Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351143 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-23826 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| A vulnerability in a network management service of AOS-8 Operating System could allow an unauthenticated remote attacker to exploit this vulnerability by sending specially crafted network packets to the affected device, potentially resulting in a denial-of-service condition. Successful exploitation could cause the affected service process to terminate unexpectedly, disrupting normal device operations. | ||||
| CVE-2026-23824 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | ||||
| CVE-2026-23825 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| Vulnerabilities exist in a protocol-handling component of AOS-8 and AOS-10 Operating Systems. An unauthenticated attacker could exploit these vulnerabilities by sending specially crafted network messages to the affected service. Due to insufficient input validation, successful exploitation may terminate a critical system process, resulting in a denial-of-service condition. | ||||
| CVE-2026-44873 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 5.4 Medium |
| A session management vulnerability in AOS-8 allows previously authenticated users to retain network access after their accounts are administratively disabled. Existing sessions are not invalidated when credentials are revoked, enabling continued access until session expiration. An attacker with compromised credentials could exploit this behavior to maintain unauthorized access even after the account has been disabled. | ||||
| CVE-2026-44874 | 2 Arubanetworks, Hpe | 2 Arubaos, Arubaos | 2026-05-15 | 4.9 Medium |
| A vulnerability exists in the web-based management interface of an AOS-10 Gateway that could allow an authenticated remote attacker to access sensitive files on the underlying operating system. Successful exploitation of this vulnerability could result in the disclosure of confidential system information, potentially enabling further attacks against the affected device. | ||||
| CVE-2026-44865 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.2 High |
| Command injection vulnerabilities exist in the web-based management interface of AOS-8 and AOS-10 Operating Systems. Successful exploitation of these vulnerabilities could allow an authenticated remote attacker to execute arbitrary commands on the underlying operating system. | ||||
| CVE-2026-41960 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 5.8 Medium |
| Permission control vulnerability in calls. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41966 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.6 Medium |
| Permission control vulnerability in the smart sensing service. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41968 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41964 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 8.4 High |
| Permission control vulnerability in the web. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41971 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.5 Medium |
| Permission control vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41961 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in contacts. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41967 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 5.9 Medium |
| Permission control vulnerability in the manufacturability design module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41969 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 6.2 Medium |
| Permission control vulnerability in the projection module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-41970 | 1 Huawei | 2 Emui, Harmonyos | 2026-05-15 | 6.8 Medium |
| Out-of-bounds write vulnerability in the distributed file system module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-41963 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 2.8 Low |
| Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34263 | 1 Sap Se | 1 Sap Commerce Cloud Configuration | 2026-05-15 | 9.6 Critical |
| Due to improper Spring Security configuration, SAP Commerce Cloud allows an unauthenticated user to perform malicious input injection, resulting in arbitrary server-side code execution, leading to high impact on Confidentiality, Integrity, and Availability of the application. | ||||
| CVE-2026-0427 | 1 Amd | 4 Instinct Mi210, Instinct Mi300x, Instinct Mi325x and 1 more | 2026-05-15 | N/A |
| Improper cleanup of shared register resources in GPU firmware could allow an admin-privileged attacker from a Guest Virtual machine (VM) to access these shared resources from another Guest VM, potentially resulting in the loss of confidentiality, integrity, or availability. | ||||
| CVE-2026-8398 | 1 Disc-soft | 1 Daemon Tools | 2026-05-15 | 9.8 Critical |
| A supply chain attack compromised the official installation packages of DAEMON Tools Lite (Windows versions 12.5.0.2421 through 12.5.0.2434), distributed from the legitimate website daemon-tools.cc between approximately April 8, 2026, and May 5, 2026. Attackers gained unauthorized access to the vendor's (AVB Disc Soft) build or distribution infrastructure and trojanized three binaries: DTHelper.exe, DiscSoftBusServiceLite.exe, and DTShellHlp.exe. These files were digitally signed with the legitimate AVB Disc Soft code-signing certificate, allowing the malicious installers to appear trustworthy and bypass signature-based detection. | ||||
| CVE-2026-6415 | 2 Justinkruit, Wordpress | 2 Advanced Custom Fields:font Awesome Field, Wordpress | 2026-05-15 | 6.4 Medium |
| The Advanced Custom Fields: Font Awesome plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 5.0.2. This is due to insufficient input validation of JSON field values and unsafe client-side HTML construction in the update_preview() JavaScript function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||