Export limit exceeded: 348465 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348465 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40950 | 1 Absolute | 1 Secure Access | 2026-05-05 | 6.5 Medium |
| CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service | ||||
| CVE-2026-40949 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 4.4 Medium |
| CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service. | ||||
| CVE-2026-33452 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 5.5 Medium |
| CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | ||||
| CVE-2026-33451 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 7.8 High |
| CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system. | ||||
| CVE-2026-33450 | 2 Absolute, Apple | 2 Secure Access, Macos | 2026-05-05 | 5.5 Medium |
| CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service. | ||||
| CVE-2026-33449 | 1 Absolute | 1 Secure Access | 2026-05-05 | 7.5 High |
| CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | ||||
| CVE-2026-33448 | 2 Absolute, Apple | 2 Secure Access, Macos | 2026-05-05 | 3.3 Low |
| CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets. | ||||
| CVE-2026-33447 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. | ||||
| CVE-2026-33446 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | ||||
| CVE-2026-7461 | 2 Amazon, Aws | 2 Amazon Ecs Container Agent, Amazon Ecs Agent | 2026-05-05 | 7.2 High |
| Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. To remediate this issue, users should upgrade to version 1.103.0. | ||||
| CVE-2026-32148 | 2 Hex, Hexpm | 2 Hex, Hex | 2026-05-05 | 5.9 Medium |
| Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However, Hex.RemoteConverger.verify_resolved/2 never executes checksum verification because the lock data returned by Hex.Utils.lock/1 uses string-based dependency names, while the verification logic compares against atom-based names. This type mismatch causes the verification code path to be silently skipped. Checksums are still validated when packages are initially downloaded from the registry, but mismatches between the lockfile and resolved dependencies are not detected. An attacker who can influence cached packages (e.g., via local cache poisoning or a compromised registry) can provide modified dependency contents that will be accepted without detection. The mix.lock file is silently rewritten with the checksum values from the registry, erasing evidence of tampering. This issue affects hex: from 0.16.0 before 2.4.2. | ||||
| CVE-2026-40228 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-05-05 | 2.9 Low |
| In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | ||||
| CVE-2026-40201 | 1 Diplodoc-platform | 1 Search-extension | 2026-05-05 | 5.4 Medium |
| @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | ||||
| CVE-2026-31256 | 2 Mercury, Mercurycom | 3 Mipc252w, Mipc252w, Mipc252w Firmware | 2026-05-05 | 7.5 High |
| A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot. | ||||
| CVE-2026-24120 | 1 Patriksimek | 1 Vm2 | 2026-05-05 | 9.8 Critical |
| vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.10.5. | ||||
| CVE-2026-7749 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-05-05 | 8.8 High |
| A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-7743 | 1 Codeastro | 1 Online Classroom | 2026-05-05 | 6.3 Medium |
| A vulnerability has been found in CodeAstro Online Classroom 1.0. The impacted element is an unknown function of the file /OnlineClassroom/studentdetails. The manipulation of the argument deleteid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7737 | 1 Osrg | 1 Gobgp | 2026-05-05 | 5.3 Medium |
| A vulnerability was identified in osrg GoBGP up to 4.3.0. Affected by this issue is the function BMPPeerUpNotification.ParseBody/BMPStatisticsReport.ParseBody of the file pkg/packet/bmp/bmp.go of the component BMP Parser. The manipulation leads to out-of-bounds read. The attack can be initiated remotely. Upgrading to version 4.4.0 can resolve this issue. The identifier of the patch is bc77597d42335c78464bc8e15a471d887bbdf260. Upgrading the affected component is recommended. | ||||
| CVE-2026-7731 | 1 Code-projects | 1 Blood Bank Management System | 2026-05-05 | 6.3 Medium |
| A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. The affected element is an unknown function of the file get_state.php. The manipulation of the argument G_STATE_ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-7724 | 1 Prefect | 1 Prefect | 2026-05-05 | 5 Medium |
| A vulnerability has been found in PrefectHQ prefect up to 3.6.28.dev1. Affected by this vulnerability is the function validate_restricted_url of the component Webhook/Notification. The manipulation leads to time-of-check time-of-use. It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 3.6.28.dev2 addresses this issue. The identifier of the patch is 7c70ac54a5e101431d83b9f2681ec88d5e0021ed. Upgrading the affected component is advised. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | ||||