Export limit exceeded: 359545 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359545 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39560 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Hiroshi <= 1.5.1 versions. | ||||
| CVE-2026-39556 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in Konsept <= 1.9 versions. | ||||
| CVE-2026-39523 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Solene Core <= 2.3.2 versions. | ||||
| CVE-2026-39442 | 2026-06-17 | 8.1 High | ||
| Unauthenticated PHP Object Injection in PressMart <= 1.2.26 versions. | ||||
| CVE-2026-54193 | 2026-06-17 | 7.7 High | ||
| Contributor Arbitrary File Deletion in Fusion Builder <= 3.15.4 versions. | ||||
| CVE-2026-2604 | 2 Gnome, Redhat | 2 Evolution-data-server, Enterprise Linux | 2026-06-17 | 5.6 Medium |
| A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or modification. Later, during contact deletion, the URI is processed with a less strict check, leading to the deletion of arbitrary files on the host filesystem. This could potentially include critical Flatpak override files. | ||||
| CVE-2026-37281 | 1 Hitarth-gg | 1 Zenshin | 2026-06-17 | 9.8 Critical |
| An OS command injection vulnerability in the /stream-to-vlc Express route in hitarth-gg Zenshin before 2.7.0 allows remote attackers to execute arbitrary commands via the url parameter. | ||||
| CVE-2026-22325 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in Promo <= 1.3.0 versions. | ||||
| CVE-2026-22331 | 2026-06-17 | 8.1 High | ||
| Unauthenticated Local File Inclusion in AutoParts <= 1.5.8 versions. | ||||
| CVE-2026-39596 | 2026-06-17 | 9.3 Critical | ||
| Unauthenticated SQL Injection in Blocksy Companion Pro < 2.1.29 versions. | ||||
| CVE-2026-40783 | 2026-06-17 | 9.9 Critical | ||
| Contributor Remote Code Execution (RCE) in Blocksy Companion Pro <= 2.1.37 versions. | ||||
| CVE-2025-43300 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-06-17 | 10 Critical |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.8.5 and iPadOS 15.8.5, iOS 16.7.12 and iPadOS 16.7.12, iOS 18.6.2 and iPadOS 18.6.2, iPadOS 17.7.10, macOS Sequoia 15.6.1, macOS Sonoma 14.7.8, macOS Ventura 13.7.8. Processing a malicious image file may result in memory corruption. Apple is aware of a report that this issue may have been exploited in an extremely sophisticated attack against specific targeted individuals. | ||||
| CVE-2026-50263 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-17 | 5.5 Medium |
| A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow(). A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure. | ||||
| CVE-2026-50262 | 2 Redhat, X.org | 4 Enterprise Linux, X Server, Xorg-server and 1 more | 2026-06-17 | 5.5 Medium |
| An out-of-bounds read flaw was found in the X.Org X server and Xwayland in __glXDisp_ChangeDrawableAttributes(). A wrong size validation check can read a client-controlled number of bytes, exceeding the request buffer, leading to information disclosure. A write path also exists but requires byte-swapped clients which is disabled by default. | ||||
| CVE-2026-50264 | 2 Redhat, X.org | 4 Enterprise Linux, X Server, Xorg-server and 1 more | 2026-06-17 | 7.8 High |
| An out-of-bounds write flaw was found in the X.Org X server and Xwayland in DRIGetBuffers/DRIGetBuffersWithFormat. A client that requests multiple DRI2BufferBackLeft attachments and one DRI2BufferFrontLeft can trigger an out-of-bounds heap write. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50261 | 2 Redhat, X.org | 4 Enterprise Linux, X Server, Xorg-server and 1 more | 2026-06-17 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in SyncChangeCounter(). A client that sets up multiple SyncCounters can trigger a use-after-free when destroying those counters via a second client connection while changing those counters. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50259 | 3 Redhat, X.org, Xorg | 5 Enterprise Linux, X Server, Xorg-server and 2 more | 2026-06-17 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50260 | 2 Redhat, X.org | 4 Enterprise Linux, X Server, Xorg-server and 1 more | 2026-06-17 | 7.8 High |
| A use-after-free flaw was found in the X.Org X server and Xwayland in FreeCounter(). A client that sets up multiple SyncCounters and awaits on those triggers can trigger a use-after-free when destroying those counters via a second client connection. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50256 | 2 Redhat, X.org | 4 Enterprise Linux, X Server, Xorg-server and 1 more | 2026-06-17 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50258 | 2 Redhat, X.org | 3 Enterprise Linux, X Server, Xwayland | 2026-06-17 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||