Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351143 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351143 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-44544 | 1 Gittuf | 1 Gittuf | 2026-05-15 | N/A |
| gittuf is a platform-agnostic Git security system. Prior to 0.14.0, an attacker with push access to gittuf's Reference State Log (RSL) can roll back the current policy to any previous policy trusted by the current set of root keys. gittuf determines the policy to load by inspecting the RSL. Except for the very first policy (which is automatically trusted given gittuf's TOFU model, or verified against manually specified keys), whenever an RSL entry that points to a new policy is encountered, gittuf validates that this policy is trusted. This is done by checking that the new policy’s root metadata is signed by the required threshold of the current policy's root keys. Because of this, an attacker with push access to the RSL may create a new entry that references an old policy (that is trusted by the most recent policy's set of root keys), thereby rolling back gittuf's policy to the attacker's chosen state. This vulnerability is fixed in 0.14.0. | ||||
| CVE-2026-44592 | 1 Wavelens | 1 Gradient | 2026-05-15 | 9.4 Critical |
| Gradient is a nix-based continuous integration system. In 1.1.0, when GRADIENT_DISCOVERABLE=true (the default, and the NixOS module default), anyone who can reach /proto can register as a worker without any credentials by sending a fresh, never-registered worker UUID. The resulting session has PeerAuth::Open, i.e. it sees jobs from every organisation, and can immediately NarPush/NarUploaded arbitrary store paths into nar_storage and the cached_path table. This vulnerability is fixed in 1.1.1. | ||||
| CVE-2026-3290 | 1 Silicon Labs | 1 Rs9116 Sdk | 2026-05-15 | N/A |
| Timing limitations of the HRNG in RS9116 when power save mode is enabled results in predictable values | ||||
| CVE-2026-44666 | 1 Zelon88 | 1 Hrconvert2 | 2026-05-15 | N/A |
| HRConvert2 is a self-hosted, drag-and-drop & nosql file conversion server & share tool. Prior to 3.3.8, the sanitizeString() function in convertCore.php is missing backtick (`) and tab (\t) from its strip list. User input then reaches shell_exec(), where the shell interprets these characters and commands within filenames execute. This vulnerability is fixed in 3.3.8. | ||||
| CVE-2026-44679 | 1 Tuist | 1 Tuist | 2026-05-15 | N/A |
| Tuist is a virtual platform team for Swift app devs. Prior to 1.180.10, the forgot password flow allows an unauthenticated attacker to repeatedly trigger password reset emails for a known account without server-side throttling. In self-hosted deployments, this can be abused to send large volumes of unwanted email and consume downstream email delivery resources. This vulnerability is fixed in 1.180.10. | ||||
| CVE-2026-44678 | 1 Tuist | 1 Tuist | 2026-05-15 | N/A |
| Tuist is a virtual platform team for Swift app devs. In 1.180.8 and earlier, the DELETE /api/projects/{account_handle}/{project_handle}/previews/{preview_id} endpoint loads the preview by its UUID without verifying that the preview belongs to the project resolved from the URL path. The route's project-level authorization plug (AuthorizationPlug, :preview) authorizes the caller against the project encoded in account_handle/project_handle — which the attacker controls — and then the action deletes whichever preview's UUID is supplied. The check therefore guards the wrong project. | ||||
| CVE-2025-29938 | 1 Amd | 4 Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics, Ryzen 8040 Series Mobile Processors With Radeon Graphics and 1 more | 2026-05-15 | N/A |
| An unchecked return value within the AMD Platform Management Framework (PMF) could allow an attacker to write to an arbitrary memory address resulting in denial of service or arbitrary code execution. | ||||
| CVE-2025-66660 | 1 Amd | 12 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 9 more | 2026-05-15 | N/A |
| Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_CHECK_TA_COMPAT to cause incorrect shared memory mapping, potentially resulting in unexpected behavior. | ||||
| CVE-2023-31317 | 1 Amd | 6 Instinct Mi210, Instinct Mi250, Radeon Pro W6000 Series and 3 more | 2026-05-15 | N/A |
| Improper restriction of operations within the bounds of a memory buffer in the AMD secure processer (ASP) could allow an attacker to read or write to protected memory potentially resulting in arbitrary code execution. | ||||
| CVE-2024-36323 | 1 Amd | 6 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 3 more | 2026-05-15 | N/A |
| Improper isolation of VCN-JPEG HW register space could allow a malicious Guest Virtual Machine (VM) or a process to perform unauthorized access to the register space of the JPEG cores assigned a victim VM/process, potentially gaining arbitrary read/write access to the victim VM/process data. | ||||
| CVE-2026-6646 | 2 Dream-theme, Wordpress | 2 The7 — Website And Ecommerce Builder For Wordpress, Wordpress | 2026-05-15 | 6.4 Medium |
| The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dt_default_button' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-5229 | 2 M615926, Wordpress | 2 Receive Notifications After Form Submitting – Form Notify For Any Forms, Wordpress | 2026-05-15 | 9.8 Critical |
| The Form Notify plugin for WordPress is vulnerable to Authentication Bypass in versions up to and including 1.1.10. This is due to the plugin trusting user-controlled cookie data to determine which WordPress account to authenticate after a LINE OAuth login. When LINE doesn't provide an email address (which is common), the plugin falls back to reading the 'form_notify_line_email' cookie value without verifying that the LINE account is associated with that email address. This makes it possible for unauthenticated attackers to gain access to any user account on the site, including administrator accounts, by completing a LINE OAuth flow with their own LINE account while injecting a malicious cookie containing the target victim's email address. | ||||
| CVE-2023-31309 | 2026-05-15 | N/A | ||
| Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. | ||||
| CVE-2024-36334 | 2026-05-15 | N/A | ||
| Improper verification of cryptographic signature in the Radeon RGB tool could allow a malicious file placed in the installation directory to be run with elevated privileges potentially leading to arbitrary code execution. | ||||
| CVE-2024-36333 | 2026-05-15 | N/A | ||
| A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2026-8558 | 1 Google | 1 Chrome | 2026-05-15 | 8.8 High |
| Out of bounds write in Fonts in Google Chrome prior to 148.0.7778.168 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-34218 | 1 Vasion | 2 Virtual Appliance Application, Virtual Appliance Host | 2026-05-15 | 9.8 Critical |
| Vasion Print (formerly PrinterLogic) Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 (VA/SaaS deployments) expose internal Docker containers through the gw Docker instance. The gateway publishes a /meta endpoint which lists every micro‑service container together with version information. These containers are reachable directly over HTTP/HTTPS without any access‑control list (ACL), authentication or rate‑limiting. Consequently, any attacker on the LAN or the Internet can enumerate all internal services and their versions, interact with the exposed APIs of each microservice as an unauthenticated user, or issue malicious requests that may lead to information disclosure, privilege escalation within the container, or denial‑of‑service of the entire appliance. The root cause is the absence of authentication and network‑level restrictions on the API‑gateway’s proxy to internal Docker containers, effectively turning the internal service mesh into a public attack surface. This vulnerability has been identified by the vendor as: V-2024-030 — Exposed Internal Docker Instance (LAN). | ||||
| CVE-2026-20182 | 1 Cisco | 1 Catalyst Sd-wan Manager | 2026-05-15 | 10 Critical |
| May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the was disclosed in February 2026. This new advisory is for a new vulnerability in the control connection handshaking. The section of this advisory includes Show Control Connections guidance to help with system checks. A vulnerability in the peering authentication in Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to the affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. | ||||
| CVE-2026-43908 | 1 Academysoftwarefoundation | 1 Openimageio | 2026-05-15 | 8.8 High |
| OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the pixel-loop index expression i * 3 inside ConvertCbYCrYToRGB() causes the function to compute a large negative pointer offset into the output buffer, producing an out-of-bounds write that crashes the process. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | ||||
| CVE-2026-43907 | 1 Academysoftwarefoundation | 1 Openimageio | 2026-05-15 | 8.3 High |
| OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed integer overflow in QueryRGBBufferSizeInternal() in DPXColorConverter.cpp leads to a heap-based out-of-bounds write when processing crafted DPX image files. The function computes buffer sizes using 32-bit signed integer arithmetic with negative multipliers (e.g., pixels * -3 * bytes for kCbYCr descriptors and pixels * -4 * bytes for kABGR descriptors), where a negative result is used as an in-band signal that no separate buffer is needed. When the pixel count is sufficiently large, the multiplication overflows INT_MIN and wraps to a small positive value. The caller in dpxinput.cpp interprets this positive value as a required buffer size, allocates an undersized heap buffer via m_decodebuf.resize(), and then writes the full image data into it via fread, resulting in a heap buffer overflow. An attacker can exploit this by crafting a DPX file that triggers the overflow, causing a denial of service (crash) or potentially arbitrary code execution through heap corruption in any application that reads pixel data using OpenImageIO. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | ||||