Export limit exceeded: 85445 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (85445 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-37223 1 Iobit 1 Uninstaller 2026-05-14 7.8 High
IObit Uninstaller 9.5.0.15 contains an unquoted service path vulnerability in the IObitUnSvr service that allows local attackers to escalate privileges to SYSTEM level. Attackers can place a malicious executable named IObit.exe in the C:\Program Files (x86)\IObit directory and restart the service to execute code with SYSTEM privileges.
CVE-2026-44289 2 Protobuf, Protobufjs Project 2 Protobuf, Protobufjs 2026-05-14 7.5 High
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs could recurse without a depth limit while decoding nested protobuf data. This affected both skipping unknown group fields and generated decoding of nested message fields. A crafted protobuf binary payload could cause the JavaScript call stack to be exhausted during decoding. This vulnerability is fixed in 7.5.6 and 8.0.2.
CVE-2026-44290 2 Protobuf, Protobufjs Project 2 Protobuf, Protobufjs 2026-05-14 7.5 High
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs allowed certain schema option paths to traverse through inherited object properties while applying options. A crafted protobuf schema or JSON descriptor could cause option handling to write to properties on global JavaScript constructors, corrupting process-wide built-in functionality. This vulnerability is fixed in 7.5.6 and 8.0.2.
CVE-2026-44291 2 Protobuf, Protobufjs Project 2 Protobuf, Protobufjs 2026-05-14 8.1 High
protobufjs compiles protobuf definitions into JavaScript (JS) functions. Prior to 7.5.6 and 8.0.2, protobufjs used plain objects with inherited prototypes for internal type lookup tables used by generated encode and decode functions. If Object.prototype had already been polluted, those lookup tables could resolve attacker-controlled inherited properties as valid protobuf type information. This could cause attacker-controlled strings to be emitted into generated JavaScript code. This vulnerability is fixed in 7.5.6 and 8.0.2.
CVE-2026-44871 2 Arubanetworks, Hpe 3 Arubaos, Sd-wan, Arubaos 2026-05-14 7.2 High
Command injection vulnerabilities exist in the command line interface (CLI) service accessed by the PAPI protocol of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system.
CVE-2026-41105 1 Microsoft 1 Azure Monitor Action Group Notification System 2026-05-14 8.1 High
Server-side request forgery (ssrf) in Azure Notification Service allows an authorized attacker to elevate privileges over a network.
CVE-2026-42825 1 Microsoft 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more 2026-05-14 7 High
Use after free in Windows Telephony Service allows an authorized attacker to elevate privileges locally.
CVE-2026-6276 2 Curl, Haxx 2 Libcurl, Curl 2026-05-14 7.5 High
Using libcurl, when a custom `Host:` header is first set for an HTTP request and a second request is subsequently done using the same *easy handle* but without the custom `Host:` header set, the second request would use stale information and pass on cookies meant for the first host in the second request. Leak them.
CVE-2026-45109 1 Vercel 1 Next.js 2026-05-14 7.5 High
Next.js is a React framework for building full-stack web applications. From 15.2.0 to before 15.5.18 and 16.2.6, it was found that the fix addressing CVE-2026-44575 did not apply to middleware.ts with Turbopack. This vulnerability is fixed in 15.5.18 and 16.2.6.
CVE-2026-28915 1 Apple 1 Macos 2026-05-14 7.8 High
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.
CVE-2026-28943 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-05-14 7.5 High
A logging issue was addressed with improved data redaction. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5, tvOS 26.5, watchOS 26.5. An app may be able to determine kernel memory layout.
CVE-2026-28873 1 Apple 3 Ios And Ipados, Ipados, Iphone Os 2026-05-14 7.5 High
This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. An app may be able to circumvent App Privacy Report logging.
CVE-2026-28930 1 Apple 1 Macos 2026-05-14 7.5 High
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26.5. An app may be able to access protected user data.
CVE-2026-28936 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-05-14 7.5 High
The issue was addressed with improved checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sonoma 14.8.7, macOS Tahoe 26.5, visionOS 26.5. Processing a maliciously crafted file may lead to unexpected app termination.
CVE-2026-46445 1 Alinto 1 Sogo 2026-05-14 7.1 High
SOGo before 5.12.7, when PostgreSQL is used, allows SQL injection.
CVE-2026-43680 1 Claris 1 Filemaker Cloud 2026-05-14 7.2 High
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to bypass a front-end restriction on OS Script schedule types and execute arbitrary operating system commands on the underlying host. This issue is fixed in FileMaker Cloud 2.22.0.5.
CVE-2026-43685 1 Claris 1 Filemaker Cloud 2026-05-14 7.2 High
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5.
CVE-2026-46446 1 Alinto 1 Sogo 2026-05-14 7.1 High
SOGo before 5.12.7, when PostgreSQL or MariaDB is used, and cleartext passwords are stored, allows SQL injection. This is related to c_password = '%@' in changePasswordForLogin.
CVE-2026-32992 1 Webpros 2 Cpanel, Wp Squared 2026-05-14 8.2 High
SSL verification is disabled in the DNS Cluster system. This could allow for a malicious server to man-in-the-middle the request and capture credentials.
CVE-2026-32993 1 Webpros 2 Cpanel, Wp Squared 2026-05-14 8.3 High
Improper sanitization of the `status` query parameter of the `/unprotected/nova_error` endpoint allows unauthenticated attacker to inject arbitrary HTTP header to the response.