Export limit exceeded: 365349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (86255 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2017-20277 1 Joomboost 1 Joomla Joomrecipe 2026-06-23 8.2 High
Joomla JoomRecipe 1.0.4 component contains a blind SQL injection vulnerability in the search_author parameter on the search results page. Attackers can inject SQL code through POST requests to the search endpoint to extract database information using boolean-based blind SQL injection techniques.
CVE-2026-32590 1 Redhat 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay 2026-06-23 7.1 High
A flaw was found in Red Hat Quay's handling of resumable container image layer uploads. The upload process stores intermediate data in the database using a format that, if tampered with, could allow an attacker to execute arbitrary code on the Quay server.
CVE-2026-32589 1 Redhat 3 Mirror Registry, Mirror Registry For Red Hat Openshift, Quay 2026-06-23 7.4 High
A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.
CVE-2023-6478 4 Debian, Redhat, Tigervnc and 1 more 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more 2026-06-23 7.6 High
A flaw was found in xorg-server. A specially crafted request to RRChangeProviderProperty or RRChangeOutputProperty can trigger an integer overflow which may lead to a disclosure of sensitive information.
CVE-2023-6377 4 Debian, Redhat, Tigervnc and 1 more 11 Debian Linux, Enterprise Linux, Enterprise Linux Eus and 8 more 2026-06-23 7.8 High
A flaw was found in xorg-server. Querying or changing XKB button actions such as moving from a touchpad to a mouse can result in out-of-bounds memory reads and writes. This may allow local privilege escalation or possible remote code execution in cases where X11 forwarding is involved.
CVE-2023-5574 2 Redhat, X.org 2 Enterprise Linux, X Server 2026-06-23 7 High
A use-after-free flaw was found in xorg-x11-server-Xvfb. This issue occurs in Xvfb with a very specific and legacy configuration (a multi-screen setup with multiple protocol screens, also known as Zaphod mode). If the pointer is warped from a screen 1 to a screen 0, a use-after-free issue may be triggered during shutdown or reset of the Xvfb server, allowing for possible escalation of privileges or denial of service.
CVE-2023-5367 4 Debian, Fedoraproject, Redhat and 1 more 17 Debian Linux, Fedora, Enterprise Linux and 14 more 2026-06-23 7.8 High
A out-of-bounds write flaw was found in the xorg-x11-server. This issue occurs due to an incorrect calculation of a buffer offset when copying data stored in the heap in the XIChangeDeviceProperty function in Xi/xiproperty.c and in RRChangeOutputProperty function in randr/rrproperty.c, allowing for possible escalation of privileges or denial of service.
CVE-2023-49081 2 Aiohttp, Redhat 5 Aiohttp, Ansible Automation Platform, Rhui and 2 more 2026-06-23 7.2 High
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Improper validation made it possible for an attacker to modify the HTTP request (e.g. to insert a new header) or create a new HTTP request if the attacker controls the HTTP version. The vulnerability only occurs if the attacker can control the HTTP version of the request. This issue has been patched in version 3.9.0.
CVE-2023-4781 3 Apple, Debian, Vim 3 Macos, Debian Linux, Vim 2026-06-23 7.8 High
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1873.
CVE-2023-4750 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2026-06-23 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.1857.
CVE-2023-4736 2 Apple, Vim 2 Macos, Vim 2026-06-23 7.8 High
Untrusted Search Path in GitHub repository vim/vim prior to 9.0.1833.
CVE-2023-4735 2 Apple, Vim 2 Macos, Vim 2026-06-23 7.8 High
Out-of-bounds Write in GitHub repository vim/vim prior to 9.0.1847.
CVE-2023-4734 2 Apple, Vim 2 Macos, Vim 2026-06-23 7.8 High
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1846.
CVE-2023-4733 3 Apple, Fedoraproject, Vim 3 Macos, Fedora, Vim 2026-06-23 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.1840.
CVE-2023-2610 1 Vim 1 Vim 2026-06-23 7.8 High
Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532.
CVE-2025-71376 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-06-23 8.1 High
picklescan before 0.0.29 fails to detect malicious pickle files using idlelib.autocomplete.AutoComplete.fetch_completions in reduce methods. Attackers can embed undetected code in pickle files that executes arbitrary commands when loaded by victims.
CVE-2025-71319 2 Image-size, Image Sizes Project 2 Image-size, Image Sizes 2026-06-23 7.5 High
image-size through 2.0.2 contains a denial of service vulnerability that allows remote attackers to permanently block the Node.js event loop by supplying a specially crafted image buffer with a zero-valued size field in a recognized box-type. Attackers can trigger an infinite loop in the JXL or HEIF image parsers by providing a crafted image containing a box with a size of zero, causing the offset to never advance and permanently hanging the application.
CVE-2026-54283 1 Kludex 1 Starlette 2026-06-23 7.5 High
Starlette is a lightweight ASGI framework/toolkit. From 0.4.1 until 1.3.1, request.form() accepts max_fields and max_part_size to bound resource consumption while parsing form data. These limits are enforced for multipart/form-data, but silently ignored for application/x-www-form-urlencoded. An unauthenticated attacker can therefore send a urlencoded body with an arbitrarily large number of fields or an arbitrarily large field, even when the application configured limits it believed would apply. This vulnerability is fixed in 1.3.1.
CVE-2026-27942 1 Naturalintelligence 1 Fast-xml-parser 2026-06-23 7.5 High
fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS object without C/C++ based libraries and no callback. Prior to version 5.3.8, the application crashes with stack overflow when user use XML builder with `preserveOrder:true`. Version 5.3.8 fixes the issue. As a workaround, use XML builder with `preserveOrder:false` or check the input data before passing to builder.
CVE-2025-71341 2 Mmaitre314, Picklescan 2 Picklescan, Picklescan 2026-06-23 8.1 High
picklescan before 0.0.29 fails to detect the profile.Profile.runctx function when analyzing pickle files, allowing attackers to embed undetected malicious code. Remote attackers can craft malicious pickle files using profile.Profile.runctx in the reduce method to achieve remote code execution when the pickle file is loaded.