Export limit exceeded: 350871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350871 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350871 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40902 | 1 Phpoffice | 1 Phpspreadsheet | 2026-05-14 | 7.5 High |
| PhpSpreadsheet is a pure PHP library for reading and writing spreadsheet files. Prior to 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0, the XLSX reader's ColumnAndRowAttributes::readRowAttributes() method reads row numbers from XML attributes without validating them against the spreadsheet maximum row limit (AddressRange::MAX_ROW = 1,048,576). An attacker can craft a minimal XLSX file (~1.6KB) containing a <row r="999999999"/> element that inflates cachedHighestRow to 999,999,999, causing any subsequent row iteration to attempt ~1 billion loop cycles and exhaust CPU resources. This vulnerability is fixed in 1.30.4, 2.1.16, 2.4.5, 3.10.5, and 5.7.0. | ||||
| CVE-2026-42268 | 2 Modsecurity, Owasp | 2 Modsecurity, Modsecurity | 2026-05-14 | 7.5 High |
| ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. From 3.0.0 to before 3.0.15, there is an unhandled exception (std::out_of_range) caused by unsigned integer underflow in libmodsecurity3 if the user (administrator) uses a rule any of @verifySSN, @verifyCPF, or @verifySVNR. This vulnerability is fixed in 3.0.15. | ||||
| CVE-2026-44015 | 2 0xjacky, Nginxui | 2 Nginx-ui, Nginx Ui | 2026-05-14 | 8.5 High |
| Nginx UI is a web user interface for the Nginx web server. In 2.3.4 and earlier, an authenticated user can perform Server-Side Request Forgery (SSRF) by creating a cluster node pointing to an arbitrary internal URL and then sending API requests with the X-Node-ID header. The Proxy middleware forwards these requests to the attacker-specified internal address, bypassing network segmentation and enabling access to services bound to localhost or internal networks. | ||||
| CVE-2026-33834 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-14 | 7.8 High |
| Improper access control in Windows Event Logging Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42457 | 2026-05-14 | 9 Critical | ||
| vCluster Platform provides a Kubernetes platform for managing virtual clusters, multi-tenancy, and cluster sharing. Prior to 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0, there is a Stored XSS attack vulnerability via the name field of a templateRef. This can lead to the execution of arbitrary external scripts within the platform's browser context. In the worst case, a malicious user could potentially create a new Global-Admin user, bypassing other security restrictions. The attacker needs the ability to create namespaces. This vulnerability is fixed in 4.4.3, 4.5.5, 4.6.2, 4.7.1, and 4.8.0. | ||||
| CVE-2026-33835 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-05-14 | 7.8 High |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33837 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-14 | 7.8 High |
| Heap-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33838 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-14 | 7.8 High |
| Double free in Windows Message Queuing allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2024-45257 | 1 Malwared | 1 Byob | 2026-05-14 | 7.3 High |
| A Command Injection issue in the payload build page in BYOB (Build Your Own Botnet) 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py. | ||||
| CVE-2026-6008 | 2026-05-14 | 6.8 Medium | ||
| Authorization bypass through User-Controlled key vulnerability in Im Park Information Technology, Electronics, Press, Publishing and Advertising, Education Ltd. Co. DijiDemi allows Privilege Abuse. This issue affects DijiDemi: from v4.5.12.1 before v4.5.13.0. | ||||
| CVE-2026-6472 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 5.4 Medium |
| Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use search_path to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-6473 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 8.8 High |
| Integer wraparound in multiple PostgreSQL server features allows an unprivileged database user to cause the server to undersize an allocation and write out-of-bounds. This may execute arbitrary code as the operating system user running the database. In applications that pass gigabyte-scale user inputs to the relevant database functions, the application input provider may achieve a segmentation fault. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-6475 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 8.8 High |
| Symlink following in PostgreSQL pg_basebackup plain format and in pg_rewind allows an origin superuser to overwrite local files, e.g. /var/lib/postgres/.bashrc, that hijack the operating system account. It will remain the case that starting the server after these commands implicitly trusts the origin superuser, due to features like shared_preload_libraries. Hence, the attack has practical implications only if one takes relevant action between these commands and server start, like moving the files to a different VM or snapshotting the VM. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-6476 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 7.2 High |
| SQL injection in PostgreSQL pg_createsubscriber allows an attacker with pg_create_subscription rights to execute arbitrary SQL as a superuser. The attack takes effect when pg_createsubscriber next runs. Within major versions 17 and 18, minor versions before PostgreSQL 18.4 and 17.10 are affected. Versions before PostgreSQL 17 are unaffected. | ||||
| CVE-2026-43644 | 1 Stefanprodan | 1 Podinfo | 2026-05-14 | 5.4 Medium |
| podinfo through 6.11.2 contains a reflected cross-site scripting vulnerability in the /echo and /api/echo endpoints where the echoHandler writes request body content directly to the response without setting explicit Content-Type or X-Content-Type-Options headers. Attackers can craft cross-origin HTML pages with auto-submitting forms containing script payloads in the request body, which are served as text/html due to Go's content type detection, allowing the reflected script to execute in the podinfo origin context when victims visit the attacker's page. | ||||
| CVE-2026-6477 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 8.8 High |
| Use of inherently dangerous function PQfn(..., result_is_int=0, ...) in PostgreSQL libpq lo_export(), lo_read(), lo_lseek64(), and lo_tell64() functions allows the server superuser to overwrite a client stack buffer with an arbitrarily-large response. Like gets(), PQfn(..., result_is_int=0, ...) stores arbitrary-length, server-determined data into a buffer of unspecified size. Because both the \lo_export command in psql and pg_dump call lo_read(), the server superuser can overwrite pg_dump or psql stack memory. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-6478 | 1 Postgresql | 1 Postgresql | 2026-05-14 | 6.5 Medium |
| Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases may have MD5-hashed passwords originating in upgrades from PostgreSQL 13 or earlier. Versions before PostgreSQL 18.4, 17.10, 16.14, 15.18, and 14.23 are affected. | ||||
| CVE-2026-33839 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-05-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33840 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-05-14 | 7.8 High |
| Use after free in Windows Win32K - ICOMP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33841 | 1 Microsoft | 19 Windows 10 21h2, Windows 10 21h2, Windows 10 22h2 and 16 more | 2026-05-14 | 7.8 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||