Export limit exceeded: 35283 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-43304 | 1 Linux | 1 Linux Kernel | 2026-05-15 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway. | ||||
| CVE-2026-43305 | 1 Linux | 1 Linux Kernel | 2026-05-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix mismatched unlock for DMUB HW lock in HWSS fast path [Why] The evaluation for whether we need to use the DMUB HW lock isn't the same as whether we need to unlock which results in a hang when the fast path is used for ASIC without FAMS support. [How] Store a flag that indicates whether we should use the lock and use that same flag to specify whether unlocking is needed. | ||||
| CVE-2026-2652 | 1 Mlflow | 1 Mlflow/mlflow | 2026-05-15 | N/A |
| A vulnerability in mlflow/mlflow versions 3.9.0 and earlier allows unauthenticated access to certain FastAPI routes when the server is started with authentication enabled (`--app-name basic-auth`) and served via uvicorn (ASGI). The FastAPI permission middleware only enforces authentication on `/gateway/` routes, leaving other routes such as the Job API (`/ajax-api/3.0/jobs/*`) and the OpenTelemetry trace ingestion API (`/v1/traces`) unprotected. This allows unauthenticated remote attackers to submit jobs, read job results, cancel running jobs, and inject arbitrary trace data into experiments. The issue arises from an architectural mismatch between Flask and FastAPI authentication mechanisms, where the `_find_fastapi_validator()` function fails to handle non-`/gateway/` paths, resulting in a complete authentication bypass. This vulnerability is fixed in version 3.10.0. | ||||
| CVE-2026-7182 | 2026-05-15 | N/A | ||
| Diagram's export module is vulnerable to Path Traversal in src attribute due to lack of HTML sanitization. An unauthenticated user could craft the html payload which could include local files from the server and display them in the generated pdf. This issue was fixed in version 1.1.1. | ||||
| CVE-2026-45391 | 1 Cribl | 1 Cribl | 2026-05-15 | 9.8 Critical |
| Reserved. Details will be published at disclosure. | ||||
| CVE-2026-20182 | 1 Cisco | 2 Catalyst Sd-wan Manager, Sd-wan Vsmart Controller | 2026-05-15 | 10 Critical |
| May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. | ||||
| CVE-2026-23827 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process. | ||||
| CVE-2026-23826 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. | ||||
| CVE-2026-23824 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | ||||
| CVE-2026-23825 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | ||||
| CVE-2026-44873 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 5.4 Medium |
| A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled. | ||||
| CVE-2026-44874 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-05-15 | 4.9 Medium |
| A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device. | ||||
| CVE-2026-44865 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.2 High |
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-41960 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 5.8 Medium |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41966 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.6 Medium |
| Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41968 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41964 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 8.4 High |
| Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41971 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.5 Medium |
| Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41961 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41967 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||