Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-46374

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.2.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious long query to any application using the parser to...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.9 views

CVE-2026-46518

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0.1, a stored cross-site scripting vulnerability in the prescription CSS/HTML multi-print feature allows a patient portal user to execute arbitrary JavaScript in a...

8.7CVSS5.5AI score0.00208EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-46432

LMDeploy is a toolkit for compressing, deploying, and serving large language models. In versions 0.12.3 and prior, LMDeploy is vulnerable to arbitrary code execution through hardcoded "trustremotecode=True" in multiple HuggingFace model-loading call sites. At time of publication, there are no...

7.8CVSS6.2AI score0.00142EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-45541

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a NULL-pointer dereference exists in the WebSocket subprotocol-negotiation path of the esphttpserver component. While parsing the client-supplied Sec-WebSocket-Protocol request...

7.5CVSS5.4AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-46373

SQLFluff is a modular SQL linter and auto-formatter with support for multiple dialects and templated code. Prior to version 4.1.0, in deployments where untrusted users can provide SQL queries to be linted, an untrusted user can submit a malicious query with deliberate excessive nesting to any...

7.5CVSS5.5AI score0.00263EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2026-45782

Cloud Hypervisor is a Virtual Machine Monitor for Cloud workloads. From version 21.0 to before version 51.2, a guest can cause a use-after-free in the cloud-hypervisor process by submitting two virtio-block descriptor chains that reuse the same headindex while asynchronous block I/O is enabled e....

8.9CVSS5.6AI score0.00138EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-45542

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.2.6, 5.3.5, 5.4.4, 5.5.4, and 6.0, a heap buffer overflow exists in the Security Scheme 2 SRP6a session-setup path of the protocomm component. The first-phase handler handlesessioncommand0 in...

7.1CVSS5.7AI score0.00325EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-45329

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, several ESP-TEE secure-service wrappers in espsecureservices.c and espsecureservicesiram.c validated only some of the caller-supplied pointer arguments, leaving input pointer arguments unchecked...

7.1CVSS5.4AI score0.00117EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2025-58468

A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...

5.1CVSS5.4AI score0.00184EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-45328

ESF-IDF is the Espressif Internet of Things IOT Development Framework. In versions 5.5.4 and 6.0, the esptee component exposes secure-service wrappers in espsecureservices.c and espsecureservicesiram.c that bridge calls from the user application i.e. the REE to TEE-protected hardware peripherals...

9.3CVSS5.3AI score0.00126EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-44963

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.4CVSS6.6AI score0.02042EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2025-66276

QuTS hero is not affected. We have already fixed the vulnerability in the following version: QTS 5.2.7.3256 build 20250913 and later...

9.8CVSS5.5AI score0.0029EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2026-34657

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in an arbitrary file system write. An attacker could leverage this vulnerability to write to...

5.5CVSS5.6AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.15 views

CVE-2026-34416

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious input through the project request parameter. Attackers can craft a malicious URL containing unsanitized input that...

6.1CVSS5.6AI score0.00199EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.11 views

CVE-2026-34712

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Improper Input Validation vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require user...

7.5CVSS5.5AI score0.00407EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.15 views

CVE-2026-34711

CAI Content Credentials versions [email protected], c2pa-v0.80.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue does not require...

7.5CVSS5.5AI score0.0043EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.12 views

CVE-2025-59382

QTS, QuTS hero, QuTScloud are not affected. We have already fixed the vulnerability in the following version:...

5.1CVSS5.5AI score0.00288EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.10 views

CVE-2026-25860

OpenClinic GA 5.351.19 contains a reflected cross-site scripting vulnerability in the DICOM image upload handler that allows attackers to execute arbitrary JavaScript in a victim's browser by embedding malicious payloads in DICOM file metadata fields. Attackers can craft a DICOM file with...

6.1CVSS5.6AI score0.00293EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.14 views

CVE-2026-34417

OSCAL-GUI contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to execute arbitrary JavaScript in a victim's browser by injecting malicious content through the project request parameter in oscal-forms.php. The parameter value is URL-decoded and assigned to...

6.1CVSS5.6AI score0.00168EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 11:43 p.m.8 views

CVE-2026-45624

A flaw was found in ImageMagick. When processing images with specific arguments for polynomial distortion, an out-of-bounds over-read of 24 bytes can occur. This vulnerability could lead to information disclosure or a denial of service DoS condition. Mitigation Mitigation for this issue is either...

5.1CVSS5AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:38 p.m.12 views

CVE-2026-42326

A flaw was found in ImageMagick, a software used for editing and manipulating digital images. A local attacker could exploit this vulnerability by providing a malicious input file. When ImageMagick attempts to write an IPTC output file, this malicious input could cause the software to read beyond...

5.1CVSS5AI score0.0012EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:38 p.m.7 views

CVE-2026-46522

A flaw was found in ImageMagick. A remote attacker could provide a specially crafted MIFF Magick Image File Format file, which, due to a missing check in the MIFF decoder, would lead to an infinite loop. This vulnerability results in CPU exhaustion, causing a Denial of Service DoS for the affecte...

7.5CVSS5.1AI score0.01849EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.6 views

CVE-2026-45664

A flaw was found in ImageMagick. A remote attacker could exploit a missing check in the Multiple-image Network Graphics MNG coder to read more images than allowed by policy. This could lead to excessive resource consumption, resulting in a denial of service DoS. Mitigation Mitigation for this iss...

7.5CVSS5.1AI score0.00441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.10 views

CVE-2026-46523

A flaw was found in ImageMagick, a free and open-source software used for editing and manipulating digital images. A remote attacker could exploit this vulnerability by providing a specially crafted MSL Magick Scripting Language image. Processing this malicious image could trigger a...

7.5CVSS5.1AI score0.00301EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.9 views

CVE-2026-45359

A flaw was found in ImageMagick. A local attacker could exploit this vulnerability by providing an invalid 'connected-components:keep-top' value during image processing. This could lead to a heap buffer over-read, potentially resulting in information disclosure or a denial of service DoS...

7.1CVSS5.2AI score0.00122EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.8 views

CVE-2026-45031

A flaw was found in ImageMagick. A missing check in the PSD Photoshop Document decoder allows an attacker to bypass the list-length resource policy when processing a specially crafted PSD image. This could lead to a denial of service DoS condition by consuming excessive resources. Mitigation...

7.5CVSS5AI score0.00495EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 11:33 p.m.8 views

CVE-2026-46520

A flaw was found in ImageMagick, a free and open-source software for editing and manipulating digital images. When processing multiple images with varying dimensions, an out-of-bounds heap write can occur. This vulnerability could allow a remote attacker to cause a denial of service DoS condition...

7.5CVSS5.1AI score0.00441EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 10:16 p.m.10 views

CVE-2026-10143

A flaw was found in kafka-python. A malicious or machine-in-the-middle broker could exploit a denial-of-service vulnerability during SCRAM authentication. By providing an excessively large iteration count, the broker can cause the client's event loop to freeze. This prevents critical operations...

8.7CVSS5.1AI score0.00517EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.9 views

CVE-2026-48681

A flaw was found in OpenStack Ironic before 35.0.2. A directory traversal vulnerability during deployment allows an attacker to overwrite files on the system when a crafted ISO image is used. This can compromise confidentiality and integrity of files on the deployment target...

8.1CVSS5.4AI score0.00601EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.10 views

CVE-2026-5078

A flaw was found in the morgan HTTP request logging middleware. The :remote-user token writes the Basic auth username to access logs without neutralizing CR/LF control characters. An unauthenticated remote attacker can inject forged log lines via a crafted Authorization header, breaking...

5.3CVSS5.8AI score0.00246EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.11 views

CVE-2026-36499

A flaw was found in Open vSwitch. A missing upper-bound check in udpifsetthreads allows an attacker with OVSDB write access to request an excessive number of handler or revalidation threads, causing resource exhaustion and denial of service. Reported against Open vSwitch v3.6.90; affects...

6.5CVSS5.7AI score0.00328EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.12 views

CVE-2026-34077

A flaw was found in React Router versions 7.7.0 through 7.13.1. When using the unstable React Server Components RSC APIs, insufficient sanitization of redirect targets allows client-side cross-site scripting if redirects originate from untrusted sources. An attacker could inject script that...

7.5CVSS5.7AI score0.00294EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/10 9:27 p.m.10 views

CVE-2026-10722

A flaw was found in the cilium/ebpf Go library versions up to 0.21.0. An integer overflow in the loadRawSpec function btf/btf.go when parsing BTF collection specs can cause excessive memory allocation or parsing failure. A local attacker who can supply a crafted eBPF collection spec to an...

5.5CVSS5.2AI score0.00179EPSS
Exploits1References12
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-48289

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-11799

UXSS in Focus for iOS / Klar Webkit navigation. This vulnerability was fixed in Focus for iOS 151.3.1 and Klar for iOS 151.3.1...

7.5CVSS5.4AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.9 views

CVE-2026-45466

Heap-based buffer overflow in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

3.3CVSS5.7AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.8 views

CVE-2026-45642

Improper input validation in Microsoft Azure Attestation service and Device Health Attestation Service allows an authorized attacker to perform spoofing with a physical attack...

3.9CVSS5.4AI score0.00319EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-48288

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized write...

3.5CVSS5.4AI score0.0041EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.9 views

CVE-2026-45459

Protection mechanism failure in Microsoft Office Excel allows an unauthorized attacker to bypass a security feature locally...

3.3CVSS5.4AI score0.00371EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.7 views

CVE-2026-45455

Out-of-bounds read in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network...

4.3CVSS5.4AI score0.00629EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-47933

ColdFusion versions 2023.19, 2025.8 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to...

5.4CVSS5.4AI score0.00224EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.11 views

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS5.5AI score0.00209EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.9 views

CVE-2026-45485

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

3.3CVSS7AI score0.00437EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.7 views

CVE-2026-9211

An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...

8.8CVSS5.5AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-9213

A vulnerability in the affected NETGEAR gaming routers allows attackers with the ability to intercept and tamper with traffic between the router and the Internet, to execute code on the device...

9.1CVSS5.8AI score0.00397EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.13 views

CVE-2026-9212

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting the product's confidentiality or change certain configurations...

8.3CVSS5.7AI score0.0027EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.13 views

CVE-2026-50508

Exposure of sensitive information to an unauthorized actor in Windows NTLM allows an unauthorized attacker to perform spoofing over a network...

7.5CVSS5.4AI score0.00662EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.10 views

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS5.4AI score0.00216EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.14 views

CVE-2026-50507

Protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack...

6.8CVSS5.7AI score0.05011EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/10 9:4 p.m.13 views

CVE-2026-25557

Evoluted PHP Directory Listing Script through 4.0.5 contains a reflected cross-site scripting vulnerability in index.php where the dir parameter value is reflected without HTML encoding inside the HTML title element and inside anchor href attributes in the breadcrumb navigation. Attackers can...

5.4CVSS5.5AI score0.00187EPSS
Exploits0References1
Total number of security vulnerabilities206304