Export limit exceeded: 361193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361193 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-32910 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup, where soup_auth_digest_authenticate() is vulnerable to a NULL pointer dereference. This issue may cause the libsoup client to crash. | ||||
| CVE-2025-32050 | 1 Redhat | 3 Enterprise Linux, Rhel Eus, Rhivos | 2026-06-25 | 5.9 Medium |
| A flaw was found in libsoup. The libsoup append_param_quoted() function may contain an overflow bug resulting in a buffer under-read. | ||||
| CVE-2025-32912 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup, where SoupAuthDigest is vulnerable to a NULL pointer dereference. The HTTP server may cause the libsoup client to crash. | ||||
| CVE-2025-32049 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-06-25 | 7.5 High |
| A flaw was found in libsoup. The SoupWebsocketConnection may accept a large WebSocket message, which may cause libsoup to allocate memory and lead to a denial of service (DoS). | ||||
| CVE-2025-32053 | 1 Redhat | 3 Enterprise Linux, Rhel Eus, Rhivos | 2026-06-25 | 6.5 Medium |
| A flaw was found in libsoup. A vulnerability in sniff_feed_or_html() and skip_insignificant_space() functions may lead to a heap buffer over-read. | ||||
| CVE-2025-31177 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 5.5 Medium |
| gnuplot is affected by a heap buffer overflow at function utf8_copy_one. | ||||
| CVE-2025-31180 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The CANVAS_text() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-32907 | 1 Redhat | 4 Enterprise Linux, Rhel E4s, Rhel Eus and 1 more | 2026-06-25 | 5.3 Medium |
| A flaw was found in libsoup. The implementation of HTTP range requests is vulnerable to a resource consumption attack. This flaw allows a malicious client to request the same range many times in a single HTTP request, causing the server to use large amounts of memory. This does not allow for a full denial of service. | ||||
| CVE-2025-31176 | 2 Gnuplot, Redhat | 2 Gnuplot, Enterprise Linux | 2026-06-25 | 6.2 Medium |
| A flaw was found in gnuplot. The plot3d_points() function may lead to a segmentation fault and cause a system crash. | ||||
| CVE-2025-4035 | 1 Redhat | 2 Enterprise Linux, Rhivos | 2026-06-25 | 4.3 Medium |
| A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation. | ||||
| CVE-2025-4432 | 1 Redhat | 6 Enterprise Linux, Openshift, Rhivos and 3 more | 2026-06-25 | 5.3 Medium |
| A flaw was found in Rust's Ring package. A panic may be triggered when overflow checking is enabled. In the QUIC protocol, this flaw allows an attacker to induce this panic by sending a specially crafted packet. It will likely occur unintentionally in 1 out of every 2**32 packets sent or received. | ||||
| CVE-2025-47711 | 2 Nbdkit Project, Redhat | 5 Nbdkit, Advanced Virtualization, Enterprise Linux and 2 more | 2026-06-25 | 6.5 Medium |
| There's a flaw in the nbdkit server when handling responses from its plugins regarding the status of data blocks. If a client makes a specific request for a very large data range, and a plugin responds with an even larger single block, the nbdkit server can encounter a critical internal error, leading to a denial-of-service. | ||||
| CVE-2025-1244 | 1 Redhat | 8 Enterprise Linux, Openshift Builds, Rhel Aus and 5 more | 2026-06-25 | 8.8 High |
| A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. | ||||
| CVE-2026-54823 | 2 Marketingfire, Wordpress | 2 Widget-options, Wordpress | 2026-06-25 | 9.9 Critical |
| Contributor Remote Code Execution (RCE) in Widget Options <= 4.2.3 versions. | ||||
| CVE-2026-56005 | 2 Melapress, Wordpress | 2 Wp Activity Log, Wordpress | 2026-06-25 | 7.1 High |
| Subscriber Cross Site Scripting (XSS) in WP Activity Log <= 5.6.3.1 versions. | ||||
| CVE-2026-54842 | 2 Royal Plugins, Wordpress | 2 Royal Mcp, Wordpress | 2026-06-25 | 8.1 High |
| Missing Authorization vulnerability in Royal Plugins Royal MCP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Royal MCP: from n/a through 1.4.25. | ||||
| CVE-2026-57532 | 1 Pretix | 1 Pretix | 2026-06-25 | N/A |
| Malicious HTML content contained in the layout specification of a PDF ticket or badge layout was executed when the PDF editor is opened in the browser. This could allow one backend user to inject JavaScript into the browser context of another backend user. Due to requirements of the PDF rendering and editing libraries used, this is one of the few pages in our backend that do not have a strong Content-Security-Policy that would render this capability useless for most scenarios. | ||||
| CVE-2026-57455 | 1 Vim | 1 Vim | 2026-06-25 | N/A |
| Vim is an open source, command line text editor. Prior to 9.2.0698, the single-byte branch of spell_soundfold_sofo() in src/spell.c translates a word through a spell file's SOFO (sound-folding) byte map into a caller-owned result buffer. Its copy loop advances the output index ri with no upper bound and terminates only on the input NUL, writing one byte per input byte into the MAXWLEN-element stack buffer the caller provides. A word longer than MAXWLEN, passed to soundfold() (or reached via sound-based spell suggestion) while a SOFO-based spell language is active, therefore writes past the end of that buffer. This is a stack out-of-bounds write that corrupts the call frame and crashes the editor. This vulnerability is fixed in 9.2.0698. | ||||
| CVE-2026-10517 | 1 Redhat | 1 Quay | 2026-06-25 | 5.8 Medium |
| A flaw was found in Clair. The fetcher component makes outbound HTTP requests to attacker-supplied URIs from manifest layer descriptors without IP or scheme filtering. When PSK authentication is not configured (opt-in, not enforced by default), an unauthenticated attacker can submit a manifest with a URI pointing to internal services or cloud metadata endpoints. The SSRF is reflective for non-200 responses, leaking up to 256 bytes of error body content via CheckResponse error messages. Operator-managed Red Hat Quay deployments auto-configure PSK and are not exposed to the unauthenticated attack vector. | ||||
| CVE-2026-46733 | 1 Dell | 1 Display And Peripheral Manager | 2026-06-25 | 7.8 High |
| Dell Display and Peripheral Manager (DDPM Windows), versions prior to 2.3, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | ||||