Export limit exceeded: 348521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348521 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348521 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42366 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-05-05 | 7.4 High |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. | ||||
| CVE-2026-42368 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-05-05 | 9.9 Critical |
| A privilege escalation vulnerability exists in the Web Interface functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted HTTP request can lead to execute priviledged operation. An attacker can visit a webpage to trigger this vulnerability. | ||||
| CVE-2026-42370 | 2 Geovision, Geovision Inc. | 3 Gv-vms, Gv-vms Firmware, Gv-vms V20.0.2 | 2026-05-05 | 9 Critical |
| A stack overflow vulnerability exists in the WebCam Server Login functionality of GeoVision GV-VMS V20 20.0.2. A specially crafted HTTP request can lead to an arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2026-7371 | 2 Geovision, Geovision Inc. | 5 Gv-lpc2011, Gv-lpc2011 Firmware, Gv-lpc2211 and 2 more | 2026-05-05 | 7.4 High |
| Multiple reflected cross-site scripting (xss) vulnerabilities exist in the Web Interface / ssi.cgi functionality of GeoVision LPC2011/LPC2211 1.10. A specially crafted malicious url can lead to an arbitrary javascript code execution. An attacker can provide a crafted URL to trigger this vulnerability. Reflected XXS via the error message for requesting non-existing page. | ||||
| CVE-2026-40950 | 1 Absolute | 1 Secure Access | 2026-05-05 | 6.5 Medium |
| CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service | ||||
| CVE-2026-40949 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 4.4 Medium |
| CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service. | ||||
| CVE-2026-33452 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 5.5 Medium |
| CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | ||||
| CVE-2026-33451 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 7.8 High |
| CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system. | ||||
| CVE-2026-33450 | 2 Absolute, Apple | 2 Secure Access, Macos | 2026-05-05 | 5.5 Medium |
| CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service. | ||||
| CVE-2026-33449 | 1 Absolute | 1 Secure Access | 2026-05-05 | 7.5 High |
| CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | ||||
| CVE-2026-33448 | 2 Absolute, Apple | 2 Secure Access, Macos | 2026-05-05 | 3.3 Low |
| CVE-2026-33448 is a format string vulnerability in the logging subsystem of Secure Access client for MacOS prior to 14.50. Attackers with control of a modified server can force the client to dump the contents of a small portion of memory to the log files potentially revealing secrets. | ||||
| CVE-2026-33447 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. | ||||
| CVE-2026-33446 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | ||||
| CVE-2026-7461 | 2 Amazon, Aws | 2 Amazon Ecs Container Agent, Amazon Ecs Agent | 2026-05-05 | 7.2 High |
| Improper neutralization of inputs used in an OS command in the FSx Windows File Server volume mounting component in Amazon ECS Agent on Windows before version 1.103.0 might allow a remote authenticated threat actor to execute shell commands with SYSTEM privileges on the underlying host via a specially crafted username field in an ECS task definition. This issue requires permissions to register ECS task definitions or write to the Secrets Manager or SSM Parameter Store credentials used by the FSx volume configuration. To remediate this issue, users should upgrade to version 1.103.0. | ||||
| CVE-2026-32148 | 2 Hex, Hexpm | 2 Hex, Hex | 2026-05-05 | 5.9 Medium |
| Insufficient Verification of Data Authenticity vulnerability in hexpm hex (Hex.RemoteConverger module) allows dependency integrity bypass via unverified lockfile checksums. Hex stores checksums for dependencies in the mix.lock file to ensure reproducible and integrity-checked builds. However, Hex.RemoteConverger.verify_resolved/2 never executes checksum verification because the lock data returned by Hex.Utils.lock/1 uses string-based dependency names, while the verification logic compares against atom-based names. This type mismatch causes the verification code path to be silently skipped. Checksums are still validated when packages are initially downloaded from the registry, but mismatches between the lockfile and resolved dependencies are not detected. An attacker who can influence cached packages (e.g., via local cache poisoning or a compromised registry) can provide modified dependency contents that will be accepted without detection. The mix.lock file is silently rewritten with the checksum values from the registry, erasing evidence of tampering. This issue affects hex: from 0.16.0 before 2.4.2. | ||||
| CVE-2026-40228 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-05-05 | 2.9 Low |
| In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | ||||
| CVE-2026-40201 | 1 Diplodoc-platform | 1 Search-extension | 2026-05-05 | 5.4 Medium |
| @diplodoc/search-extension 1.0.0 through 3.x before 3.0.3 allows stored XSS via the title in a .md file. | ||||
| CVE-2026-31256 | 2 Mercury, Mercurycom | 3 Mipc252w, Mipc252w, Mipc252w Firmware | 2026-05-05 | 7.5 High |
| A null pointer dereference vulnerability exists in the RTSP service of the MERCURY MIPC252W 1.0.5 Build 230306 Rel.79931n. During the processing of a SETUP request for the path rtsp://<IP>:554/stream1/track2, the device fails to properly validate the Transport header field. When this header is improperly constructed, the RTSP service can dereference a NULL pointer during request parsing. Successful exploitation causes the device to crash and automatically reboot. | ||||
| CVE-2026-24120 | 1 Patriksimek | 1 Vm2 | 2026-05-05 | 9.8 Critical |
| vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.10.5. | ||||
| CVE-2026-7749 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-05-05 | 8.8 High |
| A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||