206704 matches found
CVE-2026-7263
A flaw was found in PHP. The DOMNode::C14N method may incorrectly process XML data due to the improper removal of an xmlns attribute from the underlying libxml2 data structure, corrupting the linked list representing the XML document and causing an infinite loop. This issue can lead to excessive...
CVE-2026-7259
A flaw was found in PHP. When an attacker input can influence the encoding passed to mbregexencoding and the application subsequently uses mbregex search APIs, a NULL pointer dereference can occur due to a mismatch between the Oniguruma and mbfl encoding support. This issue can cause a crash in t...
CVE-2026-10101
ACM/MCE assisted-service writes raw referenced pull-secret contents into InfraEnv.status.conditions.message when pull-secret validation fails. A namespace principal with the stock view ClusterRole cannot directly read Secrets, but can read InfraEnv objects and recover the referenced Secret's...
CVE-2026-44378
A flaw was found in Botan, a C++ cryptography library. A remote attacker could exploit this vulnerability by sending specially crafted Basic Encoding Rules BER data with indefinite length encodings. This could cause quadratic behavior in the parser, leading to a denial of service DoS due to...
CVE-2025-40946
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions V6.1.4.9, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions V6.1.4.9, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All...
CVE-2026-41125
A vulnerability has been identified in blueplanet 100 NX3 M8 All versions, blueplanet 100 TL3 GEN2 All versions, blueplanet 105 TL3 All versions, blueplanet 105 TL3 GEN2 All versions, blueplanet 110 TL3 All versions, blueplanet 125 NX3 M10 All versions, blueplanet 125 TL3 All versions, blueplanet...
CVE-2025-35979
A flaw was found in the kernel. This vulnerability, affecting some IntelR Processors, involves shared microarchitectural predictor state that influences transient execution within VMX non-root guest operation. An unprivileged software adversary with an authenticated user can exploit this locally ...
CVE-2026-48962
A flaw was found in perl-IO-Compress, a component used for data compression and decompression. A remote attacker could exploit this vulnerability by crafting a malicious input, specifically an output glob, that bypasses the intended security measures. This could lead to the execution of...
CVE-2026-46239
A flaw was found in the Linux kernel's media: i2c: ov5647 driver. This issue occurs because certain control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN do not properly release power management PM runtime reference counts. This oversight can lead to a resource leak, potentially resulting in a Denia...
CVE-2026-23870
A flaw was found in the React Server DOM components, including react-server-dom-webpack, react-server-dom-parcel, and react-server-dom-turbopack. A remote attacker could exploit this denial of service DoS vulnerability by sending specially crafted HTTP requests to server function endpoints. This...
CVE-2026-32936
A flaw was found in CoreDNS, a DNS server that chains plugins. A remote, unauthenticated attacker can exploit this vulnerability by repeatedly sending oversized DNS-over-HTTPS DoH GET requests. The GET path, unlike the POST path, lacks size validation before processing large dns= query parameter...
CVE-2026-32934
A flaw was found in CoreDNS, a DNS server that chains plugins. The DNS-over-QUIC DoQ server is vulnerable to unbounded resource growth. An unauthenticated remote attacker can exploit this by opening numerous QUIC streams and sending only one byte per stream, causing the server to spawn excessive...
CVE-2026-33489
A flaw was found in CoreDNS. An unauthorized remote client can exploit a vulnerability in the transfer plugin's Access Control List ACL stanza selection. This occurs when both a parent zone and a more-specific subzone are configured, and the longestMatch function incorrectly uses a lexicographic...
CVE-2026-33811
A flaw was found in the net package of Go golang, specifically when using the LookupCNAME function with the cgo DNS resolver. A remote attacker could exploit this by providing a very long Canonical Name CNAME response. This can trigger a double-free of C memory, leading to a crash and a Denial of...
CVE-2026-42965
A flaw was found in the OpenShift Router. A user with EndpointSlice write access can exploit this vulnerability by creating a Service backed by an FQDN Fully Qualified Domain Name EndpointSlice that resolves to a cloud metadata endpoint. This allows the router to proxy requests to the cloud...
CVE-2026-46579
A flaw was found in the OpenShift Router. When a Route has insecureEdgeTerminationPolicy set to Allow, the HTTP frontend does not remove X-SSL-Client- headers from incoming requests. This allows an unauthenticated attacker to send plain HTTP requests with crafted X-SSL-Client- headers. As a resul...
CVE-2026-10078
A flaw was found in the Quay config-tool's GitLab OAuth validator. This vulnerability causes sensitive credentials, specifically clientid and clientsecret, to be transmitted as plaintext in URL query parameters during POST requests to the GitLab endpoint. This insecure transmission can lead to th...
CVE-2026-32996
This vulnerability in Veeam Agent for Microsoft Windows allows for Local Privilege Escalation...
CVE-2026-9137
The CSP report endpoint in MISP intended to limit logged CSP reports to 1 KB but incorrectly allowed reports up to 1 MB before truncation. On deployments where the endpoint is reachable by untrusted clients, this could allow attackers to generate excessive log volume and contribute to resource...
CVE-2026-32998
This vulnerability in Veeam Service Provider Console allows for remote code execution...
CVE-2026-32997
A vulnerability allowing an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based Veeam Backup & Replication server...
CVE-2026-10052
A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...
CVE-2026-41075
A flaw was found in RT, an open-source issue and ticket tracking system. An authenticated user can exploit an SQL injection vulnerability by crafting malicious input. This input is then incorporated into database queries without proper validation, potentially allowing the attacker to read or modi...
CVE-2026-41076
A flaw was found in RT, an open-source issue and ticket tracking system. This vulnerability allows a remote attacker to bypass authentication in RT installations configured to use LDAP/AD Lightweight Directory Access Protocol/Active Directory for user authentication. Under specific LDAP server...
CVE-2026-41074
A flaw was found in RT, an open-source issue and ticket tracking system. This Cross-Site Request Forgery CSRF vulnerability allows a remote attacker to trick a logged-in user into visiting a malicious web page. If successful, the attacker can then perform arbitrary state-changing actions within R...
CVE-2026-0257
Authentication bypass vulnerabilities in the GlobalProtect portal and gateway of Palo Alto Networks PAN-OS® software allows the attacker to bypass security restrictions and establish an unauthorized VPN connection. Panorama and Cloud NGFW are not impacted by these issues...
CVE-2026-9953
An out of bounds read flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=503985322...
CVE-2026-9996
An out of bounds read flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513268100...
CVE-2026-9986
An insufficient validation of untrusted input flaw was found in the OptimizationGuide component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513028160...
CVE-2026-9980
An insufficient validation of untrusted input flaw was found in the Printing component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511776372...
CVE-2026-9981
An inappropriate implementation flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=512995705...
CVE-2026-9985
An insufficient validation of untrusted input flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513019760...
CVE-2026-9959
A race flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=504557432...
CVE-2026-9999
An inappropriate implementation flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513364480...
CVE-2026-9998
An integer overflow flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513337118...
CVE-2026-9997
An use after free flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513324041...
CVE-2026-9995
An use after free flaw was found in the WebXR component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513256572...
CVE-2026-9994
An use after free flaw was found in the Core component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513235131...
CVE-2026-9993
An use after free flaw was found in the Views component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513208588...
CVE-2026-9991
An inappropriate implementation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513173565...
CVE-2026-9992
An use after free flaw was found in the Network component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513177826...
CVE-2026-9990
An use after free flaw was found in the WebAppInstalls component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513128608...
CVE-2026-9989
An inappropriate implementation flaw was found in the Media component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513054053...
CVE-2026-9987
An insufficient validation of untrusted input flaw was found in the WebAppInstalls component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513046475...
CVE-2026-9988
An use after free flaw was found in the WebRTC component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513049286...
CVE-2026-9984
An use after free flaw was found in the UI component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513002543...
CVE-2026-9983
A type confusion flaw was found in the Skia component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513001309...
CVE-2026-9982
An insufficient validation of untrusted input flaw was found in the ANGLE component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=513001247...
CVE-2026-9979
An insufficient validation of untrusted input flaw was found in the Input component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511742228...
CVE-2026-9978
An use after free flaw was found in the Glic component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=511741396...