Lucene search
K
RedhatcveRecent

206304 matches found

RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-44275

Dell/Alienware Purchased Apps, versions prior to 1.1.32.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00097EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-45464

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

5.4CVSS7AI score0.0051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-45454

Improper limitation of a pathname to a restricted directory 'path traversal' in Microsoft Office SharePoint allows an authorized attacker to execute code over a network...

8.8CVSS7.3AI score0.0163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-42973

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•7 views

CVE-2026-44805

Use after free in Windows Network Controller NC Host Agent allows an authorized attacker to deny service locally...

5.5CVSS5.5AI score0.00356EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-42971

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-42968

Out-of-bounds read in Windows Telephony Service allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-42914

Windows Kerberos Denial of Service Vulnerability...

5.3CVSS5.4AI score0.00794EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-42907

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

6.5CVSS5.4AI score0.00816EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-42969

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00388EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-42970

Use of uninitialized resource in Windows Push Notifications allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-42915

Incorrect calculation of buffer size in Windows TCP/IP allows an authorized attacker to deny service over an adjacent network...

5.7CVSS5.7AI score0.00383EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-41116

Dell Inventory Collector Client, versions prior to 13.8.0, contain an Improper Link Resolution Before File Access 'Link Following' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Arbitrary File Write...

6.3CVSS5.4AI score0.00085EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-42972

Exposure of sensitive information to an unauthorized actor in Windows Hyper-V allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-40639

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...

5.7CVSS5.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-42906

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00404EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-42903

Null pointer dereference in Windows Kerberos allows an authorized attacker to deny service over a network...

6.5CVSS5.4AI score0.00903EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-34694

Adobe Experience Manager Forms JEE versions LTS SP1, 6.5.24.0 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a high-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's...

4.8CVSS5.4AI score0.00175EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-34692

Adobe Experience Manager versions 6.5.24, LTS SP1, 2026.04 and earlier are affected by a DOM-based Cross-Site Scripting XSS vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser...

5.4CVSS5.5AI score0.00207EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-33113

Improper neutralization of input during web page generation 'cross-site scripting' in Microsoft Office SharePoint allows an authorized attacker to perform spoofing over a network...

6.1CVSS7AI score0.00522EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-34703

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-34705

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to disclose sensitive information. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.4AI score0.00155EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-28237

Unrestricted resource allocation in AMD uProf may be exploitable to consume excessive system resources, potentially leading to a loss of availability...

6.8CVSS5.4AI score0.00098EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-3088

Unauthenticated users on the local network can cause the router to become unavailable by sending specially crafted requests...

7.1CVSS5.5AI score0.00357EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-0420

An improper implementation of TLS certificate validation vulnerability found in NETGEAR's ReadyCloud client app which could allow an attacker to perform attacker-in-the-middle MiTM style attacks impacting the product's confidentiality. This vulnerability affects the listed NETGEAR models...

8.2CVSS5.4AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-0419

Insufficient input validation in NETGEAR JR6150 AC750 WiFi Router 802.11ac Dual Band Gigabit released in 2014 allows users connected to the local WiFi Networks to execute operating system commands. NETGEAR JR6150 has reached End-of-Support phase as of 2018 , and no further security updates are...

8CVSS5.6AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-34704

InDesign Desktop versions 21.3, 20.5.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this...

5.5CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-48292

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-48291

Format Plugins versions 1.1.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

7.8CVSS7.8AI score0.00281EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-47960

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Restriction of XML External Entity Reference 'XXE' vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access sensitive files and directories outside the intended...

7.4CVSS5.6AI score0.00406EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-47938

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in privilege escalation. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS5.5AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-0466

Improper access control in AMD uProf may allow a local attacker with user privileges to write to the kernel-shared memory section, potentially resulting in crash or denial of service...

6.8CVSS5.4AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•12 views

CVE-2026-47928

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.08871EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•7 views

CVE-2026-48303

Adobe Campaign Classic ACC versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS6.2AI score0.00553EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-28301

A vulnerability in which an attacker can provide a crafted external URL that may redirect a user to an unintended website...

4.8CVSS5.5AI score0.0021EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-47931

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed...

9.9CVSS6.2AI score0.00555EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-6445

A flaw exists in FlashArray Purity where insufficient filtering of certain data paths could expose sensitive information to an authenticated user with low privileges...

8.7CVSS5.4AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-50635

LimeSurvey constructs account password-reset links from the client-supplied HTTP Host header without validating it. The optional allowedHosts allowlist that would constrain this is undefined in the default and documented configuration, so LSHttpRequest::checkIsAllowedHost results in no operation....

8.8CVSS5.5AI score0.00372EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-0418

Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...

6.8CVSS5.4AI score0.00245EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•15 views

CVE-2026-50512

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00257EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•8 views

CVE-2026-47932

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories...

9.6CVSS5.5AI score0.07624EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-47930

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Improper Input Validation vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access...

8.1CVSS5.5AI score0.0039EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•16 views

CVE-2026-50511

Improper link resolution before file access 'link following' in Microsoft PC Manager allows an authorized attacker to elevate privileges locally...

7.8CVSS5.4AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•9 views

CVE-2026-47929

ColdFusion versions 2023.19, 2025.8 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. A high-privileged attacker could exploit this vulnerability to gain elevated access or control over the victim...

9.1CVSS6.2AI score0.07535EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-49959

Hermes WebUI before version 0.51.311 contains a remote code execution vulnerability that allows authenticated attackers to execute arbitrary commands by placing malicious executable Git configuration in a workspace repository's .git/config file. Attackers can exploit Git subprocess invocations in...

8.8CVSS6.7AI score0.00945EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-49842

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, modverto's WebSocket frame loop intercepts a -prefixed speed-test protocol SPU / SPB / SP...

7.5CVSS5.4AI score0.00449EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-6444

A flaw exists in the FlashArray Purity management interface where an authenticated low-privileged user may, under specific conditions, access functionality beyond their assigned privileges...

8.6CVSS5.4AI score0.00279EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-49956

Hermes WebUI before version 0.51.269 contains a profile isolation bypass vulnerability that allows authenticated users to access data belonging to other profiles by querying the session search endpoint without active-profile filtering. Attackers can send requests to the sessions search handler to...

7.1CVSS5.5AI score0.00272EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•10 views

CVE-2026-50636

The RemoteControl API methods inviteparticipants and remindparticipants pass a caller-supplied token-ID array into TokenDynamic::findUninvited, which concatenates the values directly into a tid IN '...' SQL clause without parameterization or input validation. A remote, authenticated attacker...

8.8CVSS5.8AI score0.00358EPSS
Exploits0References1
RedhatCVE
RedhatCVE
•added 2026/06/10 9:2 p.m.•11 views

CVE-2026-49840

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.11.1, eslrecvevent parses Content-Length with atol and passes the result straight to malloclen ...

9.1CVSS5.4AI score0.0031EPSS
Exploits0References1
Total number of security vulnerabilities206304