Export limit exceeded: 46558 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (46558 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-53022 1 Linux 1 Linux Kernel 2026-06-30 7.0 High
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: bound enumeration string aggregation populate_enum_data() aggregates firmware-provided value-modifier and possible-value strings into fixed 512-byte struct members. The current code bounds each individual source string but then appends every string and separator with raw strcat() and no remaining-space check. Switch the aggregation loops to a bounded append helper and reject enumeration packages whose combined strings do not fit in the destination buffers. [ij: add include]
CVE-2026-44209 1 Masci 1 Banks 2026-06-30 7.5 High
Banks generates meaningful LLM prompts using a template language that makes sense. Prior to 2.4.2, banks uses jinja2.Environment() (unsandboxed) to render prompt templates. Applications that pass user-supplied strings as the template argument to Prompt() are vulnerable to Server-Side Template Injection (SSTI), which can lead to Remote Code Execution (RCE) on the host system. This vulnerability is fixed in 2.4.2.
CVE-2026-0719 1 Redhat 9 Enterprise Linux, Enterprise Linux Eus, Openshift Devspaces and 6 more 2026-06-30 8.6 High
A flaw was identified in the NTLM authentication handling of the libsoup HTTP library, used by GNOME and other applications for network communication. When processing extremely long passwords, an internal size calculation can overflow due to improper use of signed integers. This results in incorrect memory allocation on the stack, followed by unsafe memory copying. As a result, applications using libsoup may crash unexpectedly, creating a denial-of-service risk.
CVE-2025-61661 1 Redhat 2 Enterprise Linux, Openshift 2026-06-30 4.8 Medium
A vulnerability has been identified in the GRUB (Grand Unified Bootloader) component. This flaw occurs because the bootloader mishandles string conversion when reading information from a USB device, allowing an attacker to exploit inconsistent length values. A local attacker can connect a maliciously configured USB device during the boot sequence to trigger this issue. A successful exploitation may lead GRUB to crash, leading to a Denial of Service. Data corruption may be also possible, although given the complexity of the exploit the impact is most likely limited.
CVE-2025-47712 2 Nbdkit Project, Redhat 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more 2026-06-30 6.5 Medium
A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service.
CVE-2025-47711 2 Nbdkit Project, Redhat 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more 2026-06-30 6.5 Medium
There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service.
CVE-2025-46398 2 Fig2dev Project, Redhat 2 Fig2dev, Enterprise Linux 2026-06-30 5.5 Medium
In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function.
CVE-2025-46397 2 Fig2dev Project, Redhat 3 Fig2dev, Enterprise Linux, Rhel Eus 2026-06-30 7.8 High
A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function.
CVE-2025-5222 2 Redhat, Unicode 5 Enterprise Linux, Openshift, Rhel E4s and 2 more 2026-06-30 7 High
A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.
CVE-2026-28979 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-4775 3 Debian, Libtiff, Redhat 13 Debian Linux, Libtiff, Ai Inference Server and 10 more 2026-06-30 7.8 High
A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution.
CVE-2026-43718 1 Apple 3 Ios And Ipados, Macos, Safari 2026-06-30 6.5 Medium
A stack overflow was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash.
CVE-2026-43703 1 Apple 2 Ios And Ipados, Macos 2026-06-30 6.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected process crash.
CVE-2026-3833 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-06-30 6.5 Medium
A flaw was found in gnutls. This vulnerability occurs because gnutls performs case-sensitive comparisons of `nameConstraints` labels, specifically for `dNSName` (DNS) or `rfc822Name` (email) constraints within `excludedSubtrees` or `permittedSubtrees`. A remote attacker can exploit this by crafting a leaf certificate with casing differences in the Subject Alternative Name (SAN), leading to a policy bypass where a certificate that should be rejected is instead accepted. This could result in unauthorized access or information disclosure.
CVE-2025-7345 1 Redhat 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more 2026-06-30 7.5 High
A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution.
CVE-2026-53238 1 Linux 1 Linux Kernel 2026-06-30 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: netlabel: validate unlabeled address and mask attribute lengths netlbl_unlabel_addrinfo_get() used the address attribute length to determine whether the attribute data could be read as an IPv4 or IPv6 address, but did not independently validate the corresponding mask attribute length. A crafted Generic Netlink request could therefore provide a valid IPv4/IPv6 address attribute with a shorter mask attribute, which would later be read as a full struct in_addr or struct in6_addr. NLA_BINARY policy lengths are maximum lengths by default, so use NLA_POLICY_EXACT_LEN() for the unlabeled IPv4/IPv6 address and mask attributes. This rejects short attributes during policy validation and also exposes the exact length requirements through policy introspection.
CVE-2025-32990 2 Gnu, Redhat 10 Gnutls, Ceph Storage, Discovery and 7 more 2026-06-30 6.5 Medium
A heap-buffer-overflow (off-by-one) flaw was found in the GnuTLS software in the template parsing logic within the certtool utility. When it reads certain settings from a template file, it allows an attacker to cause an out-of-bounds (OOB) NULL pointer write, resulting in memory corruption and a denial-of-service (DoS) that could potentially crash the system.
CVE-2025-32914 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-06-30 7.4 High
A flaw was found in libsoup, where the soup_multipart_new_from_message() function is vulnerable to an out-of-bounds read. This flaw allows a malicious HTTP client to induce the libsoup server to read out of bounds.
CVE-2025-32907 1 Redhat 3 Enterprise Linux, Rhel E4s, Rhel Eus 2026-06-30 5.3 Medium
A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service.
CVE-2025-32053 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-06-30 6.5 Medium
A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read.