Search Results (45998 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-10922 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-06-05 8.8 High
Insufficient validation of untrusted input in DevTools in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to bypass same origin policy via malicious network traffic. (Chromium security severity: High)
CVE-2026-10929 1 Google 2 Android, Chrome 2026-06-05 8.3 High
Heap buffer overflow in ANGLE in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
CVE-2021-43619 1 Trustedfirmware 1 Trusted Firmware-m 2026-06-05 7.8 High
Trusted Firmware M 1.4.x through 1.4.1 has a buffer overflow issue in the Firmware Update partition. In the IPC model, a psa_fwu_write caller from SPE or NSPE can overwrite stack memory locations.
CVE-2023-31339 2 Amd, Trustedfirmware 43 Trusted Firmware-a, Zu11eg, Zu15eg and 40 more 2026-06-05 4.8 Medium
Improper input validation in ARM® Trusted Firmware used in AMD’s Zynq™ UltraScale+™) MPSoC/RFSoC may allow a privileged attacker to perform out of bound reads, potentially resulting in data leakage and denial of service.
CVE-2022-47630 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.4 High
Trusted Firmware-A through 2.8 has an out-of-bounds read in the X.509 parser for parsing boot certificates. This affects downstream use of get_ext and auth_nvctr. Attackers might be able to trigger dangerous read side effects or obtain sensitive information about microarchitectural state.
CVE-2017-9607 1 Trustedfirmware 1 Trusted Firmware-a 2026-06-05 7.0 High
The BL1 FWU SMC handling code in ARM Trusted Firmware before 1.4 might allow attackers to write arbitrary data to secure memory, bypass the bl1_plat_mem_check protection mechanism, cause a denial of service, or possibly have unspecified other impact via a crafted AArch32 image, which triggers an integer overflow.
CVE-2026-4276 1 Librechat 2 Librechat, Rag Api 2026-06-05 7.5 High
LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.
CVE-2026-34875 2 Mbed-tls, Trustedfirmware 4 Mbedtls, Tf-psa-crypto, Mbed Tls and 1 more 2026-06-05 9.8 Critical
An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys.
CVE-2026-25833 2 Mbed-tls, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 7.5 High
Mbed TLS 3.5.0 to 3.6.5 fixed in 3.6.6 and 4.1.0 has a buffer overflow in the x509_inet_pton_ipv6() function
CVE-2026-34876 2 Mbed-tls, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 7.5 High
An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API.
CVE-2023-45199 2 Mbed, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 9.8 Critical
Mbed TLS 3.2.x through 3.4.x before 3.5 has a Buffer Overflow that can lead to remote Code execution.
CVE-2015-8036 5 Debian, Fedoraproject, Opensuse and 2 more 5 Debian Linux, Fedora, Opensuse and 2 more 2026-06-05 N/A
Heap-based buffer overflow in ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long session ticket name to the session ticket extension, which is not properly handled when creating a ClientHello message to resume a session. NOTE: this identifier was SPLIT from CVE-2015-5291 per ADT3 due to different affected version ranges.
CVE-2022-35409 3 Arm, Debian, Trustedfirmware 3 Mbed Tls, Debian Linux, Mbed Tls 2026-06-05 9.1 Critical
An issue was discovered in Mbed TLS before 2.28.1 and 3.x before 3.2.0. In some configurations, an unauthenticated attacker can send an invalid ClientHello message to a DTLS server that causes a heap-based buffer over-read of up to 255 bytes. This can cause a server crash or possibly information disclosure based on error responses. Affected configurations have MBEDTLS_SSL_DTLS_CLIENT_PORT_REUSE enabled and MBEDTLS_SSL_IN_CONTENT_LEN less than a threshold that depends on the configuration: 258 bytes if using mbedtls_ssl_cookie_check, and possibly up to 571 bytes with a custom cookie check function.
CVE-2018-9989 3 Arm, Debian, Trustedfirmware 3 Mbed Tls, Debian Linux, Mbed Tls 2026-06-05 7.5 High
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_psk_hint() that could cause a crash on invalid input.
CVE-2018-9988 3 Arm, Debian, Trustedfirmware 3 Mbed Tls, Debian Linux, Mbed Tls 2026-06-05 7.5 High
ARM mbed TLS before 2.1.11, before 2.7.2, and before 2.8.0 has a buffer over-read in ssl_parse_server_key_exchange() that could cause a crash on invalid input.
CVE-2025-49601 2 Mbed, Trustedfirmware 2 Mbedtls, Mbed Tls 2026-06-05 4.8 Medium
In MbedTLS 3.3.0 before 3.6.4, mbedtls_lms_import_public_key does not check that the input buffer is at least 4 bytes before reading a 32-bit field, allowing a possible out-of-bounds read on truncated input. Specifically, an out-of-bounds read in mbedtls_lms_import_public_key allows context-dependent attackers to trigger a crash or limited adjacent-memory disclosure by supplying a truncated LMS (Leighton-Micali Signature) public-key buffer under four bytes. An LMS public key starts with a 4-byte type indicator. The function mbedtls_lms_import_public_key reads this type indicator before validating the size of its input.
CVE-2024-23775 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 7.5 High
Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension().
CVE-2025-27809 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 5.4 Medium
Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname.
CVE-2024-30166 2 Arm, Trustedfirmware 2 Mbed Tls, Mbed Tls 2026-06-05 9.1 Critical
In Mbed TLS 3.3.0 through 3.5.2 before 3.6.0, a malicious client can cause information disclosure or a denial of service because of a stack buffer over-read (of less than 256 bytes) in a TLS 1.3 server via a TLS 3.1 ClientHello.
CVE-2015-5291 5 Debian, Fedoraproject, Opensuse and 2 more 6 Debian Linux, Fedora, Leap and 3 more 2026-06-05 N/A
Heap-based buffer overflow in PolarSSL 1.x before 1.2.17 and ARM mbed TLS (formerly PolarSSL) 1.3.x before 1.3.14 and 2.x before 2.1.2 allows remote SSL servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long hostname to the server name indication (SNI) extension, which is not properly handled when creating a ClientHello message. NOTE: this identifier has been SPLIT per ADT3 due to different affected version ranges. See CVE-2015-8036 for the session ticket issue that was introduced in 1.3.0.