Export limit exceeded: 14540 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 11591 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 12027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (12027 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-25542 2 Linuxfoundation, Tektoncd 2 Tekton Pipelines, Pipeline 2026-05-22 6.5 Medium
Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.43.0 and prior to versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1, trusted resources verification policies match a resource source string (refSource.URI) against spec.resources[].pattern using regexp.MatchString. In Go, regexp.MatchString reports a match if the pattern matches anywhere in the string, so common unanchored patterns (including examples in tekton documentation) can be bypassed by attacker-controlled source strings that contain the trusted pattern as a substring. This can cause an unintended policy match and change which verification mode/keys apply. Versions 1.0.2, 1.3.4, 1.6.2, 1.9.3, and 1.11.1 fix the issue.
CVE-2026-28809 4 Arekinath, Dropbox, Handnot2 and 1 more 4 Esaml, Esaml, Esaml and 1 more 2026-05-22 5.3 Medium
XML External Entity (XXE) vulnerability in esaml (and its forks) allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using xmerl_scan:string/2 before signature verification without disabling XML entity expansion. On Erlang/OTP versions before 27, Xmerl allows entities by default, enabling pre-signature XXE attacks. An attacker can cause the host to read local files (e.g., Kubernetes-mounted secrets) into the SAML document. If the attacker is not a trusted SAML SP, signature verification will fail and the document is discarded, but file contents may still be exposed through logs or error messages. This issue affects all versions of esaml, including forks by arekinath, handnot2, and dropbox. Users running on Erlang/OTP 27 or later are not affected due to Xmerl defaulting to entities disabled.
CVE-2025-47953 1 Microsoft 10 365 Apps, 365 Copilot, Office and 7 more 2026-05-22 8.4 High
Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.
CVE-2025-13479 1 Poscube 1 Qr Menu 2026-05-22 7.5 High
Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2026-1815 1 Turkiye Electricity Transmission Corporation 1 Mobile Application 2026-05-22 5.7 Medium
Insufficient session expiration vulnerability in Turkiye Electricity Transmission Corporation (TEİAŞ) Mobile Application allows Session Hijacking. This issue affects Mobile Application: from 1.6.2 before 1.13.
CVE-2026-8679 2 Cssigniterteam, Wordpress 2 Audioigniter Music Player, Wordpress 2026-05-22 7.5 High
The AudioIgniter plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the handle_playlist_endpoint() function (hooked to template_redirect) accepting a user-controlled playlist ID via the audioigniter_playlist_id query var or the /audioigniter/playlist/{id}/ rewrite rule and returning playlist track data without performing any authentication, capability, or post_status check — only the post_type is validated. This makes it possible for unauthenticated attackers to view track metadata (titles, artists, audio URLs, buy links, download URLs, and cover images) of any playlist on the site, including those in draft, private, pending, or trash status.
CVE-2023-2065 1 Armoli 1 Cargo Tracking System 2026-05-22 8.8 High
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System: before 3558f28 .
CVE-2023-2702 1 Finexmedia 1 Competition Management System 2026-05-22 8.8 High
Authorization Bypass Through User-Controlled Key vulnerability in Finex Media Competition Management System allows Authentication Abuse, Authentication Bypass. This issue affects Competition Management System: before 23.07.
CVE-2023-2703 1 Finexmedia 1 Competition Management System 2026-05-22 7.5 High
Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Finex Media Competition Management System allows Retrieve Embedded Sensitive Data, Collect Data as Provided by Users. This issue affects Competition Management System: before 23.07.
CVE-2023-2713 1 Rental Module Project 1 Rental Module 2026-05-22 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass. This issue affects Rental Module: before 23.05.15.
CVE-2023-2883 1 Cbot 2 Cbot Core, Cbot Panel 2026-05-22 8.8 High
Authorization Bypass Through User-Controlled Key vulnerability in CBOT Chatbot allows Authentication Abuse, Authentication Bypass. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7.
CVE-2023-2958 1 Orjinyazilim 1 Ats Pro 2026-05-22 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in Origin Software ATS Pro allows Authentication Abuse, Authentication Bypass. This issue affects ATS Pro: before 20230714.
CVE-2023-3048 1 Tmtmakine 2 Lockcell, Lockcell Firmware 2026-05-22 9.8 Critical
Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass. This issue affects Lockcell: before 15.
CVE-2026-43404 1 Linux 1 Linux Kernel 2026-05-21 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: mm: Fix a hmm_range_fault() livelock / starvation problem If hmm_range_fault() fails a folio_trylock() in do_swap_page, trying to acquire the lock of a device-private folio for migration, to ram, the function will spin until it succeeds grabbing the lock. However, if the process holding the lock is depending on a work item to be completed, which is scheduled on the same CPU as the spinning hmm_range_fault(), that work item might be starved and we end up in a livelock / starvation situation which is never resolved. This can happen, for example if the process holding the device-private folio lock is stuck in migrate_device_unmap()->lru_add_drain_all() sinc lru_add_drain_all() requires a short work-item to be run on all online cpus to complete. A prerequisite for this to happen is: a) Both zone device and system memory folios are considered in migrate_device_unmap(), so that there is a reason to call lru_add_drain_all() for a system memory folio while a folio lock is held on a zone device folio. b) The zone device folio has an initial mapcount > 1 which causes at least one migration PTE entry insertion to be deferred to try_to_migrate(), which can happen after the call to lru_add_drain_all(). c) No or voluntary only preemption. This all seems pretty unlikely to happen, but indeed is hit by the "xe_exec_system_allocator" igt test. Resolve this by waiting for the folio to be unlocked if the folio_trylock() fails in do_swap_page(). Rename migration_entry_wait_on_locked() to softleaf_entry_wait_unlock() and update its documentation to indicate the new use-case. Future code improvements might consider moving the lru_add_drain_all() call in migrate_device_unmap() to be called *after* all pages have migration entries inserted. That would eliminate also b) above. v2: - Instead of a cond_resched() in hmm_range_fault(), eliminate the problem by waiting for the folio to be unlocked in do_swap_page() (Alistair Popple, Andrew Morton) v3: - Add a stub migration_entry_wait_on_locked() for the !CONFIG_MIGRATION case. (Kernel Test Robot) v4: - Rename migrate_entry_wait_on_locked() to softleaf_entry_wait_on_locked() and update docs (Alistair Popple) v5: - Add a WARN_ON_ONCE() for the !CONFIG_MIGRATION version of softleaf_entry_wait_on_locked(). - Modify wording around function names in the commit message (Andrew Morton) (cherry picked from commit a69d1ab971a624c6f112cea61536569d579c3215)
CVE-2026-8945 1 Mozilla 2 Firefox, Firefox Focus 2026-05-21 7.5 High
Sandbox escape in Firefox and Firefox Focus for Android. This vulnerability was fixed in Firefox 151.
CVE-2026-31431 11 Amazon, Arista, Canonical and 8 more 43 Amazon Linux, Cloudvision Agni, Cloudvision Portal and 40 more 2026-05-21 7.8 High
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_aead - Revert to operating out-of-place This mostly reverts commit 72548b093ee3 except for the copying of the associated data. There is no benefit in operating in-place in algif_aead since the source and destination come from different mappings. Get rid of all the complexity added for in-place operation and just copy the AD directly.
CVE-2026-43405 1 Linux 1 Linux Kernel 2026-05-21 7.5 High
In the Linux kernel, the following vulnerability has been resolved: libceph: Use u32 for non-negative values in ceph_monmap_decode() This patch fixes unnecessary implicit conversions that change signedness of blob_len and num_mon in ceph_monmap_decode(). Currently blob_len and num_mon are (signed) int variables. They are used to hold values that are always non-negative and get assigned in ceph_decode_32_safe(), which is meant to assign u32 values. Both variables are subsequently used as unsigned values, and the value of num_mon is further assigned to monmap->num_mon, which is of type u32. Therefore, both variables should be of type u32. This is especially relevant for num_mon. If the value read from the incoming message is very large, it is interpreted as a negative value, and the check for num_mon > CEPH_MAX_MON does not catch it. This leads to the attempt to allocate a very large chunk of memory for monmap, which will most likely fail. In this case, an unnecessary attempt to allocate memory is performed, and -ENOMEM is returned instead of -EINVAL.
CVE-2026-2813 3 Esri, Linux, Microsoft 3 Arcgis Server, Linux Kernel, Windows 2026-05-21 4.7 Medium
ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a specially crafted request, Successful exploitation may result in the application redirecting the browser to an unintended, untrusted site, resulting in a limited confidentiality impact under specific user interaction conditions. The vulnerability affects only the client side navigation logic during authentication and remains confined to the same security boundary. No server side compromise or cross component impact is possible.  This issue affects ArcGIS Server 11.5.
CVE-2026-8563 2 Google, Microsoft 2 Chrome, Windows 2026-05-21 4.3 Medium
Insufficient policy enforcement in IFrame Sandbox in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium)
CVE-2026-43446 1 Linux 1 Linux Kernel 2026-05-21 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Fix runtime suspend deadlock when there is pending job The runtime suspend callback drains the running job workqueue before suspending the device. If a job is still executing and calls pm_runtime_resume_and_get(), it can deadlock with the runtime suspend path. Fix this by moving pm_runtime_resume_and_get() from the job execution routine to the job submission routine, ensuring the device is resumed before the job is queued and avoiding the deadlock during runtime suspend.