Export limit exceeded: 362730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 362730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362730 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-47105 2026-06-30 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2026-12578 1 Deltaww 1 Dtmsoft 2026-06-30 N/A
The affected product is vulnerable to a deserialization of untrusted data, which may allow an attacker to execute arbitrary code.
CVE-2026-50229 1 Apache 1 Tomcat 2026-06-30 6.1 Medium
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in the number guess example for Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
CVE-2026-53404 1 Apache 1 Tomcat 2026-06-30 7.3 High
Always-Incorrect Control Flow Implementation vulnerability in Apache Tomcat's rewrite valve meant that if the first condition in an OR chain matched, subsequent non-OR conditions were skipped. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M1 through 10.1.55, from 9.0.0.M1 through 9.0.118, from 8.5.0 through 8.5.100. Other versions that have reached end of support may also be affected. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fix the issue.
CVE-2026-53434 1 Apache 1 Tomcat 2026-06-30 9.1 Critical
Detection of Error Condition Without Action vulnerability in Apache Tomcat when configuring CRLs for a FFM based connector. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.22, from 10.1.0-M7 through 10.1.55, from 9.0.83 through 9.0.118. Users are recommended to upgrade to version 11.0.23, 10.1.56 or 9.0.119, which fixes the issue.
CVE-2025-6035 2 Gimp, Redhat 2 Gimp, Enterprise Linux 2026-06-30 6.1 Medium
A flaw was found in GIMP. An integer overflow vulnerability exists in the GIMP "Despeckle" plug-in. The issue occurs due to unchecked multiplication of image dimensions, such as width, height, and bytes-per-pixel (img_bpp), which can result in allocating insufficient memory and subsequently performing out-of-bounds writes. This issue could lead to heap corruption, a potential denial of service (DoS), or arbitrary code execution in certain scenarios.
CVE-2025-5024 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7.4 High
A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also result in gnome-remote-desktop no longer being able to open files even after it is restarted via systemd.
CVE-2025-4574 1 Redhat 7 Directory Server, Enterprise Linux, Openshift and 4 more 2026-06-30 6.5 Medium
In crossbeam-channel rust crate, the internal `Channel` type's `Drop` method has a race condition which could, in some circumstances, lead to a double-free that could result in memory corruption.
CVE-2025-4478 2 Freerdp, Redhat 2 Freerdp, Enterprise Linux 2026-06-30 6.5 Medium
A flaw was found in the FreeRDP used by Anaconda's remote install feature, where a crafted RDP packet could trigger a segmentation fault. This issue causes the service to crash and remain defunct, resulting in a denial of service. It occurs pre-boot and is likely due to a NULL pointer dereference. Rebooting is required to recover the system.
CVE-2025-6170 2 Redhat, Xmlsoft 6 Enterprise Linux, Hummingbird, Jboss Core Services and 3 more 2026-06-30 2.5 Low
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configurations without modern protections.
CVE-2025-6032 1 Redhat 3 Enterprise Linux, Openshift, Rhel Eus 2026-06-30 8.3 High
A flaw was found in Podman. The podman machine init command fails to verify the TLS certificate when downloading the VM images from an OCI registry. This issue results in a Man In The Middle attack.
CVE-2025-6020 1 Redhat 16 Cert Manager, Confidential Compute Attestation, Discovery and 13 more 2026-06-30 7.8 High
A flaw was found in linux-pam. The module pam_namespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions.
CVE-2025-6019 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7 High
A Local Privilege Escalation (LPE) vulnerability was found in libblockdev. Generally, the "allow_active" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allow_active" user on a system may be able escalate to full root privileges on the target host. Normally, udisks mounts user-provided filesystem images with security flags like nosuid and nodev to prevent privilege escalation. However, a local attacker can create a specially crafted XFS image containing a SUID-root shell, then trick udisks into resizing it. This mounts their malicious filesystem with root privileges, allowing them to execute their SUID-root shell and gain complete control of the system.
CVE-2025-5914 2 Libarchive, Redhat 19 Libarchive, Cert Manager, Confidential Compute Attestation and 16 more 2026-06-30 7.8 High
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVE-2025-5915 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 6.6 Medium
A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.
CVE-2025-5917 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 2.8 Low
A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.
CVE-2025-5916 2 Libarchive, Redhat 4 Libarchive, Enterprise Linux, Openshift and 1 more 2026-06-30 3.9 Low
A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.
CVE-2025-5318 2 Libssh, Redhat 11 Libssh, Ai Inference Server, Enterprise Linux and 8 more 2026-06-30 8.1 High
A flaw was found in the libssh library in versions less than 0.11.2. An out-of-bounds read can be triggered in the sftp_handle function due to an incorrect comparison check that permits the function to access memory beyond the valid handle list and to return an invalid pointer, which is used in further processing. This vulnerability allows an authenticated remote attacker to potentially read unintended memory regions, exposing sensitive information or affect service behavior.
CVE-2025-49179 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-06-30 7.3 High
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.
CVE-2025-4953 1 Redhat 2 Enterprise Linux, Openshift 2026-06-30 7.4 High
A flaw was found in Podman. In a Containerfile or Podman, data written to RUN --mount=type=bind mounts during the podman build is not discarded. This issue can lead to files created within the container appearing in the temporary build context directory on the host, leaving the created files accessible.