Export limit exceeded: 351403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351403 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-66664 | 1 Amd | 13 Instinct Mi210, Instinct Mi250, Instinct Mi300a and 10 more | 2026-05-17 | N/A |
| Insufficient parameter sanitization in AMD Secure Processor (ASP) TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_LOAD_GFX_IP_FW SR-IOV command to cause out-of-bounds read, potentially resulting in SOC Driver memory contents exposure or an exception | ||||
| CVE-2025-54511 | 1 Amd | 5 Instinct Mi210, Instinct Mi250, Mi-25 and 2 more | 2026-05-17 | N/A |
| Improper handling of insufficient privileges in the AMD Secure Processor (ASP) could allow an attacker to provide an input value to a function without sufficient privileges and successfully write data, potentially resulting in loss of integrity of availability. | ||||
| CVE-2023-31309 | 1 Amd | 4 Radeon Pro V520, Radeon Pro V620, Radeon Pro W6000 Series and 1 more | 2026-05-17 | N/A |
| Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. | ||||
| CVE-2024-36333 | 1 Amd | 12 Amd Cleanup Utility, Radeon Pro Vii, Radeon Pro W5000 Series and 9 more | 2026-05-17 | N/A |
| A DLL hijacking vulnerability in the AMD Cleanup Utility could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2026-41258 | 1 Openmrs | 1 Openmrs-core | 2026-05-17 | 9.1 Critical |
| OpenMRS is an open source electronic medical record system platform. From 2.7.0 to before 2.7.9 and 2.8.6, the ConceptReferenceRangeUtility.evaluateCriteria() method in OpenMRS Core evaluates database-stored criteria strings as Apache Velocity templates without any sandbox configuration. The VelocityEngine is initialized with only logging properties and noSecureUberspector, leaving the default UberspectImpl in place, which allows unrestricted Java reflection through template expressions. A user with the Manage Concepts privilege can store a malicious Velocity template expression in a concept's reference range criteria field. This payload is then executed automatically whenever a user or API call validates an observation against the affected concept. The Velocity context exposes $patient (the Person / Patient object), $obs (the Obs object), and $fn (the ConceptReferenceRangeUtility instance with access to the full OpenMRS service layer). This vulnerability is fixed in 2.7.9 and 2.8.6. | ||||
| CVE-2026-44714 | 1 Bitcoinj | 1 Bitcoinj | 2026-05-17 | 7.5 High |
| The bitcoinj library is a Java implementation of the Bitcoin protocol. Prior to 0.17.1, ScriptExecution.correctlySpends() contains two fast-path verification bugs for standard P2PKH and native P2WPKH spends in core/src/main/java/org/bitcoinj/script/ScriptExecution.java. In both branches, bitcoinj verifies an attacker-controlled signature/public-key pair but fails to verify that the public key is the one committed to by the output being spent. As a result, any attacker keypair can satisfy bitcoinj's local verification for arbitrary P2PKH and P2WPKH outputs. This vulnerability is fixed in 0.17.1. | ||||
| CVE-2026-8700 | 1 Timlegge | 1 Crypt::dsa | 2026-05-17 | N/A |
| Crypt::DSA versions before 1.20 for Perl generate seeds using rand. Seeds were generated using Perl's built-in rand function, which is predictable and unsuitable for security usage. | ||||
| CVE-2026-8704 | 1 Timlegge | 1 Crypt::dsa | 2026-05-17 | N/A |
| Crypt::DSA versions through 1.19 for Perl use 2-args open, allowing existing files to be modified. | ||||
| CVE-2026-8656 | 1 Benjamine | 1 Jsondiffpatch | 2026-05-17 | 6.1 Medium |
| Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Cross-site Scripting (XSS) via the annotated formatter due to improper sanitization of JSON values and property names. If an application compares untrusted JSON/object data and renders annotated formatter output in the DOM, attacker-controlled HTML can be interpreted by the browser, resulting in XSS. | ||||
| CVE-2026-8657 | 1 Benjamine | 1 Jsondiffpatch | 2026-05-17 | 8.2 High |
| Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype. | ||||
| CVE-2026-24710 | 1 Northern.tech | 1 Cfengine | 2026-05-17 | 6.1 Medium |
| Northern.tech CFEngine Enterprise before 3.21.8, 3.24.3, and 3.27.0 allows XSS. | ||||
| CVE-2026-44371 | 1 Osc | 1 Open Ondemand | 2026-05-17 | N/A |
| Open OnDemand is an open-source high-performance computing portal. Prior to 4.0.11, 4.1.5, and 4.2.2, specially crafted filenames can execute javascript in the file browser This vulnerability is fixed in 4.0.11, 4.1.5, and 4.2.2. | ||||
| CVE-2026-42283 | 1 Devspace | 1 Devspace | 2026-05-17 | 7.7 High |
| DevSpace is a client-only developer tool for cloud-native development with Kubernetes. Prior to 6.3.21, DevSpace's UI server WebSocket accepts connections from all origins by default, and therefore several endpoints are exposed via this WebSocket. When a developer runs the DevSpace UI and at the same time uses a browser to access the internet, a malicious website they visit can use their browser to establish a cross-origin WebSocket connection to ws://127.0.0.1:8090. This vulnerability is fixed in 6.3.21. | ||||
| CVE-2026-6332 | 1 Schneider-electric | 1 Ecostruxure Machine Expert - Hvac | 2026-05-17 | N/A |
| CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that could cause the disclosure of a sensitive information which could result in revealing protected source code and loss of confidentiality, When an authorized attacker accesses the source code for editing or compiling it. | ||||
| CVE-2026-42897 | 1 Microsoft | 7 Exchange Server, Exchange Server 2016, Exchange Server 2019 and 4 more | 2026-05-17 | 8.1 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Exchange Server allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-41615 | 1 Microsoft | 3 Authenticator, Authenticator For Android, Authenticator For Ios | 2026-05-17 | 9.6 Critical |
| Exposure of sensitive information to an unauthorized actor in Microsoft Authenticator allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-27680 | 1 Sap | 1 Sap Netweaver Application Server Java | 2026-05-17 | 3.1 Low |
| Due to improper input handling under certain conditions, SAP NetWeaver Application Server ABAP allows an attacker to inject custom Cascading Style Sheets (CSS) data into a web page served by the application. When a user accesses or clicks the affected page, the injected CSS is executed. As a result, the issue has a low impact on confidentiality, while integrity and availability are not impacted. | ||||
| CVE-2026-43906 | 2 Academysoftwarefoundation, Openimageio | 2 Openimageio, Openimageio | 2026-05-17 | 7.8 High |
| OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a heap-based buffer overflow in the HEIF decoder of OpenImageIO allows out-of-bounds writes via crafted images due to a subimage metadata mismatch, leading to memory corruption and potential code execution. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | ||||
| CVE-2026-43909 | 2 Academysoftwarefoundation, Openimageio | 2 Openimageio, Openimageio | 2026-05-17 | 8.8 High |
| OpenImageIO is a toolset for reading, writing, and manipulating image files of any image file format relevant to VFX / animation. Prior to 3.0.18.0 and 3.1.13.0, a signed 32-bit integer overflow in the loop index expression i * 4 inside SwapRGBABytes() causes the function to compute a large negative pointer offset when processing kABGR DPX images with large dimensions. The immediate crash is an out-of-bounds read (the memcpy at line 45 reads from &input[i * 4] first), but the subsequent write operations at lines 46–49 target the same wrapped offset — making this a combined OOB read+write primitive. This vulnerability is fixed in 3.0.18.0 and 3.1.13.0. | ||||
| CVE-2026-8596 | 2 Amazon, Amazon Sagemaker Python Sdk | 2 Sagemaker Python Sdk, Aws | 2026-05-17 | 7.2 High |
| Cleartext storage of sensitive information in the ModelBuilder/Serve component in Amazon SageMaker Python SDK before v2.257.2 and v3 before v3.8.0 might allow a remote authenticated actor to extract the HMAC signing key from SageMaker API responses and forge valid integrity signatures for specially crafted model artifacts, achieving code execution in inference containers. This issue requires a remote authenticated actor with permissions to call SageMaker describe APIs and S3 write access to the model artifact path. To remediate this issue, we recommend upgrading to Amazon SageMaker Python SDK v2.257.2 or v3.8.0 and rebuild any models previously created with ModelBuilder using the updated SDK. | ||||