Export limit exceeded: 363851 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363851 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-31883 1 Freerdp 1 Freerdp 2026-03-24 6.5 Medium
FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to 3.24.0, a size_t underflow in the IMA-ADPCM and MS-ADPCM audio decoders leads to heap-buffer-overflow write via the RDPSND audio channel. In libfreerdp/codec/dsp.c, the IMA-ADPCM and MS-ADPCM decoders subtract block header sizes from a size_t variable without checking for underflow. When nBlockAlign (received from the server) is set such that size % block_size == 0 triggers the header parsing at a point where size is smaller than the header (4 or 8 bytes), the subtraction wraps size to ~SIZE_MAX. The while (size > 0) loop then continues for an astronomical number of iterations. This vulnerability is fixed in 3.24.0.
CVE-2026-23538 1 Redhat 1 Openshift Ai 2026-03-24 7.5 High
A vulnerability was identified in the Feast Feature Server's `/ws/chat` endpoint that allows remote attackers to establish persistent WebSocket connections without any authentication. By opening a large number of simultaneous connections, an attacker can exhaust server resources—such as memory, CPU, and file descriptors—leading to a complete denial of service for legitimate users.
CVE-2025-66614 2 Apache, Apache Tomcat 2 Tomcat, Apache Tomcat 2026-03-24 7.6 High
Improper Input Validation vulnerability. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.14, from 10.1.0-M1 through 10.1.49, from 9.0.0-M1 through 9.0.112. The following versions were EOL at the time the CVE was created but are known to be affected: 8.5.0 through 8.5.100. Older EOL versions are not affected. Tomcat did not validate that the host name provided via the SNI extension was the same as the host name provided in the HTTP host header field. If Tomcat was configured with more than one virtual host and the TLS configuration for one of those hosts did not require client certificate authentication but another one did, it was possible for a client to bypass the client certificate authentication by sending different host names in the SNI extension and the HTTP host header field. The vulnerability only applies if client certificate authentication is only enforced at the Connector. It does not apply if client certificate authentication is enforced at the web application. Users are recommended to upgrade to version 11.0.15 or later, 10.1.50 or later or 9.0.113 or later, which fix the issue.
CVE-2022-49267 1 Redhat 1 Enterprise Linux 2026-03-24 6.7 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2025-2399 1 Mitsubishi Electric 20 Cnc C80 Series C80, Cnc E70 Series E70, Cnc E80 Series E80 and 17 more 2026-03-24 5.9 Medium
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric CNC M800V Series M800VW and M800VS, M80V Series M80V and M80VW, M800 Series M800W and M800S, M80 Series M80 and M80W, E80 Series E80, C80 Series C80, M700V Series M750VW, M720VW, 730VW, M720VS, M730VS, and M750VS, M70V Series M70V, E70 Series E70, and Software Tools NC Trainer2 and NC Trainer2 plus allows a remote attacker to cause an out-of-bounds read, resulting in a denial-of-service condition by sending specially crafted packets to TCP port 683.
CVE-2026-32912 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32911 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32910 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32909 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32908 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32907 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32904 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32903 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32902 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32901 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32900 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32066 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32047 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-32012 2026-03-23 N/A
This CVE ID has been rejected.
CVE-2026-28483 2026-03-23 N/A
This CVE ID has been rejected.