Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
12,825 matching · page 128/257Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2026-8850(opens NVD record) | High | 7.5 | IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload. | May 26, 2026 |
| CVE-2026-48864(opens NVD record) | High | 7.8 | A flaw was found in libsolv. This heap buffer overflow occurs during the decompression of attacker-controlled compressed data within `.solv` files due to insufficient input validation. An attacker can provide a specially crafted `.solv` file, which, when processed by a vulnerable application, can lead to out-of-bounds memory access. This could result in information disclosure, alteration of program execution, or a denial of service. | May 26, 2026 |
| CVE-2026-24212(opens NVD record) | High | 7.5 | NVIDIA Isaac Launchable for Linux contains a vulnerability where sensitive information is transmitted in clear text. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | May 26, 2026 |
| CVE-2026-24162(opens NVD record) | High | 7.8 | NVIDIA Transformers4Rec for Linux contains a vulnerability where an attacker could cause improper deserialization of untrusted data. A successful exploit of this vulnerability might lead to code execution, data tampering, and information disclosure. | May 26, 2026 |
| CVE-2025-36221(opens NVD record) | Medium | 5.3 | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System uses default passwords default passwords from the manufacturing process for use during the installation process, which could allow an attacker to bypass authentication. | May 26, 2026 |
| CVE-2025-36220(opens NVD record) | Medium | 4.3 | IBM Cloud Pak for Data System - Cyclops 11.3.0.2 through Interim Fix 002 IBM Cloud Pak for Data System is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | May 26, 2026 |
| CVE-2025-36148(opens NVD record) | Medium | 5.4 | IBM Financial Transaction Manager for SWIFT Services for Multiplatforms 3.2.4.0 through 3.2.4.15 IBM Financial Transaction Manager SWIFT is vulnerable to cross-site scripting. This vulnerability allows an unauthenticated attacker to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | May 26, 2026 |
| CVE-2025-36145(opens NVD record) | Medium | 5.4 | IBM watsonx.data 2.2 through 2.3.1 IBM Lakehouse does not properly restrict inbound and outbound connections which could allow an attacker to transfer or modify files without restrictions. | May 26, 2026 |
| CVE-2025-36126(opens NVD record) | Medium | 6.4 | IBM Cognos Analytics 11.2.0, 12.0, and 12.1.0 and IBM Cognos Transformer 12.0, 11.2.4, and 12.1.0 is vulnerable to stored cross-site scripting (XSS) in Cognos Adminstration. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | May 26, 2026 |
| CVE-2025-14290(opens NVD record) | Medium | 5.4 | IBM webMethods Integration (on prem) -Integration Server 10.15 through IS_10.15_Core_Fix2611.1 to IS_11.1_Core_Fix10 IBM webMethods Integration is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | May 26, 2026 |
| CVE-2025-13755(opens NVD record) | Medium | 5.5 | IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 for Linux, UNIX and Windows (includes DB2 Connect Server) stores potentially sensitive information in log files that could be read by a local user. | May 26, 2026 |
| CVE-2026-4480(opens NVD record) | Critical | 9.0 | A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta characters. A remote attacker could exploit this vulnerability by sending a specially crafted print job description that contains unescaped shell characters. This could lead to remote code execution on the affected system. | May 26, 2026 |
| CVE-2026-40033(opens NVD record) | High | 8.8 | FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MAX but performs copy operations using unclamped cache entry dimensions, enabling malicious RDP servers to trigger large out-of-bounds writes and potentially achieve remote code execution or client crash. | May 26, 2026 |
| CVE-2026-7374(opens NVD record) | Critical | 9.9 | A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console sockets. By replacing the console socket with a symlink to the host's container runtime (CRI-O) socket, an attacker can hijack virt-handler's privileged connection. This enables the attacker to access any Unix socket on the host, potentially leading to full control of the node and the entire cluster. | May 26, 2026 |
| CVE-2026-42496(opens NVD record) | Critical | 9.1 | Archive::Tar versions before 3.08 for Perl extract symlinks with attacker controlled targets outside the extraction directory. _make_special_file() passes the tar header's linkname to symlink() without validating it against absolute paths or .. segments. The secure-extract mode check that guards regular file extraction does not cover the symlink target. A subsequent open through the extracted name reads or writes the attacker chosen path. | May 26, 2026 |
| CVE-2026-41863(opens NVD record) | Medium | 6.5 | Spring AI's support for Anthropic's Skills API used LLM-influenced filenames unsanitized in Path.resolve before writing files to disk. This could allow a malicious user to write files outside the intended target directory, including restricted directories. Affected versions: Spring AI: 1.1.0 through 1.1.x | May 25, 2026 |
| CVE-2026-2651(opens NVD record) | Critical | 9.0 | A vulnerability in MLflow versions <=3.10.1.dev0 allows unauthorized access to multipart upload (MPU) endpoints when the `--serve-artifacts` mode is enabled. The authorization logic does not enforce resource-level permission checks for `/mlflow-artifacts/mpu/*` endpoints, enabling attackers to overwrite artifacts belonging to other users. This can lead to unauthorized cross-user writes, model supply chain poisoning, and arbitrary code execution when compromised models are loaded. The issue is resolved in version 3.10.0. | May 25, 2026 |
| CVE-2026-46300(opens NVD record) | High | 7.8 | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: preserve shared-frag marker during coalescing skb_try_coalesce() can attach paged frags from @from to @to. If @from has SKBFL_SHARED_FRAG set, the resulting @to skb can contain the same externally-owned or page-cache-backed frags, but the shared-frag marker is currently lost. That breaks the invariant relied on by later in-place writers. In particular, ESP input checks skb_has_shared_frag() before deciding whether an uncloned nonlinear skb can skip skb_cow_data(). If TCP receive coalescing has moved shared frags into an unmarked skb, ESP can see skb_has_shared_frag() as false and decrypt in place over page-cache backed frags. Propagate SKBFL_SHARED_FRAG when skb_try_coalesce() transfers paged frags. The tailroom copy path does not need the marker because it copies bytes into @to's linear data rather than transferring frag descriptors. | May 23, 2026 |
| CVE-2026-43503(opens NVD record) | High | 8.8 | In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when moving frags from source to destination. __pskb_copy_fclone() defers the rest of the shinfo metadata to skb_copy_header() after copying frag descriptors, but that helper only carries over gso_{size,segs, type} and never touches skb_shinfo()->flags; skb_shift() moves frag descriptors directly and leaves flags untouched. As a result, the destination skb keeps a reference to the same externally-owned or page-cache-backed pages while reporting skb_has_shared_frag() as false. The mismatch is harmful in any in-place writer that uses skb_has_shared_frag() to decide whether shared pages must be detoured through skb_cow_data(). ESP input is one such writer (esp4.c, esp6.c), and a single nft 'dup to <local>' rule -- or any other nf_dup_ipv4() / xt_TEE caller -- is enough to land a pskb_copy()'d skb in esp_input() with the marker stripped, letting an unprivileged user write into the page cache of a root-owned read-only file via authencesn-ESN stray writes. Set SKBFL_SHARED_FRAG on the destination whenever frag descriptors were actually moved from the source. skb_copy() and skb_copy_expand() share skb_copy_header() too but linearize all paged data into freshly allocated head storage and emerge with nr_frags == 0, so skb_has_shared_frag() returns false on its own; they need no change. The same omission exists in skb_gro_receive() and skb_gro_receive_list(). The former moves the incoming skb's frag descriptors into the accumulator's last sub-skb via two paths (a direct frag-move loop and the head_frag + memcpy path); the latter chains the incoming skb whole onto p's frag_list. Downstream skb_segment() reads only skb_shinfo(p)->flags, and skb_segment_list() reuses each sub-skb's shinfo as the nskb -- both p and lp must carry the marker. The same omission also exists in tcp_clone_payload(), which builds an MTU probe skb by moving frag descriptors from skbs on sk_write_queue into a freshly allocated nskb. The helper falls into the same family and warrants the same fix for consistency; no TCP TX-side in-place writer is currently known to reach a user page through this gap, but a future consumer depending on the marker would regress silently. The same omission exists in skb_segment(): the per-iteration flag merge takes only head_skb's flag, and the inner switch that rebinds frag_skb to list_skb on head_skb-frags exhaustion does not fold the new frag_skb's flag into nskb. Fold frag_skb's flag at both sites so segments drawing frags from frag_list members carry the marker. | May 23, 2026 |
| CVE-2026-47280(opens NVD record) | Critical | 10.0 | Improper authentication in Azure Resource Manager (ARM) allows an unauthorized attacker to elevate privileges over a network. | May 22, 2026 |
| CVE-2026-45659(opens NVD record) | High | 8.8 | Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network. | May 22, 2026 |
| CVE-2026-42901(opens NVD record) | Critical | 10.0 | Origin validation error in Microsoft Entra ID allows an unauthorized attacker to elevate privileges over a network. | May 22, 2026 |
| CVE-2026-42827(opens NVD record) | Medium | 6.5 | Improper neutralization of special elements used in a command ('command injection') in M365 Copilot allows an unauthorized attacker to disclose information over a network. | May 22, 2026 |
| CVE-2026-41104(opens NVD record) | Critical | 10.0 | Deserialization of untrusted data in Microsoft Planetary Computer Pro allows an unauthorized attacker to disclose information over a network. | May 22, 2026 |
| CVE-2026-41090(opens NVD record) | Critical | 9.3 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Copilot allows an unauthorized attacker to perform tampering over a network. | May 22, 2026 |
| CVE-2026-40412(opens NVD record) | Critical | 10.0 | Unrestricted upload of file with dangerous type in Azure Orbital Spatio allows an unauthorized attacker to execute code over a network. | May 22, 2026 |
| CVE-2026-40411(opens NVD record) | Critical | 9.9 | Improper input validation in Azure Virtual Network Gateway allows an authorized attacker to execute code over a network. | May 22, 2026 |
| CVE-2026-35430(opens NVD record) | High | 8.8 | Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network. | May 22, 2026 |
| CVE-2026-33843(opens NVD record) | Critical | 9.1 | Authentication bypass using an alternate path or channel in Microsoft Azure Active Directory B2C allows an unauthorized attacker to elevate privileges over a network. | May 22, 2026 |
| CVE-2026-26147(opens NVD record) | High | 7.7 | Improper input validation in Azure Compute Gallery allows an authorized attacker to disclose information over a network. | May 22, 2026 |
| CVE-2026-23663(opens NVD record) | High | 7.5 | Improper privilege management in Azure Entra ID allows an unauthorized attacker to elevate privileges over a network. | May 22, 2026 |
| CVE-2026-23652(opens NVD record) | Critical | 10.0 | Improper neutralization of special elements used in a command ('command injection') in Microsoft Power Pages allows an unauthorized attacker to execute code over a network. | May 22, 2026 |
| CVE-2026-6406(opens NVD record) | High | 8.8 | The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation (ECI) restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker socket mount via the HostConfig.Mounts field rather than the HostConfig.Binds field. The ECI enforcement in the Docker Desktop API proxy only inspected Binds, allowing the mount to pass unchecked. This grants a container full access to the Docker Engine socket and, if the host user has logged in to container registries, their authentication credentials. A local attacker with the ability to run Docker CLI commands can exploit this to escape ECI restrictions, access the Docker Engine, and potentially escalate privileges. | May 22, 2026 |
| CVE-2026-37470(opens NVD record) | High | 7.3 | An issue in ClipBucket v5 v.5.5.2 allows an attacker to execute arbitrary code via the Authentication interface, login page endpoint and HTTP response security headers components | May 22, 2026 |
| CVE-2026-36228(opens NVD record) | High | 7.3 | Buffer Overflow vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the chat message functionality | May 22, 2026 |
| CVE-2026-36227(opens NVD record) | Medium | 6.5 | Directory Traversal vulnerability in Easy Chat Server 3.1 allows a remote attacker to obtain sensitive information and execute arbitrary code via the UserName parameter | May 22, 2026 |
| CVE-2026-39821(opens NVD record) | Critical | 9.6 | The ToASCII and ToUnicode functions incorrectly accept Punycode-encoded labels that decode to an ASCII-only label. For example, ToUnicode("xn--example-.com") incorrectly returns the name "example.com" rather than an error. This behavior can lead to privilege escalation in programs using the idna package. For example, a program which performs privilege checks on the ASCII hostname may reject "example.com" but permit "xn--example-.com". If that program subsequently converts the ASCII hostname to Unicode, it will inadvertently permits access to the Unicode name "example.com". | May 22, 2026 |
| CVE-2022-34363(opens NVD record) | Medium | 6.5 | Dell Unisphere for PowerMax vApp version prior to 10.0.0.2, contains an authorization bypass vulnerability in the Unisphere for VMAX application running in vApp | May 22, 2026 |
| CVE-2022-31231(opens NVD record) | Medium | 5.9 | Dell ECS, versions 3.5 and 3.6, contain an Improper Access Control in the Identity and Access Management (IAM) module. A remote unauthenticated attacker may potentially exploit this vulnerability, leading to gaining read access to unauthorized data. | May 22, 2026 |
| CVE-2026-9256(opens NVD record) | High | 8.1 | NGINX Plus and NGINX Open Source have a vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression (PCRE) captures (for example, ^/((.*))$) and a replacement string that references multiple such captures (for example, $1$2) in a redirect or arguments context. An unauthenticated attacker along with conditions beyond their control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | May 22, 2026 |
| CVE-2026-8992(opens NVD record) | High | 8.8 | An improper certificate validation vulnerability in Ivanti Secure Access Client before 22.8R6 allows a remote unauthenticated attacker to execute arbitrary code. | May 22, 2026 |
| CVE-2025-46371(opens NVD record) | Low | 3.6 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | May 22, 2026 |
| CVE-2025-45145(opens NVD record) | High | 7.5 | Directory traversal in Follett Software's Destiny Library Manager 22_0_2_rc1 and fixed in v.22.5 AU1 allows remote attackers to read arbitrary system and application files via the image parameter | May 22, 2026 |
| CVE-2025-32751(opens NVD record) | Medium | 5.5 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information. | May 22, 2026 |
| CVE-2026-9277(opens NVD record) | High | 8.1 | shell-quote's `quote()` function did not validate object-token inputs against the operator model used by `parse()`. The `.op` field was backslash-escaped character by character using `/(.)/g`, which in JavaScript does not match line terminators (\n, \r, U+2028, U+2029). A line terminator in `.op` therefore passed through unescaped into the output; POSIX shells treat a literal newline as a command separator, so any content after it would execute as a second command. The vulnerable code path is reachable in two ways: (1) direct construction of `{ op: '...\n...' }` from external input, and (2) via `parse(cmd, envFn)` when `envFn` returns object tokens whose `.op` is attacker-influenced. Both are documented API surface. Fixed by replacing the per-character escape with strict shape validation: `.op` must match the parser's control-operator allowlist; `{ op: 'glob', pattern }` validates `pattern` and forbids line terminators; `{ comment }` validates `comment` and forbids line terminators; any other object shape throws `TypeError`. | May 22, 2026 |
| CVE-2026-8673(opens NVD record) | Medium | 5.9 | Unprotected transport of credentials vulnerability in syslink software AG Avantra on Linux, Windows allows Sniffing Attacks. This issue affects Avantra: before 25.3.0. | May 22, 2026 |
| CVE-2026-8672(opens NVD record) | Medium | 5.1 | Use of default password vulnerability in syslink software AG Avantra on Linux, Windows allows Try Common or Default Usernames and Passwords. This issue affects Avantra: before 25.3.0. | May 22, 2026 |
| CVE-2026-8671(opens NVD record) | High | 7.5 | Insertion of sensitive information into log file vulnerability in syslink software AG Avantra on Linux, Windows allows Resource Leak Exposure. This issue affects Avantra: before 25.3.0. | May 22, 2026 |
| CVE-2026-8670(opens NVD record) | Critical | 9.6 | Insufficient session expiration vulnerability in syslink software AG Avantra on Linux, Windows allows Reusing Session IDs (aka Session Replay). This issue affects Avantra: before 25.3.1. | May 22, 2026 |
| CVE-2025-32749(opens NVD record) | Medium | 5.3 | Dell PowerFlex Manager, version(s) <=4.6.2, contain(s) an Exposure of Information Through Directory Listing vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | May 22, 2026 |