stored routine via a role, could see the routine definition even without SHOW CREATE ROUTINE privilege. This issue has been patched in versions 11.4.11, 11.8.7, and 12.3.2. | ||||
| CVE-2026-44168 | 2026-06-12 | 8 High | ||
| MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, during the SST the donor node is interpolating parameters that the joiner sent into the command line. Not all parameters were properly validated which could allow a malicious joiner to execute arbitrary shell commands on the donor side via the mariabackup SST method. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. | ||||
| CVE-2026-44170 | 2026-06-12 | N/A | ||
| MariaDB server is a community developed fork of MySQL server. From versions 10.6.1 to before 10.6.26, 10.11.1 to before 10.11.17, 11.4.1 to before 11.4.11, 11.8.1 to before 11.8.7, and 12.3.1, MariaDB on WIndows with installed CONNECT engine and enabled REST support interpolated table HTTP attribute into the curl command line without proper sanitizing. This allows the user to execute shell commands on the server. This issue has been patched in versions 10.6.26, 10.11.17, 11.4.11, 11.8.7, and 12.3.2. | ||||
| CVE-2026-44976 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to version 16.17.4, any user can modify any field in any Onboarding Step record. This issue has been patched in version 16.17.4. | ||||
| CVE-2026-50026 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.0 and 16.17.0, a lack of permission checks in these endpoints allowed unauthorized access to resources. This issue has been patched in versions 15.107.0 and 16.17.0. | ||||
| CVE-2026-47654 | 1 Microsoft | 7 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 4 more | 2026-06-12 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-12011 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-12 | 8.3 High |
| Use after free in WebMIDI in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-44801 | 1 Microsoft | 30 Remote Desktop, Remote Desktop Client, Windows 10 1607 and 27 more | 2026-06-12 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-12010 | 1 Google | 2 Android, Chrome | 2026-06-12 | 8.3 High |
| Heap buffer overflow in GPU in Google Chrome on Android prior to 149.0.7827.115 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-11459 | 1 Secureage | 1 Catchpulse | 2026-06-12 | 3.3 Low |
| A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-50091 | 2026-06-12 | 9.1 Critical | ||
| Aqara Home Android (com.lumiunited.aqarahome) 6.0.0 (and white-label clients embedding the same liblumidevsdk.so) uses hard-coded cryptographic keys, which is an instance of "CWE-321: Use of Hard-coded Cryptographic Key" and has an estimated CVSS of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N (9.1 Critical). | ||||
| CVE-2026-47140 | 1 Patriksimek | 1 Vm2 | 2026-06-12 | 10 Critical |
| vm2 is an open source vm/sandbox for Node.js. Prior to version 3.11.4, NodeVM blocks several dangerous Node.js builtins such as module, worker_threads, cluster, vm, repl, and inspector. However, the denylist misses process and inspector/promises. Both can be used from sandboxed code to reach host-side execution primitives. This allows sandboxed code to bypass the intended builtin restrictions and execute code in the host process. This issue has been patched in version 3.11.4. | ||||
| CVE-2017-20240 | 2026-06-12 | 5.9 Medium | ||
| Crypt::PBKDF2 versions before 0.261630 for Perl are vulnerable to timing attacks. These versions use Perl's built-in eq comparison. Discrepancies in timing could be used to guess the underlying derived-key. | ||||
| CVE-2026-53568 | 1 Frappe | 1 Frappe | 2026-06-12 | N/A |
| Frappe is a full-stack web application framework. Prior to versions 15.107.2 and 16.17.4, there is a stored XSS vulnerablity in Frappe Report/List View. This issue has been patched in versions 15.107.2 and 16.17.4. | ||||
| CVE-2026-47216 | 2026-06-12 | N/A | ||
| Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is an unauthenticated denial-of-service vulnerability in the /multi_search endpoint. A specially crafted request can trigger an unhandled exception during request processing, causing the server process to terminate. This issue can be exploited over the network without authentication and results in service unavailability. The duration of impact may vary depending on system configuration and dataset size. This issue has been patched in versions 29.1 and 30.2. | ||||
| CVE-2026-47225 | 2026-06-12 | N/A | ||
| Typesense is a fast, typo-tolerant search engine. Prior to versions 29.1 and 30.2, there is a cache isolation issue affecting search requests that use both server-side search result caching and Scoped Search API Keys. Under specific request ordering, cached search results could be reused across requests with different Scoped Search API Key constraints. This could result in a request receiving search results that should have been restricted by its Scoped Search API Key. This issue only affects search requests that use both server-side search result caching and Scoped Search API Keys with embedded filters to restrict access to search results within a collection. This vulnerability may result in unintended disclosure of search results across scoped authorization contexts. This issue has been patched in versions 29.1 and 30.2. | ||||
| CVE-2026-12012 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-12 | 8.1 High |
| Use after free in Network in Google Chrome prior to 149.0.7827.115 allowed an attacker in a privileged network position to potentially exploit heap corruption via malicious network traffic. (Chromium security severity: High) | ||||
| CVE-2026-12013 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-12 | 8.8 High |
| Use after free in Media in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||