Export limit exceeded: 351812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351812 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7304 | 2 Lmsys, Sglang | 2 Sglang, Sglang | 2026-05-19 | 9.8 Critical |
| SGLangs multimodal generation runtime is vulnerable to unauthenticated remote code execution when the --enable-custom-logit-processor option is enabled, as Python objects loaded via dill.loads() will be deserialized without validation. | ||||
| CVE-2026-8851 | 1 Alinto | 1 Sogo Web Mail | 2026-05-19 | 8.1 High |
| SOGo versions 5.12.7 and prior contains a SQL injection vulnerability in the Access Control List management functionality that allows authenticated users to extract arbitrary data from the database by injecting SQL subqueries through the uid parameter of the addUserInAcls endpoint. Attackers can inject malicious SQL code to write extracted data into the sogo_acl table and retrieve it through the /acls API, establishing an out-of-band data exfiltration channel. | ||||
| CVE-2020-28271 | 1 Sharpred | 1 Deephas | 2026-05-19 | 9.8 Critical |
| Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution. | ||||
| CVE-2026-7701 | 1 Telegram | 2 Desktop, Telegram Desktop | 2026-05-19 | 4.3 Medium |
| A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. There is ongoing doubt regarding the real existence of this vulnerability. Upgrading to version 6.7.6 is able to resolve this issue. Upgrading the affected component is recommended. The vendor provides this rationale for the dispute: "[T]he described scenario does not lead to any security issue or vulnerability, and only causes a one-time crash. In the outlined scenario, the targeted user must perform an active action, which doesn't produce any consequences after the app is relaunched." | ||||
| CVE-2025-9566 | 1 Redhat | 9 Enterprise Linux, Hummingbird, Openshift and 6 more | 2026-05-19 | 8.1 High |
| There's a vulnerability in podman where an attacker may use the kube play command to overwrite host files when the kube file container a Secrete or a ConfigMap volume mount and such volume contains a symbolic link to a host file path. In a successful attack, the attacker can only control the target file to be overwritten but not the content to be written into the file. Binary-Affected: podman Upstream-version-introduced: v4.0.0 Upstream-version-fixed: v5.6.1 | ||||
| CVE-2026-2100 | 2 P11-kit Project, Redhat | 5 P11-kit, Enterprise Linux, Hardened Images and 2 more | 2026-05-19 | 5.3 Medium |
| A flaw was found in p11-kit. A remote attacker could exploit this vulnerability by calling the C_DeriveKey function on a remote token with specific IBM kyber or IBM btc derive mechanism parameters set to NULL. This could lead to the RPC-client attempting to return an uninitialized value, potentially resulting in a NULL dereference or undefined behavior. This issue may cause an application level denial of service or other unpredictable system states. | ||||
| CVE-2026-2611 | 1 Mlflow | 1 Mlflow/mlflow | 2026-05-19 | N/A |
| In MLflow version 3.9.0, the MLflow Assistant feature introduced improper origin validation in its /ajax-api endpoints. This vulnerability allows a remote attacker to exploit cross-origin requests from a malicious webpage to interact with the MLflow Assistant running on a victim's local machine. By bypassing the loopback-only restriction, the attacker can modify the Assistant's configuration to enable full access, which in turn allows the execution of arbitrary commands via the Claude Code sub-agent. This issue is resolved in version 3.10.0. | ||||
| CVE-2026-47317 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47315 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47314 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 7.8 High |
| Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47313 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-47312 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||
| CVE-2026-0968 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Hummingbird and 1 more | 2026-05-19 | 3.1 Low |
| A flaw was found in libssh in which a malicious SFTP (SSH File Transfer Protocol) server can exploit this by sending a malformed 'longname' field within an `SSH_FXP_NAME` message during a file listing operation. This missing null check can lead to reading beyond allocated memory on the heap. This can cause unexpected behavior or lead to a denial of service (DoS) due to application crashes. | ||||
| CVE-2026-0967 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Hummingbird and 1 more | 2026-05-19 | 5.5 Medium |
| A flaw was found in libssh. A remote attacker, by controlling client configuration files or known_hosts files, could craft specific hostnames that when processed by the `match_pattern()` function can lead to inefficient regular expression backtracking. This can cause timeouts and resource exhaustion, resulting in a Denial of Service (DoS) for the client. | ||||
| CVE-2026-0965 | 2 Libssh, Redhat | 4 Libssh, Enterprise Linux, Hummingbird and 1 more | 2026-05-19 | N/A |
| A flaw was found in libssh where it can attempt to open arbitrary files during configuration parsing. A local attacker can exploit this by providing a malicious configuration file or when the system is misconfigured. This vulnerability could lead to a Denial of Service (DoS) by causing the system to try and access dangerous files, such as block devices or large system files, which can disrupt normal operations. | ||||
| CVE-2025-8277 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-05-19 | 3.1 Low |
| A flaw was found in libssh's handling of key exchange (KEX) processes when a client repeatedly sends incorrect KEX guesses. The library fails to free memory during these rekey operations, which can gradually exhaust system memory. This issue can lead to crashes on the client side, particularly when using libgcrypt, which impacts application stability and availability. | ||||
| CVE-2026-0966 | 2 Libssh, Redhat | 6 Libssh, Enterprise Linux, Hardened Images and 3 more | 2026-05-19 | 8.2 High |
| A flaw was found in libssh. The API function `ssh_get_hexa()` is vulnerable to a denial of service when processing zero-length input. This can be exploited remotely by an attacker during GSSAPI (Generic Security Service Application Program Interface) authentication if the server's logging verbosity is set to `SSH_LOG_PACKET (3)` or higher. Successful exploitation could lead to a self-Denial of Service of the per-connection daemon process. | ||||
| CVE-2026-0964 | 2 Libssh, Redhat | 6 Libssh, Enterprise Linux, Hardened Images and 3 more | 2026-05-19 | 6.3 Medium |
| A malicious SCP server can send unexpected paths that could make the client application override local files outside of working directory. This could be misused to create malicious executable or configuration files and make the user execute them under specific consequences. This is the same issue as in OpenSSH, tracked as CVE-2019-6111. | ||||
| CVE-2025-8114 | 2 Libssh, Redhat | 3 Libssh, Enterprise Linux, Openshift | 2026-05-19 | 4.7 Medium |
| A flaw was found in libssh, a library that implements the SSH protocol. When calculating the session ID during the key exchange (KEX) process, an allocation failure in cryptographic functions may lead to a NULL pointer dereference. This issue can cause the client or server to crash. | ||||
| CVE-2026-47316 | 1 Samsung Open Source | 1 Escargot | 2026-05-19 | 5.5 Medium |
| Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||||