Export limit exceeded: 46085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46085 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-50259 | 3 Redhat, X.org, Xorg | 12 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 9 more | 2026-07-09 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. _XkbSetMapChecks() declares a fixed-size stack buffer mapWidths[256] indexed by key type index. The helper function CheckKeyTypes() writes to this buffer at a client-controlled offset, allowing a stack buffer overflow. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50258 | 2 Redhat, X.org | 10 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 7 more | 2026-07-09 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. The X server has multiple stack buffers sized XkbMaxShiftLevel * XkbNumKbdGroups but CheckKeyTypes() does not verify or clamp non-canonical key types to XkbMaxShiftLevel. A client can change key types to excessive shift levels and trigger stack overflows. This is caused by an incomplete fix of CVE-2025-26597. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-50256 | 2 Redhat, X.org | 11 Enterprise Linux, Enterprise Linux Eus, Rhel Aus and 8 more | 2026-07-09 | 7.8 High |
| A stack-based buffer overflow flaw was found in the X.Org X server and Xwayland. A mismatch between the X server and the libXfont2 library's maximum font name length can cause a stack buffer overflow during font alias resolution. The server allocates a 256 byte stack buffer but libXfont2's alias target name length is 1024 bytes. A font alias name between 257 and 1023 bytes causes the X server to copy that name into the undersized stack buffer without further checks. This may be used to crash the server, or for privilege escalation if the X server runs as root. | ||||
| CVE-2026-14063 | 1 Google | 1 Chrome | 2026-07-09 | 5.7 Medium |
| Out of bounds read in Chromecast in Google Chrome prior to 150.0.7871.47 allowed a local attacker to obtain potentially sensitive information from process memory via malicious network traffic. (Chromium security severity: Low) | ||||
| CVE-2026-14071 | 1 Google | 1 Chrome | 2026-07-09 | 6.5 Medium |
| Side-channel information leakage in WebAudio in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-14422 | 1 Google | 1 Chrome | 2026-07-09 | 8.8 High |
| Out of bounds read and write in Tint in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-23084 | 2 Apfloat, Mikkotommila | 2 Apfloat, Apfloat | 2026-07-09 | 7.5 High |
| Apfloat v1.10.1 was discovered to contain an ArrayIndexOutOfBoundsException via the component org.apfloat.internal.DoubleCRTMath::add(double[], double[]). NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability. The submission may have been based on a tool that is not sufficiently robust for vulnerability identification. | ||||
| CVE-2022-4990 | 1 Asus | 1 Ai Suite 3 | 2026-07-09 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** Improper Validation of Specified Quantity in Input in the ASUS AI Suite 3 driver allows a local user to bypass security validation and access restricted memory blocks via crafted IOCTL requests, leading to privilege escalation. | ||||
| CVE-2026-52719 | 2 Gstreamer Project, Redhat | 2 Gstreamer Plugin, Enterprise Linux | 2026-07-08 | 7.1 High |
| An out-of-bounds read vulnerability was found in the VA JPEG decoder in GStreamer's gst-plugins-bad. The JPEG parser reads a segment length value from the bitstream without validating it against available data. A remote attacker could trick a user into opening a specially crafted JPEG file, causing downstream parsing to read beyond the provided input buffer, leading to a crash or potential information disclosure. | ||||
| CVE-2026-44808 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-07-08 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-44811 | 1 Microsoft | 2 Windows 11 26h1, Windows 11 26h1 | 2026-07-08 | 7.8 High |
| Heap-based buffer overflow in Windows DWM Core Library allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42974 | 1 Microsoft | 11 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 8 more | 2026-07-08 | 8.1 High |
| Integer overflow or wraparound in Windows Performance Monitor allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-42914 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-07-08 | 5.3 Medium |
| Out-of-bounds read in Windows Kerberos allows an authorized attacker to deny service over a network. | ||||
| CVE-2026-42916 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-07-08 | 7.8 High |
| Integer overflow or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-42837 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-07-08 | 7.8 High |
| Out-of-bounds read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45653 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-07-08 | 7 High |
| Heap-based buffer overflow in Windows Kernel allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-45608 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-07-08 | 6.8 Medium |
| Out-of-bounds read in Windows DHCP Client allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-45463 | 1 Microsoft | 9 365 Apps, Office, Office 2016 and 6 more | 2026-07-08 | 8.4 High |
| Integer underflow (wrap or wraparound) in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45457 | 1 Microsoft | 7 365 Apps, Microsoft 365, Office 2021 and 4 more | 2026-07-08 | 7.8 High |
| Out-of-bounds read in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-45455 | 1 Microsoft | 10 365 Apps, Excel 2016, Microsoft 365 Apps For Enterprise and 7 more | 2026-07-08 | 3.3 Low |
| Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information locally. | ||||