Search
59,256 CVEs
CVEs (59,256, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 301–325 of 59,256 (capped at 500)
| CVE ID | Severity ↓ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9039 | NONE | — | 2026-05-28 | A configuration weakness in the device’s remote management service allows an authenticated session to be established over a communication channel intended solely for vehicl… | |
| CVE-2026-33590 | NONE | — | 2026-05-28 | Insecure default settings of Portainer CE grant regular (non-admin) users privileges that allow host filesystem access and host-level code execution. An authenticated non-a… | |
| CVE-2026-46685 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, when RUSTFS_CORS_ALLOWED_ORIGINS is unset, the RustFS S3 listener's ConditionalCorsLayer… |
| CVE-2026-47136 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the RustFS console endpoint GET /rustfs/console/license returns parsed license metadata … |
| CVE-2026-45040 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, RustFS suffers from sensitive information leakage in log outputs. When the server is run… |
| CVE-2026-45041 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, crates/appauth/src/token.rs ships a 2048-bit RSA private key as a string constant named … |
| CVE-2026-45042 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, improper authorization in the UploadPartCopy operation allows copying objects across buc… |
| CVE-2026-45044 | NONE | Patched | — | 2026-05-28 | RustFS is a distributed object storage system built in Rust. Prior to 1.0.0-beta.2, the admin router explicitly whitelists /profile/cpu and /profile/memory from the authent… |
| CVE-2026-45021 | NONE | Patched | — | 2026-05-28 | Kuma is a modern Envoy-based service mesh that can run on every cloud across both Kubernetes and VMs. Prior to 2.7.25, 2.9.15, 2.11.13, 2.12.10, and 2.13.5, the default kum… |
| CVE-2026-45058 | NONE | — | 2026-05-28 | electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. In 3.8.8 and earlier, there is persistent local-pty code execution via imported bo… | |
| CVE-2026-45297 | NONE | Patched | — | 2026-05-28 | OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. Proj… |
| CVE-2026-6720 | NONE | — | 2026-05-28 | When calicoctl is invoked with --log-level=info or --log-level=debug, the client prints the full contents of its loaded connection-configuration struct to stderr in a singl… | |
| CVE-2026-45261 | NONE | Patched | — | 2026-05-28 | GitButler is a modern Git-based version control interface for AI-powered workflows. Prior to 0.19.7, a emote code execution vulnerability exists in the Tauri-based GitButle… |
| CVE-2026-44593 | NONE | — | 2026-05-28 | esm.sh is a no-build content delivery network (CDN) for web development. In 137 and earlier, the legacy router first retrieves a response from legacyServer, parses the inco… | |
| CVE-2026-44672 | NONE | Patched | — | 2026-05-28 | mapfish-print is a component of MapFish for printing templated cartographic maps. From 3.23.0 to before 3.28.28, 3.30.30, 3.31.22, 3.33.14, and 4.0.3, the attacker can exec… |
| CVE-2026-9828 | NONE | — | 2026-05-28 | Deserialization of untrusted data vulnerability in QOS.CH Sarl logback logback-core (HardenedObjectInputStream (logback-core) modules) allows Object Injection albeit heavil… | |
| CVE-2026-8980 | NONE | — | 2026-05-28 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to privilege escalation. An authenticated low-privileged user can change the passwords of the admin (o… | |
| CVE-2026-8990 | NONE | Patched | — | 2026-05-28 | A user with physical access to a smartphone can bypass authentication mechanism of Kidsview mobile application and grant himself full access to the device owner's account b… |
| CVE-2026-8979 | NONE | — | 2026-05-28 | The Mennekes Amtron series (firmware versions ≤ 5.22.3) is vulnerable to an authentication bypass. An unauthenticated remote attacker can change the password of the user ac… | |
| CVE-2026-42250 | NONE | Patched | — | 2026-05-28 | bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer… |
| CVE-2026-9818 | NONE | — | 2026-05-28 | Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |
| CVE-2026-46234 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: vsock: fix buffer size clamping order In vsock_update_buffer_size(), the buffer size was being clamped… | |
| CVE-2026-46235 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: media: saa7164: add ioremap return checks and cleanups Add checks for ioremap return values in saa7164… | |
| CVE-2026-46236 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: media: rc: xbox_remote: heed DMA restrictions The buffer for IO must not be part of the device structu… | |
| CVE-2026-46239 | NONE | — | 2026-05-28 | In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUT… |