Search
6,811 CVEs
CVEs (6,811, showing first 500)
Only the first 500 CVEs (by current sort) are shown when searching without a keyword. Add a search term above to narrow the results.
Showing 1–25 of 6,811 (capped at 500)
| CVE ID | Severity ↑ | Patch | CVSS | Published | Description |
|---|---|---|---|---|---|
| CVE-2026-9669 | NONE | — | 2026-06-08 | bz2.BZ2Decompressor objects could be reused after a decompression error. If an application caught the resulting OSError and retried with the same decompressor, crafted inpu… | |
| CVE-2026-40215 | NONE | — | 2026-06-08 | A race condition in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows remote attackers to potentially cause a server crash or leak heap memory via a use-afte… | |
| CVE-2026-44541 | NONE | Patched | — | 2026-06-08 | Fides is an open-source privacy engineering platform. From version 2.33.0 to before version 2.84.5, there is a DOM-based XSS vulnerability in fides.js via the fides_descrip… |
| CVE-2026-47344 | NONE | — | 2026-06-08 | When ALLOW_INSECURE_RAW_TEXT is enabled, whitespace-variant closing tags (e.g., </style\t>) are not recognized by the sanitizer but accepted by browsers as valid end tags, … | |
| CVE-2026-47345 | NONE | — | 2026-06-08 | Namespace attributes are not encoded correctly during HTML serialization. This allows bypassing the cross-site scripting prevention mechanism of typo3/html-sanitizer before… | |
| CVE-2026-35058 | NONE | — | 2026-06-08 | Improper validation of packet length during tls-crypt-v2 key extraction in OpenVPN 2.6.0 through 2.6.19 and 2.7_alpha1 through 2.7.1 allows authenticated attackers to trigg… | |
| CVE-2026-46486 | NONE | Patched | — | 2026-06-08 | MVT (Mobile Verification Toolkit) helps with conducting forensics of mobile devices in order to find signs of a potential compromise. Prior to version 2026.5.12, there is a… |
| CVE-2026-46490 | NONE | Patched | — | 2026-06-08 | samlify is a Node.js library for SAML single sign-on. Prior to version 2.13.0, samlify’s template substitution only escapes attribute contexts. Values inserted into element… |
| CVE-2026-10787 | NONE | — | 2026-06-08 | Missing authorization in the deleted user groups API in Devolutions Server allows an authenticated low-privileged user to enumerate metadata of deleted user groups via a cr… | |
| CVE-2026-8913 | NONE | — | 2026-06-08 | A command Injection vulnerability exists in the WireGuard client configuration of Archer MR600 v5 due to improper neutralization of user-controlled input within the web man… | |
| CVE-2026-46311 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/userq: fix access to stale wptr mapping Use drm_exec to take both locks i.e vm root bo and … | |
| CVE-2026-46312 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: videobuf2: Set vma_flags in vb2_dma_sg_mmap vb2_dma_contig sets VMA flags VM_DONTEXPAND and VM_… | |
| CVE-2026-46313 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: fix error pointer dereference In a error path isp->psys is confirmed to be an error… | |
| CVE-2026-46314 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Reject empty multisync extension to prevent infinite loop v3d_get_extensions() walks a usersp… | |
| CVE-2026-46304 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid recursive nvmet-wq flush in nvmet_ctrl_free nvmet_tcp_release_queue_work() runs on nvmet-… | |
| CVE-2026-46305 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8723bs: os_dep: avoid NULL pointer dereference in rtw_cbuf_alloc The return value of kzall… | |
| CVE-2026-46306 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: flow_dissector: do not dissect PPPoE PFC frames RFC 2516 Section 7 states that Protocol Field Compress… | |
| CVE-2026-46307 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath5k: do not access array OOB Vincent reports: > The ath5k driver seems to do an array-index-ou… | |
| CVE-2026-46308 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: mediatek: fix use-after-free in scpsys_get_bus_protection_legacy() In scpsys_get_bus_protect… | |
| CVE-2026-46309 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/uapi: Reject coh_none PAT index for CPU cached memory in madvise Add validation in xe_vm_madvis… | |
| CVE-2026-46310 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: media: renesas: vsp1: Fix NULL pointer deref on module unload When unloading the module on gen 4, we h… | |
| CVE-2026-46296 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: spi: s3c64xx: fix NULL-deref on driver unbind A change moving DMA channel allocation from probe() back… | |
| CVE-2026-46297 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: net: libwx: use request_irq for VF misc interrupt Currently, request_threaded_irq() is used with a pri… | |
| CVE-2026-46298 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: pseries/papr-hvpipe: Fix race with interrupt handler While executing ->ioctl handler or ->release hand… | |
| CVE-2026-46299 | NONE | — | 2026-06-08 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix held lock freed on hfsplus_fill_super() hfsplus_fill_super() calls hfs_find_init() to ini… |