Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366864 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46529 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46529 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-43532 | 1 Openclaw | 1 Openclaw | 2026-05-05 | 7.7 High |
| OpenClaw versions 2026.4.7 before 2026.4.10 fail to normalize Discord event cover image parameters in sandbox media processing. Attackers can bypass media normalization to inject host-local media references into channel action paths expecting normalized media. | ||||
| CVE-2026-23918 | 1 Apache | 1 Http Server | 2026-05-05 | 8.8 High |
| Double Free and possible RCE vulnerability in Apache HTTP Server with the HTTP/2 protocol. This issue affects Apache HTTP Server: 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-42799 | 1 Asrmicro | 3 Asr1803, Asr1803 Firmware, Kestrel | 2026-05-05 | 7.4 High |
| Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10. | ||||
| CVE-2026-40950 | 1 Absolute | 1 Secure Access | 2026-05-05 | 6.5 Medium |
| CVE-2026-40950 is a buffer overflow vulnerability in the Secure Access server prior to 14.50. Attackers with control of a modified client can send a specially crafted message to the server and cause a denial of service | ||||
| CVE-2026-40949 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 4.4 Medium |
| CVE-2026-40949 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to trigger a denial of service. | ||||
| CVE-2026-33452 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 5.5 Medium |
| CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system. | ||||
| CVE-2026-33451 | 2 Absolute, Microsoft | 2 Secure Access, Windows | 2026-05-05 | 7.8 High |
| CVE-2026-33451 is an arbitrary read/write vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can send malformed data to an API and elevate their level of privilege to system. | ||||
| CVE-2026-33450 | 2 Absolute, Apple | 2 Secure Access, Macos | 2026-05-05 | 5.5 Medium |
| CVE-2026-33450 is an out of bounds read vulnerability in the Secure Access MacOS client prior to 14.50. Attackers with control of a modified server can send a malformed packet to the client causing a denial of service. | ||||
| CVE-2026-33449 | 1 Absolute | 1 Secure Access | 2026-05-05 | 7.5 High |
| CVE-2026-33449 is a buffer overflow in a message handling function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a cryptographically valid message to the client, overwriting a small portion of memory conceivably leading to a denial of service. | ||||
| CVE-2026-33447 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33447 is a buffer overflow in a message parsing function of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or denial of service. | ||||
| CVE-2026-33446 | 1 Absolute | 1 Secure Access | 2026-05-05 | 9.8 Critical |
| CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | ||||
| CVE-2026-40228 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-05-05 | 2.9 Low |
| In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set. | ||||
| CVE-2026-7749 | 1 Totolink | 2 N300rh, N300rh Firmware | 2026-05-05 | 8.8 High |
| A security vulnerability has been detected in Totolink N300RH 3.2.4-B20220812. This affects the function setWanConfig of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. The manipulation of the argument priDns leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-7675 | 1 Shenzhen Libituo Technology | 1 Lbt-t300-hw1 | 2026-05-05 | 8.8 High |
| A vulnerability has been found in Shenzhen Libituo Technology LBT-T300-HW1 up to 1.2.8. Impacted is the function start_lan of the file /apply.cgi. The manipulation of the argument Channel/ApCliSsid leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-70069 | 1 Assimp | 1 Assimp | 2026-05-04 | 7.5 High |
| An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial() method | ||||
| CVE-2026-34059 | 1 Apache | 1 Http Server | 2026-05-04 | 7.5 High |
| Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-33857 | 1 Apache | 2 Apache Http Server, Http Server | 2026-05-04 | 5.3 Medium |
| Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-34032 | 1 Apache | 1 Http Server | 2026-05-04 | 5.3 Medium |
| Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-5405 | 1 Wireshark | 1 Wireshark | 2026-05-04 | 7.8 High |
| RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | ||||
| CVE-2026-35373 | 1 Uutils | 1 Coreutils | 2026-05-04 | 3.3 Low |
| A logic error in the ln utility of uutils coreutils causes the program to reject source paths containing non-UTF-8 filename bytes when using target-directory forms (e.g., ln SOURCE... DIRECTORY). While GNU ln treats filenames as raw bytes and creates the links correctly, the uutils implementation enforces UTF-8 encoding, resulting in a failure to stat the file and a non-zero exit code. In environments where automated scripts or system tasks process valid but non-UTF-8 filenames common on Unix filesystems, this divergence causes the utility to fail, leading to a local denial of service for those specific operations. | ||||