Export limit exceeded: 361826 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361826 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-54771 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 4.9 Medium |
| A use-after-free vulnerability has been identified in the GNU GRUB (Grand Unified Bootloader). The flaw occurs because the file-closing process incorrectly retains a memory pointer, leaving an invalid reference to a file system structure. An attacker could exploit this vulnerability to cause grub to crash, leading to a Denial of Service. Possible data integrity or confidentiality compromise is not discarded. | ||||
| CVE-2025-54770 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-06-30 | 4.9 Medium |
| A vulnerability has been identified in the GRUB2 bootloader's network module that poses an immediate Denial of Service (DoS) risk. This flaw is a Use-after-Free issue, caused because the net_set_vlan command is not properly unregistered when the network module is unloaded from memory. An attacker who can execute this command can force the system to access memory locations that are no longer valid. Successful exploitation leads directly to system instability, which can result in a complete crash and halt system availability | ||||
| CVE-2025-47712 | 2 Nbdkit Project, Redhat | 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more | 2026-06-30 | 6.5 Medium |
| A flaw exists in the nbdkit "blocksize" filter that can be triggered by a specific type of client request. When a client requests block status information for a very large data range, exceeding a certain limit, it causes an internal error in the nbdkit, leading to a denial of service. | ||||
| CVE-2025-47711 | 2 Nbdkit Project, Redhat | 4 Nbdkit, Advanced Virtualization, Enterprise Linux and 1 more | 2026-06-30 | 6.5 Medium |
| There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. | ||||
| CVE-2025-46421 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-06-30 | 6.8 Medium |
| A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. | ||||
| CVE-2025-46420 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-06-30 | 6.5 Medium |
| A flaw was found in libsoup. It is vulnerable to memory leaks in the soup_header_parse_quality_list() function when parsing a quality list that contains elements with all zeroes. | ||||
| CVE-2025-46400 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2026-06-30 | 5.5 Medium |
| In xfig diagramming tool, a segmentation fault while running fig2dev allows an attacker to availability via local input manipulation via read_arcobject function. | ||||
| CVE-2025-46399 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2026-06-30 | 5.5 Medium |
| A flaw was found in fig2dev. This vulnerability allows availability via local input manipulation via genge_itp_spline function. | ||||
| CVE-2025-46398 | 2 Fig2dev Project, Redhat | 2 Fig2dev, Enterprise Linux | 2026-06-30 | 5.5 Medium |
| In xfig diagramming tool, a stack-overflow while running fig2dev allows memory corruption via local input manipulation via read_objects function. | ||||
| CVE-2025-46397 | 2 Fig2dev Project, Redhat | 3 Fig2dev, Enterprise Linux, Rhel Eus | 2026-06-30 | 7.8 High |
| A flaw was found in xfig. This vulnerability allows possible code execution via local input manipulation via bezier_spline function. | ||||
| CVE-2026-43715 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to memory corruption. | ||||
| CVE-2026-43735 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | N/A |
| The issue was addressed with improved checks. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2026-43708 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | 4.3 Medium |
| The issue was addressed with improved input validation. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. A malicious website may exfiltrate data cross-origin. | ||||
| CVE-2026-43727 | 1 Apple | 3 Ios And Ipados, Macos, Safari | 2026-06-30 | 6.5 Medium |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 26.5.2, iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. Processing maliciously crafted web content may lead to an unexpected Safari crash. | ||||
| CVE-2026-57498 | 1 Coollabsio | 1 Coolify | 2026-06-30 | 9.6 Critical |
| Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to 4.0.0-beta.474, Coolify's API controllers consistently validate server ownership with Server::whereTeamId($teamId) before any operation. However, multiple Livewire web UI components accept server_id and destination_uuid from URL query parameters without any team ownership validation, allowing cross-team resource deployment. This vulnerability is fixed in 4.0.0-beta.474. | ||||
| CVE-2025-5222 | 2 Redhat, Unicode | 5 Enterprise Linux, Openshift, Rhel E4s and 2 more | 2026-06-30 | 7 High |
| A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | ||||
| CVE-2025-23368 | 1 Redhat | 11 Build Keycloak, Data Grid, Integration and 8 more | 2026-06-30 | 8.1 High |
| A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI. | ||||
| CVE-2025-12543 | 1 Redhat | 18 Apache Camel Hawtio, Apache Camel Spring Boot, Build Of Apache Camel and 15 more | 2026-06-30 | 9.6 Critical |
| A flaw was found in the Undertow HTTP server core, which is used in WildFly, JBoss EAP, and other Java applications. The Undertow library fails to properly validate the Host header in incoming HTTP requests.As a result, requests containing malformed or malicious Host headers are processed without rejection, enabling attackers to poison caches, perform internal network scans, or hijack user sessions. | ||||
| CVE-2025-9784 | 1 Redhat | 17 Apache Camel Hawtio, Apache Camel Spring Boot, Build Of Apache Camel For Spring Boot and 14 more | 2026-06-30 | 7.5 High |
| A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts. While not a protocol bug, this highlights a common implementation weakness that can be exploited to cause a denial of service (DoS). | ||||
| CVE-2026-43743 | 1 Apple | 2 Ios And Ipados, Macos | 2026-06-30 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in iOS 26.5.2 and iPadOS 26.5.2, macOS Tahoe 26.5.2. An app may be able to cause unexpected system termination. | ||||