Export limit exceeded: 361598 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361598 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-56210 | 2 Aomedia, Redhat | 5 Libaom, Enterprise Linux, Enterprise Linux Ai and 2 more | 2026-06-29 | 7.1 High |
| A heap-buffer-overflow read vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows setting a spatial_layer_id exceeding the configured number of layers. This causes an out-of-bounds heap read of approximately 40,728 bytes when computing a layer context array index. An attacker who can influence SVC encoder parameters in a network-facing service could exploit this for information disclosure (heap content leak) or denial of service (segmentation fault from hitting unmapped memory). | ||||
| CVE-2026-56209 | 2 Aomedia, Redhat | 5 Libaom, Enterprise Linux, Enterprise Linux Ai and 2 more | 2026-06-29 | 7.1 High |
| An arbitrary address write vulnerability was found in libaom, the reference AV1 codec implementation. A missing bounds check in the SVC (Scalable Video Coding) layer ID control function allows an attacker to inject an arbitrary pointer into the cyclic refresh map field via crafted image pixel values. The encoder then writes approximately 1,200 bytes at the attacker-controlled address. This is fully deterministic and does not require a separate information leak. An attacker who can supply frames to a network-facing libaom encoder with SVC enabled could exploit this for denial of service or potential code execution. | ||||
| CVE-2026-56208 | 2 Aomedia, Redhat | 5 Libaom, Enterprise Linux, Enterprise Linux Ai and 2 more | 2026-06-29 | 7.6 High |
| A heap buffer overflow vulnerability was found in libaom, the reference AV1 codec implementation. A flaw in the AV1 encoder's Look-Ahead Processing (LAP) mode causes the first-pass stats ring buffer wrap-around guard to be bypassed when g_lag_in_frames is set to 1 or higher. This results in a 232-byte out-of-bounds write on every encoded frame after the second, corrupting adjacent heap objects. An attacker who can influence encoder configuration in a transcoding service or WebRTC session could exploit this to cause a denial of service (process crash) or potentially achieve code execution. | ||||
| CVE-2026-13517 | 1 Tenda | 1 Jd12l | 2026-06-29 | 8.8 High |
| A flaw has been found in Tenda JD12L 16.03.53.23. The impacted element is the function formWifiBasicSet of the file /goform/WifiBasicSet. Executing a manipulation of the argument security_5g can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-13516 | 1 Tenda | 1 Jd12l | 2026-06-28 | 8.8 High |
| A vulnerability was detected in Tenda JD12L 16.03.53.23. The affected element is the function fromSetWifiGusetBasic of the file /goform/WifiGuestSet. Performing a manipulation of the argument shareSpeed results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-13515 | 1 Tenda | 1 Jd12l | 2026-06-28 | 8.8 High |
| A security vulnerability has been detected in Tenda JD12L 16.03.53.23. Impacted is the function formSetPPTPServer of the file /goform/SetPptpServerCfg. Such manipulation of the argument startIp leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-13514 | 1 Chess | 1 Play And Learn App | 2026-06-28 | 2.4 Low |
| A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to an unauthorized control sphere. It is feasible to perform the attack on the physical device. The exploit has been made available to the public and could be used for attacks. Upgrading the affected component is advised. The vendor was informed early about this issue. They confirmed the existence and that they will address it. Furthermore, they explain that their bug bounty "explicitly excludes physical-access attacks". However, they appreciate the quality of the report and aim at making a goodwill payment to the researcher. | ||||
| CVE-2026-13513 | 1 Myscale | 1 Myscaledb | 2026-06-28 | 5 Medium |
| A security flaw has been discovered in MyScale MyScaleDB up to 1.8.0. This vulnerability affects the function SegmentId::getCacheKey in the library src/VectorIndex/Common/SegmentId.h. The manipulation results in insufficient verification of data authenticity. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The exploit has been released to the public and may be used for attacks. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13512 | 1 Databend | 1 Databend | 2026-06-28 | 6.3 Medium |
| A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13511 | 1 Voltagent | 1 Voltagent | 2026-06-28 | 3.1 Low |
| A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a manipulation of the argument conversationId can lead to improper authorization. The attack may be performed from remote. This attack is characterized by high complexity. The exploitation is known to be difficult. The exploit has been publicly disclosed and may be utilized. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13509 | 1 Ragapp | 1 Ragapp | 2026-06-28 | 6.3 Medium |
| A vulnerability has been found in RAGapp up to 0.1.5. Affected is the function FileHandler.upload_file/FileHandler.remove_file of the file src/ragapp/backend/controllers/files.py of the component Knowledge File Handler. Such manipulation leads to path traversal. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13508 | 1 Khoj-ai | 1 Khoj | 2026-06-28 | 5.5 Medium |
| A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes incorrect authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2026-13507 | 1 Volcengine | 1 Openviking | 2026-06-28 | 5 Medium |
| A vulnerability was detected in volcengine OpenViking up to 0.3.21. This affects the function str_to_uint64 of the file openviking/storage/vectordb/utils/str_to_uint64.py of the component Local VectorDB Primary-key Label Handler. The manipulation of the argument ID results in insufficient verification of data authenticity. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The pull request to fix this issue awaits acceptance. | ||||
| CVE-2024-8105 | 2026-06-28 | 6.4 Medium | ||
| A vulnerability exists in UEFI implementations that use a hard-coded software-based Platform Key (PK). An attacker in possession of the corresponding PK private key can sign arbitrary UEFI executables or firmware components, causing them to be trusted by affected systems and potentially bypassing UEFI Secure Boot trust validation. | ||||
| CVE-2026-48945 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-28 | 5.3 Medium |
| The K2 article gallery upload path accepts a zip/tar archive, extracts it under `/media/k2/galleries/<id>/`, and only renames image files (gif/jpg/jpeg/png/webp) to safe names — non-image files (including `.php`) are extracted as-is and remain executable via direct HTTP access. | ||||
| CVE-2026-48940 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-28 | 3.4 Low |
| A Joomla user with K2 "create item" rights (Author tier by default) can submit an article whose `embedVideo` POST field contains a raw `<script>` tag; K2 stores it verbatim and renders it unescaped to any visitor of the article page. | ||||
| CVE-2026-48941 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-28 | 6.5 Medium |
| The K2 frontend `item.checkin` task accepts an unauthenticated `sigProFolder` query parameter and uses it directly to address a `JFolder::delete()` call under `/media/k2/galleries/` | ||||
| CVE-2026-48946 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-28 | 6.3 Medium |
| The K2 frontend article-attachment upload path accepts files whose extension is `.php`, and Apache's standard mod_php matches `\.php$` and executes them under the K2 web user. A K2 Author can upload a `shell.php`, then fetch `/media/k2/attachments/shell.php` and execute arbitrary PHP code in the web server's context. | ||||
| CVE-2026-49048 | 2026-06-28 | N/A | ||
| The Joomla extension JoomCCK exposes a front-end controller task, that builds two SQL statements by directly concatenating a user-supplied request parameter into the query string without escaping or parameterisation. | ||||
| CVE-2026-48944 | 1 Getk2 | 1 K2 Extension For Joomla | 2026-06-28 | 6.5 Medium |
| The K2 frontend article-save handler accepts an `attachment[N][existing]` POST field that is concatenated with `JPATH_SITE/` and passed to `JFile::copy()`. `JPath::clean` does NOT strip `..`, and there is no allow-list of source paths. An Author can therefore copy `configuration.php` (or any other file readable by the web user — including `../../../etc/passwd`) into `/media/k2/attachments/`, then retrieve the contents via the K2 attachment-download endpoint. | ||||