Export limit exceeded: 359893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-52908 | 1 Linux | 1 Linux Kernel | 2026-06-19 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: RDMA: During rereg_mr ensure that REREG_ACCESS is compatible If IB_MR_REREG_ACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr struct add a ib_umem_check_rereg() function that each driver has to call before processing IB_MR_REREG_ACCESS. mlx4 has to retain its duplicate ib_access_writable check because it implements IB_MR_REREG_ACCESS | IB_MR_REREG_TRANS by changing both items in place sequentially while the MR is live, so it will continue to not support this combination. | ||||
| CVE-2020-37254 | 1 Wondershare | 1 Pdfelement | 2026-06-19 | 7.8 High |
| Wondershare PDFelement 5.2.9 contains a privilege escalation vulnerability due to an unquoted service path in the WsAppService Windows service. Local attackers can place a malicious executable in the service path and execute code with LocalSystem privileges upon service restart or system reboot. | ||||
| CVE-2026-6238 | 3 Gnu, Redhat, The Gnu C Library | 3 Glibc, Hummingbird, Glibc | 2026-06-19 | 6.5 Medium |
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.0.1 to version 2.43 fail to validate the RDATA content against the RDATA length in a DNS response when processing A6, CERT, LOC, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. | ||||
| CVE-2026-42824 | 1 Microsoft | 2 365 Copilot, Copilot | 2026-06-19 | 6.5 Medium |
| Missing authentication for critical function in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-42915 | 1 Microsoft | 15 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 12 more | 2026-06-19 | 5.5 Medium |
| Incorrect calculation of buffer size in Windows VMSwitch allows an authorized attacker to deny service locally. | ||||
| CVE-2026-45482 | 1 Microsoft | 1 Visual Studio Code Copilot Chat Extension | 2026-06-19 | 8.4 High |
| Initialization of a resource with an insecure default in GitHub Copilot and Visual Studio Code allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-47636 | 1 Microsoft | 3 Sharepoint Server, Sharepoint Server 2016, Sharepoint Server 2019 | 2026-06-19 | 5.4 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-06-19 | 4.3 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-8788 | 1 Rrwo | 1 Net::statsd::lite | 2026-06-19 | 7.3 High |
| Net::Statsd::Lite versions through 0.10.0 for Perl allowed metric injections. The values from the set_add method were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that version 0.9.0 fixed a similar issue CVE-2026-46719 for metric names. | ||||
| CVE-2026-8722 | 1 Team | 2 Net::async::statsd::client, Net\ | 2026-06-19 | 6.5 Medium |
| Net::Async::Statsd::Client versions through 0.005 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. | ||||
| CVE-2026-50639 | 1 Pevans | 1 Metrics::any::adapter::signalfx | 2026-06-19 | 6.5 Medium |
| Metrics::Any::Adapter::SignalFx versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::SignalFx which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _labels function does not check tags labels newlines or statsd control characters. The labels can be used for metric injections. | ||||
| CVE-2026-50638 | 1 Pevans | 1 Metrics::any::adapter::dogstatsd | 2026-06-19 | 9.1 Critical |
| Metrics::Any::Adapter::DogStatsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions such as dogstatsd) allow mutiple metrics, separated by newlines, to be sent per packet. Metrics::Any::Adapter::DogStatsd which extends Metrics::Any::Adapter::Statsd, which has a similar vulnerability. In addition, the _tags function does not check tags for newlines or statsd control characters. The tags can be used for metric injections. | ||||
| CVE-2026-50637 | 1 Pevans | 1 Metrics::any::adapter::statsd | 2026-06-19 | 8.2 High |
| Metrics::Any::Adapter::Statsd versions before 0.04 for Perl does not protect against metric injections. The statsd protocol (and extensions) allow mutiple metrics, separated by newlines, to be sent per packet. The send method does not validate the contents of the metric names or values. If the names have newlines and statsd control characters (colon, pipe) then metric injections are possible. Version 0.04 fixed this by modifying the _make method to block metric names with characters below ASCII 32 (which includes the newline), or colons or pipes. | ||||
| CVE-2026-46741 | 1 Sanbeg | 2 Etsy::statsd, Etsy\ | 2026-06-19 | 7.5 High |
| Etsy::StatsD versions through 1.002002 for Perl allow metric injections. The metric names and values are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Note that the git repository contains an unreleased version with the gauge and set methods that also do not check for potential metric injections. | ||||
| CVE-2026-46740 | 1 Rrwo | 1 Mojolicious::plugin::statsd | 2026-06-19 | 5.3 Medium |
| Mojolicious::Plugin::Statsd versions through 0.04 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. Version 0.06 changes the module from being a statsd client to using a separate statsd client. It defaults to using a version of Net::Statsd::Tiny that fixes a similar issue (CVE-2026-46720). | ||||
| CVE-2026-46739 | 1 Cosimo | 2 Net::statsd, Net\ | 2026-06-19 | 5.3 Medium |
| Net::Statsd versions before 0.13 for Perl allow metric injections. The metric names are not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. The update_stats (used for updating counters) and gauge methods do not check that values are numeric (which would block metric injection). | ||||
| CVE-2026-46720 | 1 Rrwo | 1 Net::statsd::tiny | 2026-06-19 | 8.2 High |
| Net::Statsd::Tiny versions before 0.3.8 for Perl allowed metric injections. The metric names and set values were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. | ||||
| CVE-2026-46719 | 1 Rrwo | 1 Net::statsd::lite | 2026-06-19 | 6.5 Medium |
| Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics. | ||||
| CVE-2026-12007 | 2 Google, Microsoft | 2 Chrome, Windows | 2026-06-19 | 8.8 High |
| Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2021-27033 | 1 Autodesk | 1 Design Review | 2026-06-19 | 8.1 High |
| A maliciously crafted PDF file, when opened by a user in Autodesk Design Review, can trigger a Double Free vulnerability in the Autodesk Design Review application. A malicious actor may leverage this vulnerability to cause memory corruption and execute arbitrary code in the context of the current process. | ||||