Export limit exceeded: 350489 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350489 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21019 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-05-13 | N/A |
| Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege. | ||||
| CVE-2026-21020 | 1 Samsung Mobile | 1 Samsung Mobile Devices | 2026-05-13 | N/A |
| Improper export of android application components in OmaCP prior to SMR May-2026 Release 1 allows local attackers to trigger privileged functions. | ||||
| CVE-2025-11159 | 1 Hitachi | 1 Vantara Pentaho Data Integration And Analytics | 2026-05-13 | 9.1 Critical |
| Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator. | ||||
| CVE-2025-15101 | 1 Asus | 2 Asus Firmware, Router | 2026-05-13 | 8.8 High |
| An OS command injection vulnerability in the web management interface of certain ASUS router models allows remote authenticated administrators to execute arbitrary system commands via a crafted parameter. Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-20753 | 1 Intel | 1 Slim Bootloader | 2026-05-13 | N/A |
| Integer overflow in the UEFI firmware for the Slim Bootloader may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable local code execution. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (high), integrity (high) and availability (high) impacts. | ||||
| CVE-2026-28819 | 1 Apple | 2 Ios And Ipados, Macos | 2026-05-13 | 5.4 Medium |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2026-4890 | 1 Dnsmasq | 1 Dnsmasq | 2026-05-13 | 7.5 High |
| A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet. | ||||
| CVE-2026-4893 | 1 Dnsmasq | 1 Dnsmasq | 2026-05-13 | 5.3 Medium |
| An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information. | ||||
| CVE-2026-44352 | 1 Reconurge | 1 Flowsint | 2026-05-13 | N/A |
| Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Broken Access Control allows reading of sketch logs from any user. This vulnerability is fixed in 1.2.3. | ||||
| CVE-2026-32683 | 1 Ezviz | 1 Ezviz App | 2026-05-13 | 5.3 Medium |
| Some EZVIZ products utilize older versions of cloud feature modules with legacy API interfaces, which pose a data transmission risk. Attackers can exploit this by eavesdropping on network requests to obtain data.Users are advised to upgrade the app to the latest version and enable the video encryption feature. | ||||
| CVE-2026-28901 | 1 Apple | 5 Ios And Ipados, Macos, Tvos and 2 more | 2026-05-13 | 4.3 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 26.5 and iPadOS 26.5, macOS Tahoe 26.5, tvOS 26.5, visionOS 26.5, watchOS 26.5. Processing maliciously crafted web content may lead to an unexpected process crash. | ||||
| CVE-2025-43524 | 1 Apple | 3 Macos Sequoia, Macos Sonoma, Macos Tahoe | 2026-05-13 | 8.8 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.2. An app may be able to break out of its sandbox. | ||||
| CVE-2026-8200 | 1 Mongodb | 1 Mongodb Server | 2026-05-13 | 2.7 Low |
| When schema validation is enabled on a collection and an update or insert would violate the collection's schema, the local server log message generated may not have all user data redacted. This issue impacts MongoDB Server v7.0 versions prior to 7.0.34, v8.0 versions prior to 8.0.23, v8.2 versions prior to 8.2.9 and v8.3 versions prior to 8.3.2. | ||||
| CVE-2026-28922 | 1 Apple | 1 Macos | 2026-05-13 | 6.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to access private information. | ||||
| CVE-2026-27662 | 2026-05-13 | 7.7 High | ||
| Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performing unauthorized actions, or exploiting misconfigurations that may lead to further system compromise. | ||||
| CVE-2026-44412 | 1 Siemens | 1 Solid Edge Se2026 | 2026-05-13 | 7.8 High |
| A vulnerability has been identified in Solid Edge SE2026 (All versions < V226.0 Update 5). The affected applications contain a stack based overflow vulnerability while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2026-34658 | 1 Adobe | 1 Adobe Commerce | 2026-05-13 | 4.8 Medium |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. Scope is changed. | ||||
| CVE-2026-34685 | 1 Adobe | 1 Adobe Commerce | 2026-05-13 | 3.4 Low |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier [NEEDS REVIEW: impact mismatch — ticket says 'Arbitrary file system write', CIA triad derives 'Security Feature Bypass'. Verify CVSS vector before publishing.] are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A high-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | ||||
| CVE-2026-34656 | 1 Adobe | 1 Adobe Commerce | 2026-05-13 | 4.3 Medium |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized write access. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. | ||||
| CVE-2026-34648 | 1 Adobe | 1 Adobe Commerce | 2026-05-13 | 7.5 High |
| Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. An attacker could exploit this vulnerability to exhaust system resources, resulting in an application denial-of-service condition. Exploitation of this issue does not require user interaction. | ||||