Export limit exceeded: 359050 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359050 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-48788 | 2026-06-16 | N/A | ||
| Remark42 is a self-hosted comment engine for blogs, articles, or any other place where readers can add comments. Versions 1.6.0 through 1.15.0 contain a Cross-Site Scripting (XSS) vulnerability exploitable through content-type spoofing. The Remark42 image proxy fetches an arbitrary remote URL and re-serves the response from Remark42's own origin. During the download phase, the proxy determines whether the resource is an image by inspecting only the Content-Type header advertised by the remote server, never examining the actual bytes; during the serving phase, it instead derives the response Content-Type by sniffing those bytes with http.DetectContentType. An attacker can exploit this inconsistency by hosting a URL that advertises Content-Type: image/png while returning an HTML/JavaScript body: the download check accepts it as an image, the serving path sniffs the body and emits Content-Type: text/html, and the browser renders the attacker-controlled HTML/JavaScript as a document within Remark42's origin. Exploitation requires no Remark42 account on the target instance; the attacker only needs to host the malicious upstream URL and deliver the proxy link to a victim by any means, such as email, direct message, or a link on another website. This issue has been fixed in version 1.16.0. | ||||
| CVE-2026-48745 | 2026-06-16 | 9.3 Critical | ||
| Traccar Client is a GPS tracking mobile app for sending location updates to private servers using the open-source Traccar platform. In versions 9.7.19 and below, a single crafted deep link can silently hijack all GPS tracking parameters and redirect telemetry to an attacker-controlled server. The app registers a custom org.traccar.client://config deep-link scheme that silently writes attacker-supplied parameters (server URL, device ID, accuracy, distance, and interval) into the app's persistent configuration with no confirmation, notification, or visual indication. A single crafted link delivered via SMS, email, a webpage, or any installed app can therefore reconfigure the app the moment the victim taps it, with no special permissions required. As a result, an attacker can covertly redirect all of the victim's GPS telemetry to their own server at maximum precision and frequency, and the change persists across restarts. This gives the attacker continuous, real-time tracking of the victim's location. This issue has been fixed in version 9.7.20. | ||||
| CVE-2026-8317 | 2026-06-16 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-9258 | 2026-06-16 | 6.5 Medium | ||
| Improper validation of SSH host keys in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-9259 | 2026-06-16 | 6.5 Medium | ||
| Improper validation of server certificates in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-9261 | 2026-06-16 | 6.8 Medium | ||
| Use of weak SSH cryptographic algorithms in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-9262 | 2026-06-16 | 6.5 Medium | ||
| Use of a non-secure protocol as the default FTP configuration in Canon EOS Network Setting Tool Version 1.5.0 or earlier | ||||
| CVE-2026-5419 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 3.7 Low |
| A flaw was found in gnutls. The PKCS#7 padding check, performed during decryption, was not constant-time. This timing side-channel could allow a remote attacker to potentially leak sensitive information about the padding bytes through observable timing differences. This vulnerability is a form of information disclosure. | ||||
| CVE-2026-3832 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 3.7 Low |
| A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted Online Certificate Status Protocol (OCSP) response during a TLS handshake. Due to a logic error in how gnutls processes multi-record OCSP responses, a client with OCSP verification enabled may incorrectly accept a revoked server certificate, potentially leading to a compromise of trust. | ||||
| CVE-2026-5904 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-16 | 8.8 High |
| Determined a bug and not a vulnerability | ||||
| CVE-2026-4887 | 3 Gimp, Gnome, Redhat | 9 Gimp, Gimp, Enterprise Linux and 6 more | 2026-06-16 | 6.1 Medium |
| A flaw was found in GIMP. This issue is a heap buffer over-read in GIMP PCX file loader due to an off-by-one error. A remote attacker could exploit this by convincing a user to open a specially crafted PCX image. Successful exploitation could lead to out-of-bounds memory disclosure and a possible application crash, resulting in a Denial of Service (DoS). | ||||
| CVE-2026-42015 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Eus, Hardened Images and 4 more | 2026-06-16 | 5.3 Medium |
| A flaw was found in gnutls. An off-by-one error exists in the PKCS#12 bag element bounds check. This vulnerability allows an remote attacker to write past the internal array of a PKCS#12 bag when appending to a bag that already contains 32 elements. This memory corruption could lead to a denial of service (DoS) or potentially other unspecified impacts. | ||||
| CVE-2026-42014 | 1 Redhat | 5 Enterprise Linux, Enterprise Linux Eus, Hummingbird and 2 more | 2026-06-16 | 6.6 Medium |
| A flaw was found in GnuTLS. The `gnutls_pkcs11_token_set_pin` function, used for changing the Security Officer PIN, can lead to a use-after-free vulnerability. This occurs when an attacker attempts to change the PIN with a NULL old PIN for a token that lacks a protected authentication path. | ||||
| CVE-2026-42013 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 8.2 High |
| A flaw was found in gnutls. When validating certificates, an oversized Subject Alternative Name (SAN) could cause the validation process to incorrectly fall back to checking the Common Name (CN) field. This could allow a remote attacker to bypass proper certificate validation, potentially leading to spoofing or man-in-the-middle attacks. | ||||
| CVE-2026-42012 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 7.1 High |
| A flaw was found in gnutls. A remote attacker could exploit this vulnerability by presenting a specially crafted certificate that contains Uniform Resource Identifier (URI) or Service (SRV) Subject Alternative Names (SANs). This could cause the certificate validation process to incorrectly fall back to checking DNS hostnames against the Common Name (CN), potentially allowing the attacker to spoof legitimate services or intercept sensitive information. | ||||
| CVE-2026-5260 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 8.2 High |
| A flaw was found in libgnutls. A remote attacker, by sending an extremely short premaster secret during an RSA key exchange to a server using an RSA key backed by a PKCS#11 token, could trigger a short heap overread. This memory corruption vulnerability could lead to information disclosure. | ||||
| CVE-2026-42011 | 1 Redhat | 7 Enterprise Linux, Enterprise Linux Eus, Hardened Images and 4 more | 2026-06-16 | 7.4 High |
| A flaw was found in gnutls. This vulnerability occurs because permitted name constraints were incorrectly ignored when previous Certificate Authorities (CAs) only had excluded name constraints. A remote attacker could exploit this to bypass critical name constraint checks during certificate validation. This bypass could lead to the acceptance of invalid certificates, potentially enabling spoofing or man-in-the-middle attacks against affected systems. | ||||
| CVE-2026-3833 | 2 Gnu, Redhat | 8 Gnutls, Enterprise Linux, Enterprise Linux Eus and 5 more | 2026-06-16 | 6.5 Medium |
| A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure. | ||||
| CVE-2026-3539 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-06-16 | 8.8 High |
| Determined a bug and not a vulnerability | ||||
| CVE-2026-2340 | 2 Redhat, Samba | 5 Enterprise Linux, Openshift, Openshift Container Platform and 2 more | 2026-06-16 | 6.5 Medium |
| A flaw was found in Samba’s vfs_worm module. The module is intended to provide write-once, read-many (WORM) protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share could overwrite a protected file by renaming a newly created file over the existing WORM-protected file. | ||||