370197 matches found
CVE-2026-44041
UltraVNC
CVE-2026-44042
UltraVNC repeater up to version 1.8.2.2 contains an off-by-one bug in the Base64 decode helper used for HTTP Basic authentication. In repeater/webgui/webutils.c:817, wi_uudecode() uses a strict > check to ensure output fits the buffer, but the correct condition is >=. When strlen(authdata) ...
CVE-2026-20463
Technical details for CVE-2026-20463 are not publicly provided in the supplied documents. Monitor for updates from vendors and security bulletins.
CVE-2026-20462
Technical details about CVE-2026-20462 are not publicly available in the provided documents. Monitor for updates from vendors and security bulletins to obtain affected components, impact, and remediation specifics.
CVE-2026-20461
CVE-2026-20461 : In the Modem component, an out-of-bounds write can occur due to a missing bounds check. This may allow a remote denial of service when a UE connects to a rogue base station controlled by an attacker; exploitation does not require user interaction or additional privileges. Public ...
CVE-2026-20460
CVE-2026-20460 affects the Modem via information disclosure caused by improper input validation. The issue could enable remote information disclosure if a UE connects to a rogue base station controlled by an attacker, with no extra execution privileges and without user interaction. The available ...
CVE-2026-20459
In Modem, a vulnerability due to improper input validation can cause a system crash leading to remote denial of service when a UE connects to a rogue base station. No user interaction is required; exploitation is over the network with no privileges. A patch is available: MOLY01816800 (Issue MSV-6...
CVE-2026-20458
CVE-2026-20458 affects the Modem with a memory corruption via a missing bounds check. This could enable remote escalation of privilege if a UE connects to a rogue base station, with no extra execution privileges required and no user interaction. Exploitation is described as adjacent access under ...
CVE-2026-20457
CVE-2026-20457 affects Modem. It describes a system crash caused by improper input validation, potentially enabling remote denial of service when a UE connects to a rogue base station. Exploitation details are not provided in the sources; the CVE notes an adjacent attack vector with high complexi...
CVE-2026-14191
CVE-2026-14191 describes an out-of-bounds heap write in WinRAR/UnRAR’s RAR5 recovery-volume (.rev) parser (RecVolumes5::ReadHeader). The RecItems vector is sized based on the first .rev file; subsequent .rev files supply an independent RecNum that is validated against that file’s TotalCount but n...
CVE-2026-12943
CVE-2026-12943 affects IBM Power environments (HMC and PowerVM Novalink). The IBM advisories state an unauthenticated attacker could gain elevated privileges and execute arbitrary commands due to improper validation of user input (OS command injection). Affects Power Hardware Management Console (...
CVE-2026-57963
The CVE-2026-57963 issue affects chat UI in Thunderbird where an attacker able to send HTML chat messages (via Matrix or XMPP) can inject arbitrary styled content, phishing links, and CSS that manipulates the chat UI. Underlying risk is manipulation of the chat interface and potential phishing wi...
CVE-2026-57962
CVE-2026-57962 affects Thunderbird’s LDAP address-book autocomplete. A malicious LDAP server can cause the Thunderbird LDAP client to stash attacker-supplied data, enabling memory exhaustion and a denial of service. Root cause is unbounded data processing by the LDAP client when queried by the Th...
CVE-2026-53488
CVE-2026-53488 affects containerd’s CRI plugin: image config LABELs are propagated to containers without validation, enabling potential host-command execution via a plugin that consumes labels. Concrete details across connected docs confirm this vulnerability in containerd versions prior to 1.7.3...
CVE-2026-57149
Technical details for CVE-2026-57149 are not publicly available in the provided documents. Monitor for updates.
CVE-2026-41579
Technical details beyond the Initial Description are not provided in the connected documents; monitor for updates.
CVE-2026-51947
CVE-2026-51947 affects Pivotal CRM 6.6.4.08 and systems applying patch-ghi-15381-cwe-502-20251225.zip. The vulnerability arises from an incomplete fix for CVE-2026-39253 in the Pivotal.Engine.Client.Services.Conversion.dll, enabling remote code execution via network access. The issue is fixed in ...
CVE-2026-34007
Technical details for CVE-2026-34007 are not publicly available in the provided documents. No affected products, impacts, or remediation can be identified here. Monitor for updates.
CVE-2026-36911
Summary of CVE-2026-36911 (MPC-BE) : A division-by-zero vulnerability exists in the file parsing/processing path: the function CStreamSwitcherOutputPin::DecideBufferSize in MPC-BE (before commit 4341cb3). This can be triggered by a crafted MP4 file, leading to a Denial of Service . Affected softw...
CVE-2026-38891
The CVE-2026-38891 issue affects gazebo_plugins v3.9.0, specifically the gazebo_ros_diff_drive.cpp component. An improper input validation flaw can be triggered by a crafted geometry_msgs::Twist message, enabling a Denial of Service (DoS). The available connected sources consistently describe the...