Export limit exceeded: 359831 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359831 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56080 | 2026-06-19 | 4.9 Medium | ||
| Capgo before 12.128.2 contains a flaw in the Enforce Password Policy feature: after a Super Admin enables the policy and successfully changes their password to a compliant one, the backend does not update the password-compliance state. As a result, the backend continues to treat the account as non-compliant and repeatedly forces password-reset prompts, permanently locking the Super Admin out of organization access (organization lockout / denial of service) despite valid authentication. | ||||
| CVE-2020-37254 | 1 Wondershare | 1 Pdfelement | 2026-06-19 | 7.8 High |
| Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot. | ||||
| CVE-2026-6238 | 3 Gnu, Redhat, The Gnu C Library | 3 Glibc, Hummingbird, Glibc | 2026-06-19 | 6.5 Medium |
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. | ||||
| CVE-2026-42824 | 1 Microsoft | 2 365 Copilot, Copilot | 2026-06-19 | 6.5 Medium |
| Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42915 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-19 | 5.5 Medium |
| Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally. | ||||
| CVE-2026-45482 | 1 Microsoft | 1 Visual Studio Code Copilot Chat Extension | 2026-06-19 | 8.4 High |
| Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47636 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-19 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-06-19 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-8788 | 1 Rrwo | 1 Net::statsd::lite | 2026-06-19 | 7.3 High |
| Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names. | ||||
| CVE-2026-50639 | 1 Pevans | 1 Metrics::any::adapter::signalfx | 2026-06-19 | 6.5 Medium |
| Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections. | ||||
| CVE-2026-50638 | 1 Pevans | 1 Metrics::any::adapter::dogstatsd | 2026-06-19 | 9.1 Critical |
| Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections. | ||||
| CVE-2026-50637 | 1 Pevans | 1 Metrics::any::adapter::statsd | 2026-06-19 | 8.2 High |
| Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible. Version 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes. | ||||
| CVE-2026-46741 | 1 Sanbeg | 2 Etsy::statsd, Etsy\ | 2026-06-19 | 7.5 High |
| Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections. | ||||
| CVE-2026-46740 | 1 Rrwo | 1 Mojolicious::plugin::statsd | 2026-06-19 | 5.3 Medium |
| Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720). | ||||
| CVE-2026-46739 | 1 Cosimo | 2 Net::statsd, Net\ | 2026-06-19 | 5.3 Medium |
| Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection). | ||||
| CVE-2026-46720 | 1 Rrwo | 1 Net::statsd::tiny | 2026-06-19 | 8.2 High |
| Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. | ||||
| CVE-2026-46719 | 1 Rrwo | 1 Net::statsd::lite | 2026-06-19 | 6.5 Medium |
| Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. | ||||
| CVE-2026-12007 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-19 | 8.8 High |
| Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2026-06-19 | 8.1 High |
| A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process. | ||||
| CVE-2026-46331 | 1 Linux | 1 Linux Kernel | 2026-06-19 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: net/sched: fix pedit partial COW leading to page cache corruption tcf_pedit_act() computes the COW range for skb_ensure_writable() once before the key loop using tcfp_off_max_hint, but the hint does not account for the runtime header offset added by typed keys. This can leave part of the write region un-COW'd. Fix by moving skb_ensure_writable() inside the per-key loop where the actual write offset is known, and add overflow checking on the offset arithmetic. For negative offsets (e.g. Ethernet header edits at ingress), use skb_cow() to COW the headroom instead. Guard offset_valid() against INT_MIN, where negation is undefined. | ||||