Export limit exceeded: 353032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353032 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353032 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-47075 | 1 Benoitc | 1 Hackney | 2026-05-26 | N/A |
| Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar defined in RFC 3986 Section 3.4 must be percent-encoded, but hackney_url:make_url/3 passes the query binary directly without validation or escaping. An attacker who can control all or part of a URL passed to hackney can inject raw CRLF sequences into the query string, which are then sent as HTTP line breaks in the request target. This enables injection of arbitrary HTTP headers or splitting of the HTTP request. This issue affects hackney: from 0 before 4.0.1. | ||||
| CVE-2026-9579 | 1 Jeecgboot | 1 Jeecgboot | 2026-05-26 | 6.3 Medium |
| A vulnerability was found in JeecgBoot up to 3.9.1. Impacted is the function user.getUsername of the file /sys/user/login/setting/userEdit of the component SysUser. The manipulation of the argument userIdentity results in improper access controls. The attack may be launched remotely. The exploit has been made public and could be used. Upgrading to version 3.9.2 is recommended to address this issue. The affected component should be upgraded. | ||||
| CVE-2026-45834 | 1 Linux | 1 Linux Kernel | 2026-05-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(). | ||||
| CVE-2026-42000 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 6.8 Medium |
| Insufficient Validation of Names During AXFR | ||||
| CVE-2026-9564 | 2 Oretnom23, Sourcecodester | 2 Hospitals Patient Records Management System, Hospitals Patient Records Management System | 2026-05-26 | 2.4 Low |
| A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Performing a manipulation of the argument Remarks results in cross site scripting. Remote exploitation of the attack is possible. The exploit has been made public and could be used. | ||||
| CVE-2026-24162 | 1 Nvidia | 1 Merlin Transformers4rec | 2026-05-26 | 7.8 High |
| NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | ||||
| CVE-2026-9575 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-26 | 7.3 High |
| A vulnerability has been found in itsourcecode Student Transcript Processing System 1.0. This issue affects some unknown processing of the file /admin/modules/class/index.php?view=view. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-42001 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 7.5 High |
| Insufficient Validation of Autoprimary SOA Queries | ||||
| CVE-2026-42002 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 5.9 Medium |
| Concurrency and locking defects in GSS-TSIG | ||||
| CVE-2026-24212 | 1 Nvidia | 1 Isaac Launchable | 2026-05-26 | 7.5 High |
| NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2026-2264 | 1 Google | 1 Cloud Apigee-x | 2026-05-26 | N/A |
| A vulnerability in the Google Cloud Apigee SetIntegrationRequest policy allowed remote attackers to perform Server-Side Request Forgery (SSRF) and exfiltrate service account access tokens. For successful exploitation, an administrator must initially establish an insecure configuration of the API proxy. | ||||
| CVE-2026-42396 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 4.9 Medium |
| Insufficient Validation of Member Zone Data May Cause Catalog Zone Transfer to Fail | ||||
| CVE-2026-34486 | 1 Apache | 1 Tomcat | 2026-05-26 | 7.5 High |
| Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | ||||
| CVE-2026-32181 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-05-26 | 5.5 Medium |
| Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||||
| CVE-2026-26151 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-26 | 7.1 High |
| Insufficient ui warning of dangerous operations in Windows Remote Desktop allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-20921 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-05-26 | 7.5 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SMB Server allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-20817 | 1 Microsoft | 14 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 11 more | 2026-05-26 | 7.8 High |
| Improper handling of insufficient permissions or privileges in Windows Error Reporting allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-9574 | 1 Itsourcecode | 1 Student Transcript Processing System | 2026-05-26 | 7.3 High |
| A flaw has been found in itsourcecode Student Transcript Processing System 1.0. This vulnerability affects unknown code of the file /admin/modules/student/trans.php. Executing a manipulation of the argument studentId/cid can lead to sql injection. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-48896 | 2026-05-26 | N/A | ||
| Insufficient state checks lead to a vector that allows to bypass 2FA checks. | ||||
| CVE-2025-36145 | 1 Ibm | 1 Watsonxdata | 2026-05-26 | 5.4 Medium |
| IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | ||||