Export limit exceeded: 22043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (22043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40399 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-05-15 | 7.8 High |
| Stack-based buffer overflow in Windows TCP/IP allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-40403 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 8.8 High |
| Heap-based buffer overflow in Windows Win32K - GRFX allows an authorized attacker to execute code locally. | ||||
| CVE-2026-8528 | 1 Google | 1 Chrome | 2026-05-15 | 4.3 Medium |
| Insufficient validation of untrusted input in SiteIsolation in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass Site Isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-40407 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-05-15 | 7.8 High |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-0045 | 2026-05-15 | N/A | ||
| Improper Input validation in the AMD Secure Processor (ASP) PCI driver may allow a local attacker to create a buffer overflow condition, potentially resulting in a crash or denial of service | ||||
| CVE-2024-21962 | 2026-05-15 | N/A | ||
| Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | ||||
| CVE-2025-48520 | 2026-05-15 | N/A | ||
| An improper input validation vulnerability within the AMD Platform Management Framework (PMF) driver can allow a local attacker to read Out-of-Bounds potentially resulting in information disclosure or a crash | ||||
| CVE-2025-29944 | 2026-05-15 | N/A | ||
| A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | ||||
| CVE-2025-29937 | 2026-05-15 | N/A | ||
| An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | ||||
| CVE-2024-36345 | 2026-05-15 | N/A | ||
| Improper input validation in the AMD OverDrive (AOD) System Management Mode (SMM) module could allow a privileged attacker to perform an out-of-bounds read, potentially resulting in loss of confidentiality. | ||||
| CVE-2026-8536 | 1 Google | 1 Chrome | 2026-05-15 | 3.1 Low |
| Insufficient validation of untrusted input in ReadingMode in Google Chrome on Mac prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to bypass site Isolation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-8578 | 1 Google | 1 Chrome | 2026-05-15 | 3.1 Low |
| Out of bounds read in GPU in Google Chrome on Linux prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-8579 | 1 Google | 1 Chrome | 2026-05-15 | 3.1 Low |
| Insufficient validation of untrusted input in Skia in Google Chrome prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted print file. (Chromium security severity: Medium) | ||||
| CVE-2026-43304 | 1 Linux | 1 Linux Kernel | 2026-05-15 | 9.8 Critical |
| In the Linux kernel, the following vulnerability has been resolved: libceph: define and enforce CEPH_MAX_KEY_LEN When decoding the key, verify that the key material would fit into a fixed-size buffer in process_auth_done() and generally has a sane length. The new CEPH_MAX_KEY_LEN check replaces the existing check for a key with no key material which is a) not universal since CEPH_CRYPTO_NONE has to be excluded and b) doesn't provide much value since a smaller than needed key is just as invalid as no key -- this has to be handled elsewhere anyway. | ||||
| CVE-2026-23827 | 2 Arubanetworks, Hpe | 3 Arubaos, Sd-wan, Arubaos | 2026-05-15 | 7.5 High |
| A heap-based buffer overflow vulnerability exists in a Network management service of AOS-8 and AOS-10 that could allow an unauthenticated remote attacker to achieve remote code execution. Successful exploitation could allow an unauthenticated attacker to execute arbitrary code as a privileged user on the underlying operating system, potentially leading to a system compromise. Exploitation may also result in a denial-of-service (DoS) condition affecting the impacted system process. | ||||
| CVE-2026-41963 | 1 Huawei | 1 Harmonyos | 2026-05-15 | 2.8 Low |
| Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-0044 | 1 Amd | 8 Amd Ryzen™ Ai 300 Series Processors, Radeon Pro W7000 Series, Radeon Rx 7000 Series and 5 more | 2026-05-15 | N/A |
| An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability. | ||||
| CVE-2023-31309 | 2026-05-15 | N/A | ||
| Improper validation in Power Management Firmware (PMFW) may allow an attacker with privileges to pass malformed workload arguments when exporting table data from SMU to DRAM potentially resulting in a loss of confidentiality and/or availability. | ||||
| CVE-2024-21950 | 1 Amd | 4 Instinct Mi300a, Instinct Mi300x, Instinct Mi308x and 1 more | 2026-05-15 | N/A |
| An out of bounds read in the remote management firmware could allow a privileged attacker read a limited section of memory outside of established bounds potentially resulting in loss of confidentiality or availability. | ||||
| CVE-2026-43490 | 1 Linux | 1 Linux Kernel | 2026-05-15 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate inherited ACE SID length smb_inherit_dacl() walks the parent directory DACL loaded from the security descriptor xattr. It verifies that each ACE contains the fixed SID header before using it, but does not verify that the variable-length SID described by sid.num_subauth is fully contained in the ACE. A malformed inheritable ACE can advertise more subauthorities than are present in the ACE. compare_sids() may then read past the ACE. smb_set_ace() also clamps the copied destination SID, but used the unchecked source SID count to compute the inherited ACE size. That could advance the temporary inherited ACE buffer pointer and nt_size accounting past the allocated buffer. Fix this by validating the parent ACE SID count and SID length before using the SID during inheritance. Compute the inherited ACE size from the copied SID so the size matches the bounded destination SID. Reject the inherited DACL if size accumulation would overflow smb_acl.size or the security descriptor allocation size. | ||||