Search Results (4906 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-11655 2 Apple, Google 2 Macos, Chrome 2026-06-10 8.3 High
Integer overflow in Media in Google Chrome on Mac prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11659 2 Google, Linux 2 Chrome, Linux Kernel 2026-06-10 9.6 Critical
Integer overflow in UI in Google Chrome on Linux prior to 149.0.7827.103 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2026-34667 1 Adobe 3 C2pa, C2pa-web, Cai Content Credentials 2026-06-09 6.2 Medium
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34671 1 Adobe 3 C2pa, C2pa-web, Cai Content Credentials 2026-06-09 6.2 Medium
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34672 1 Adobe 3 C2pa, C2pa-web, Cai Content Credentials 2026-06-09 6.2 Medium
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-34680 1 Adobe 3 C2pa, C2pa-web, Cai Content Credentials 2026-06-09 6.2 Medium
CAI Content Credentials versions c2pa-web@0.7.0, c2pa-v0.78.2 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user interaction.
CVE-2026-41849 2 Spring, Vmware 2 Spring Framework, Spring Framework 2026-06-09 7.5 High
An integer overflow vulnerability exists in the evaluation logic of the Spring Expression Language (SpEL). An attacker can exploit this by supplying a specially crafted SpEL expression that triggers excessive resource consumption, resulting in a Denial of Service (DoS). Affected versions: Spring Framework 5.3.0 through 5.3.48.
CVE-2024-49112 1 Microsoft 23 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 20 more 2026-06-09 9.8 Critical
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability
CVE-2024-49078 1 Microsoft 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more 2026-06-09 6.8 Medium
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49077 1 Microsoft 14 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 11 more 2026-06-09 6.8 Medium
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability
CVE-2024-49103 1 Microsoft 15 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 12 more 2026-06-09 4.3 Medium
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability
CVE-2024-49089 1 Microsoft 24 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 21 more 2026-06-09 7.2 High
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-49085 1 Microsoft 11 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 8 more 2026-06-09 8.8 High
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability
CVE-2024-37976 1 Microsoft 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more 2026-06-09 6.7 Medium
Windows Resume Extensible Firmware Interface Security Feature Bypass Vulnerability
CVE-2026-45130 2 Neovim, Vim 2 Neovim, Vim 2026-06-09 6.6 Medium
Vim is an open source, command line text editor. Prior to version 9.2.0450, a heap buffer overflow exists in read_compound() in src/spellfile.c when loading a crafted spell file (.spl) with UTF-8 encoding active. An attacker-controlled length field in the spell file's compound section overflows a 32-bit signed integer multiplication, causing a small buffer to be allocated for a write loop that runs many iterations, overflowing the heap. Because the 'spelllang' option can be set from a modeline, a text file modeline can trigger spell file loading if a malicious .spl file has been planted on the runtimepath. This issue has been patched in version 9.2.0450.
CVE-2024-43519 1 Microsoft 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more 2026-06-09 8.8 High
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability
CVE-2026-11678 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-09 5.3 Medium
Integer overflow in libyuv in Google Chrome prior to 149.0.7827.103 allowed a remote attacker who had compromised the renderer process to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: High)
CVE-2026-11299 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-09 6.5 Medium
Integer overflow in Fonts in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-41977 1 Huawei 2 Emui, Harmonyos 2026-06-09 5 Medium
DoS vulnerability in the log service. Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2026-32759 1 Filebrowser 1 Filebrowser 2026-06-09 8.1 High
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. In versions on the 2.x branch prior to 2.33.8, the TUS resumable upload handler parses the Upload-Length header as a signed 64-bit integer without validating that the value is non-negative, allowing an authenticated user to supply a negative value that instantly satisfies the upload completion condition upon the first PATCH request. This causes the server to fire after_upload exec hooks with empty or partial files, enabling an attacker to repeatedly trigger any configured hook with arbitrary filenames and zero bytes written. The impact ranges from DoS through expensive processing hooks, to command injection amplification when combined with malicious filenames, to abuse of upload-driven workflows like S3 ingestion or database inserts. Even without exec hooks enabled, the negative Upload-Length creates inconsistent cache entries where files are marked complete but contain no data. All deployments using the TUS upload endpoint (/api/tus) are affected, with the enableExec flag escalating the impact from cache inconsistency to remote command execution. This feature has been disabled by default for all installations from v2.33.8 onwards, including for existent installations. To exploit this vulnerability, the instance administrator must turn on a feature and ignore all the warnings about known vulnerabilities.