Export limit exceeded: 13675 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (13675 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34630 | 3 Adobe, Apple, Microsoft | 3 Bridge, Macos, Windows | 2026-04-15 | 7.8 High |
| Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-04-15 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-3777 | 4 Apple, Foxit, Foxitsoftware and 1 more | 6 Macos, Pdf Editor, Pdf Reader and 3 more | 2026-04-15 | 5.5 Medium |
| The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution. | ||||
| CVE-2026-3778 | 4 Apple, Foxit, Foxitsoftware and 1 more | 6 Macos, Pdf Editor, Pdf Reader and 3 more | 2026-04-15 | 6.2 Medium |
| The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes. | ||||
| CVE-2026-3776 | 4 Apple, Foxit, Foxitsoftware and 1 more | 6 Macos, Pdf Editor, Pdf Reader and 3 more | 2026-04-15 | 5.5 Medium |
| The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service. | ||||
| CVE-2026-35560 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 7.4 High |
| Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35561 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 7.4 High |
| Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35562 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 7.5 High |
| Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35559 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 6.5 Medium |
| Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35558 | 4 Amazon, Apple, Linux and 1 more | 5 Amazon Athena Odbc Driver, Athena Odbc, Macos and 2 more | 2026-04-15 | 7.8 High |
| Improper neutralization of special elements in the authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to execute arbitrary code or redirect authentication flows by using specially crafted connection parameters that are processed by the driver during user-initiated authentication. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-5877 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 8.8 High |
| Use after free in Navigation in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5878 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 4.3 Medium |
| Incorrect security UI in Blink in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5880 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 4.3 Medium |
| Insufficient policy enforcement in browser UI in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5881 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 6.5 Medium |
| Policy bypass in LocalNetworkAccess in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5882 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 4.3 Medium |
| Incorrect security UI in Fullscreen in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5892 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 6.6 Medium |
| Insufficient policy enforcement in PWAs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to install a PWA without user consent via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5894 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 4.3 Medium |
| Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5896 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 6.1 Medium |
| Policy bypass in Audio in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass sandbox download restrictions via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2026-5907 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-15 | 8.1 High |
| Insufficient data validation in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to perform an out of bounds memory read via a crafted video file. (Chromium security severity: Low) | ||||
| CVE-2025-53594 | 2 Apple, Qnap | 4 Macos, Qfinder Pro, Qsync and 1 more | 2026-04-15 | N/A |
| A path traversal vulnerability has been reported to affect several product versions. If a local attacker gains a user account, they can then exploit the vulnerability to read the contents of unexpected files or system data. We have already fixed the vulnerability in the following versions: Qfinder Pro Mac 7.13.0 and later Qsync for Mac 5.1.5 and later QVPN Device Client for Mac 2.2.8 and later | ||||