Export limit exceeded: 353497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 353497 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353497 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-9583 | 1 Sourcecodester | 1 Cet Automated Grading System With Ai Predictive Analytics | 2026-05-26 | 4.3 Medium |
| A weakness has been identified in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This impacts an unknown function of the file /index.php of the component SQL Handler. Executing a manipulation can lead to information exposure through error message. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-8850 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 7.5 High |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | ||||
| CVE-2026-8852 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 6.2 Medium |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module. | ||||
| CVE-2026-24193 | 1 Nvidia | 5 Geforce, Nvs, Quadro and 2 more | 2026-05-26 | 7.8 High |
| NVIDIA Display Driver for Windows and Linux contains a vulnerability where an attacker could cause an out-of-bounds write. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||||
| CVE-2026-8834 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 8 High |
| IBM HTTP Server 8.5, and 9.0 contains a buffer overflow vulnerability. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to execute remote code or cause a denial of service. | ||||
| CVE-2026-41999 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 4.8 Medium |
| Incorrect Behaviour of Views with TCP PROXY Requests | ||||
| CVE-2026-8835 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 7.3 High |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service. | ||||
| CVE-2026-24198 | 1 Nvidia | 5 Geforce, Nvs, Quadro and 2 more | 2026-05-26 | 5.6 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability where an advanced attacker could use a race condition to leak sensitive memory, which might cause limited exposure of sensitive information to an unauthorized actor. A successful exploit of this vulnerability might lead to denial of service, data tampering, and information disclosure. | ||||
| CVE-2026-24200 | 1 Nvidia | 1 Virtual Gpu Manager | 2026-05-26 | 7 High |
| NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause a use-after-free for stack memory. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, data tampering, and code execution. | ||||
| CVE-2026-9581 | 1 Jeecgboot | 1 Jeecgboot | 2026-05-26 | 6.3 Medium |
| A vulnerability was identified in JeecgBoot up to 3.9.1. The impacted element is an unknown function of the file /sys/comment/add. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit is publicly available and might be used. Upgrading to version 3.9.2 is sufficient to resolve this issue. Upgrading the affected component is recommended. | ||||
| CVE-2026-8854 | 3 Ibm, Linux, Microsoft | 5 Aix, Http Server, Z\/os and 2 more | 2026-05-26 | 7.5 High |
| IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_mem_cache. | ||||
| CVE-2026-3660 | 1 Ibm | 1 Engineering Lifecycle Management | 2026-05-26 | 9.8 Critical |
| IBM Engineering Lifecycle Management 7.0.3, 7.1.0, and 7.2.0 could allow an unauthenticated remote attacker to update server property files that would allow them to gain unauthorized access to the application. | ||||
| CVE-2026-42797 | 1 Apache | 1 Syncope | 2026-05-26 | 4.9 Medium |
| Exposure of Sensitive Information Through Data Queries vulnerability in Apache Syncope. An administrator with adequate entitlements for Derived Schemas can create a malicious JEXL expression which allows any administrator with sufficient entitlements for User read to access User-related security-sensitive information. This issue affects Apache Syncope: 3.0 through 3.0.16, 4.0 through 4.0.5, 4.1.0. Users are recommended to upgrade to version 4.0.6 / 4.1.1, which fix this issue by further restricting the JEXL expression definition. | ||||
| CVE-2026-45498 | 1 Microsoft | 3 Defender Antimalware Platform, Microsoft Defender, Windows Defender Antimalware Platform | 2026-05-26 | 4 Medium |
| Microsoft Defender Denial of Service Vulnerability | ||||
| CVE-2026-44706 | 1 Chatwoot | 1 Chatwoot | 2026-05-26 | 8.5 High |
| Chatwoot is a customer engagement suite. From 2.2.0 to before 4.11.2, a SQL injection vulnerability exists in the conversation and contact filter APIs. When filtering by a custom attribute of type date or number using the is_greater_than or is_less_than operators, user-supplied values in the values field of the filter payload are interpolated directly into the SQL query without parameterization. Any authenticated user with access to an account can exploit this to execute arbitrary SQL via time-based blind injection. This affects /api/v1/accounts/{account_id}/conversations/filter, /api/v1/accounts/{account_id}/contacts/filter, and /api/v1/accounts/{account_id}/custom_attribute_definitions. This vulnerability is fixed in 4.11.2. | ||||
| CVE-2026-24201 | 1 Nvidia | 1 Virtual Gpu Manager | 2026-05-26 | 5.8 Medium |
| NVIDIA vGPU software contains a vulnerability in the virtual GPU manager, where an attacker could cause an out-of-bound access. A successful exploit of this vulnerability might lead to data tampering, denial of service, or information disclosure. | ||||
| CVE-2026-44669 | 1 Factionsecurity | 1 Faction | 2026-05-26 | 8.7 High |
| FACTION is a PenTesting Report Generation and Collaboration Framework. Prior to 1.8.3, Faction is vulnerable to stored cross-site scripting (XSS) via attachment filenames in assessment file preview flows. User-supplied filename values are persisted and later rendered into HTML/attribute contexts without output encoding, allowing attacker-controlled JavaScript to execute in the browser of any user who views the affected page. Because the payload is stored server-side and rendered to other users, exploitation is persistent and can impact privileged accounts. This vulnerability is fixed in 1.8.3. | ||||
| CVE-2026-47075 | 1 Benoitc | 1 Hackney | 2026-05-26 | N/A |
| Improper Neutralization of CRLF Sequences vulnerability in benoitc hackney allows HTTP Request Splitting. hackney does not percent-encode carriage return (\r) or line feed (\n) characters in the URL query component before constructing the HTTP/1.1 request target. Characters outside the grammar defined in RFC 3986 Section 3.4 must be percent-encoded, but hackney_url:make_url/3 passes the query binary directly without validation or escaping. An attacker who can control all or part of a URL passed to hackney can inject raw CRLF sequences into the query string, which are then sent as HTTP line breaks in the request target. This enables injection of arbitrary HTTP headers or splitting of the HTTP request. This issue affects hackney: from 0 before 4.0.1. | ||||
| CVE-2026-45834 | 1 Linux | 1 Linux Kernel | 2026-05-26 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix null-ptr-deref in l2cap_sock_state_change_cb() Add the same NULL guard already present in l2cap_sock_resume_cb() and l2cap_sock_ready_cb(). | ||||
| CVE-2026-42000 | 1 Powerdns | 1 Authoritative | 2026-05-26 | 6.8 Medium |
| Insufficient Validation of Names During AXFR | ||||