Export limit exceeded: 351198 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351198 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40374 | 1 Microsoft | 1 Power Automate For Desktop | 2026-05-12 | 6.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Power Automate allows an authorized attacker to disclose information over a network. | ||||
| CVE-2026-43006 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: io_uring/rsrc: reject zero-length fixed buffer import validate_fixed_range() admits buf_addr at the exact end of the registered region when len is zero, because the check uses strict greater-than (buf_end > imu->ubuf + imu->len). io_import_fixed() then computes offset == imu->len, which causes the bvec skip logic to advance past the last bio_vec entry and read bv_offset from out-of-bounds slab memory. Return early from io_import_fixed() when len is zero. A zero-length import has no data to transfer and should not walk the bvec array at all. BUG: KASAN: slab-out-of-bounds in io_import_reg_buf+0x697/0x7f0 Read of size 4 at addr ffff888002bcc254 by task poc/103 Call Trace: io_import_reg_buf+0x697/0x7f0 io_write_fixed+0xd9/0x250 __io_issue_sqe+0xad/0x710 io_issue_sqe+0x7d/0x1100 io_submit_sqes+0x86a/0x23c0 __do_sys_io_uring_enter+0xa98/0x1590 Allocated by task 103: The buggy address is located 12 bytes to the right of allocated 584-byte region [ffff888002bcc000, ffff888002bcc248) | ||||
| CVE-2026-43005 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 7.1 High |
| In the Linux kernel, the following vulnerability has been resolved: hwmon: (tps53679) Fix array access with zero-length block read i2c_smbus_read_block_data() can return 0, indicating a zero-length read. When this happens, tps53679_identify_chip() accesses buf[ret - 1] which is buf[-1], reading one byte before the buffer on the stack. Fix by changing the check from "ret < 0" to "ret <= 0", treating a zero-length read as an error (-EIO), which prevents the out-of-bounds array access. Also fix a typo in the adjacent comment: "if present" instead of duplicate "if". | ||||
| CVE-2026-41705 | 2 Spring, Vmware | 2 Spring, Spring Ai | 2026-05-12 | 8.6 High |
| Spring AI's MilvusVectorStore#doDelete(List) implementation is vulnerable to filter-expression injection via unsanitized document IDs. Spring AI 1.0.x: affected from 1.0.0 through latest 1.0.x; upgrade to 1.0.7 or greater. Spring AI 1.1.x: affected from 1.1.0 through latest 1.1.x; upgrade to 1.1.6 or greater. | ||||
| CVE-2026-41712 | 1 Vmware | 1 Spring Ai | 2026-05-12 | 7.5 High |
| Spring AI's chat memory component contained a problematic default that, when not explicitly overridden, could result in unintended data exposure between users. | ||||
| CVE-2026-41713 | 1 Vmware | 1 Spring Ai | 2026-05-12 | 8.2 High |
| A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns. | ||||
| CVE-2025-36335 | 1 Ibm | 2 Watsonx.data, Watsonxdata Intelligence | 2026-05-12 | 6.2 Medium |
| IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user. | ||||
| CVE-2025-36180 | 1 Ibm | 2 Watsonx.data, Watsonxdata | 2026-05-12 | 5.3 Medium |
| IBM watsonx.data 2.2 through 2.3 IBM Lakehouse does not properly restrict communication between pods which could allow an attacker to transfer data between pods without restrictions. | ||||
| CVE-2026-8109 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 6.5 Medium |
| An exposed dangerous method on the Core Server of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to leak access credentials. | ||||
| CVE-2026-8110 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 7.8 High |
| Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges. | ||||
| CVE-2026-8111 | 1 Ivanti | 1 Endpoint Manager | 2026-05-12 | 8.8 High |
| SQL injection in the web console of Ivanti Endpoint Manager before version 2024 SU6 allows a remote authenticated attacker to achieve remote code execution. | ||||
| CVE-2026-35436 | 1 Microsoft | 4 365 Apps, Office 2019, Office 2021 and 1 more | 2026-05-12 | 8.8 High |
| Insufficient granularity of access control in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34663 | 3 Adobe, Apple, Microsoft | 3 Illustrator, Macos, Windows | 2026-05-12 | 5.5 Medium |
| Illustrator versions 29.8.6, 30.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-43219 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: cpsw_new: Fix potential unregister of netdev that has not been registered yet If an error occurs during register_netdev() for the first MAC in cpsw_register_ports(), even though cpsw->slaves[0].ndev is set to NULL, cpsw->slaves[1].ndev would remain unchanged. This could later cause cpsw_unregister_ports() to attempt unregistering the second MAC. To address this, add a check for ndev->reg_state before calling unregister_netdev(). With this change, setting cpsw->slaves[i].ndev to NULL becomes unnecessary and can be removed accordingly. | ||||
| CVE-2026-43220 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinlock, allowing CMD_COMPL_WAIT commands to be queued out of sequence and breaking the ordering assumption in wait_on_sem(). Move the cmd_sem_val increment under iommu->lock so completion sequence allocation is serialized with command queuing. And remove the unnecessary return. | ||||
| CVE-2026-6322 | 2 Fast-uri, Openjsf | 2 Fast-uri, Fast-uri | 2026-05-12 | 7.5 High |
| fast-uri normalize() decoded percent-encoded authority delimiters inside the host component and then re-emitted them as raw delimiters during serialization. A host that combined an allowed domain, an encoded at-sign, and a different domain was re-emitted with the at-sign as a raw userinfo separator, changing the URI's authority to the second domain. Applications that normalize untrusted URLs before host allowlist checks, redirect validation, or outbound request routing can be steered to a different authority than the input appeared to specify. Versions <= 3.1.1 are affected. Update to 3.1.2 or later. | ||||
| CVE-2026-35253 | 2 Oracle, Oracle Corporation | 2 Macaron, Oracle Macaron Tool Of Oracle Open Source Projects | 2026-05-12 | 4.7 Medium |
| Vulnerability in the Oracle Macoron Tool product of Oracle Open Source Projects. The supported versions that is affected is v0.22.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Macaron Tool. Successful attacks of this vulnerability can result in Oracle Macaron Tool failing host address validation. | ||||
| CVE-2026-40436 | 1 Zte | 2 Zxedm Iems, Zxesm Iems | 2026-05-12 | 7.1 High |
| The ZTE ZXEDM iEMS product has a password reset vulnerability for any user.Because the management of the cloud EMS portal does not properly control access to the user list acquisition function, attackers can read all user list information through the user list interface. Attackers can reset the passwords of obtained user information, causing risks such as unauthorized operations. | ||||
| CVE-2026-24082 | 1 Qualcomm | 353 Ar8031, Ar8031 Firmware, Ar8035 and 350 more | 2026-05-12 | 7.8 High |
| Memory Corruption when copying data from a freed source while executing performance counter deselect operation. | ||||
| CVE-2026-43221 | 1 Linux | 1 Linux Kernel | 2026-05-12 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ipmi: ipmb: initialise event handler read bytes IPMB doesn't use i2c reads, but the handler needs to set a value. Otherwise an i2c read will return an uninitialised value from the bus driver. | ||||