Total
8618 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-24826 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . | |||||
| CVE-2026-24821 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files lparser.C. This issue affects WickedEngine: through 0.71.727. | |||||
| CVE-2026-24820 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Read vulnerability in turanszkij WickedEngine (WickedEngine/LUA modules). This vulnerability is associated with program files ldebug.C. This issue affects WickedEngine: before 0.71.705. | |||||
| CVE-2026-24818 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Read vulnerability in praydog UEVR (dependencies/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects UEVR: before 1.05. | |||||
| CVE-2026-24812 | 2026-06-17 | N/A | N/A | ||
| Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inftrees.C. This issue affects root: through 6.36.00-rc1. | |||||
| CVE-2026-24811 | 1 Root | 1 Root | 2026-06-17 | N/A | 9.8 CRITICAL |
| Vulnerability in root-project root (builtins/zlib modules). This vulnerability is associated with program files inffast.C. This issue affects root. | |||||
| CVE-2026-24796 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Read vulnerability in CloverHackyColor CloverBootloader (MdeModulePkg/Universal/RegularExpressionDxe/Oniguruma modules). This vulnerability is associated with program files regparse.C. This issue affects CloverBootloader: before 5162. | |||||
| CVE-2026-24481 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 7.5 HIGH |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a heap information disclosure vulnerability exists in ImageMagick's PSD (Adobe Photoshop) format handler. When processing a maliciously crafted PSD file containing ZIP-compressed layer data that decompresses to less than the expected size, uninitialized heap memory is leaked into the output image. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-24282 | 1 Microsoft | 8 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 5 more | 2026-06-17 | N/A | 5.5 MEDIUM |
| Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally. | |||||
| CVE-2026-24116 | 1 Bytecodealliance | 1 Wasmtime | 2026-06-17 | N/A | 5.5 MEDIUM |
| Wasmtime is a runtime for WebAssembly. Starting in version 29.0.0 and prior to version 36.0.5, 40.0.3, and 41.0.1, on x86-64 platforms with AVX, Wasmtime's compilation of the `f64.copysign` WebAssembly instruction with Cranelift may load 8 more bytes than is necessary. When signals-based-traps are disabled this can result in a uncaught segfault due to loading from unmapped guard pages. With guard pages disabled it's possible for out-of-sandbox data to be loaded, but unless there is another bug in Cranelift this data is not visible to WebAssembly guests. Wasmtime 36.0.5, 40.0.3, and 41.0.1 have been released to fix this issue. Users are recommended to upgrade to the patched versions of Wasmtime. Other affected versions are not patched and users should updated to supported major version instead. This bug can be worked around by enabling signals-based-traps. While disabling guard pages can be a quick fix in some situations, it's not recommended to disabled guard pages as it is a key defense-in-depth measure of Wasmtime. | |||||
| CVE-2026-23951 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-06-17 | N/A | 5.5 MEDIUM |
| SumatraPDF is a multi-format reader for Windows. All versions contain an off-by-one error in the validation code that only triggers with exactly 2 records, causing an integer underflow in the size calculation. This bug exists in PalmDbReader::GetRecord when opening a crafted Mobi file, resulting in an out-of-bounds heap read that crashes the app. There are no published fixes at the time of publication. | |||||
| CVE-2026-23865 | 1 Freetype | 1 Freetype | 2026-06-17 | N/A | 5.3 MEDIUM |
| An integer overflow in the tt_var_load_item_variation_store function of the Freetype library in versions 2.13.2 and 2.13.3 may allow for an out of bounds read operation when parsing HVAR/VVAR/MVAR tables in OpenType variable fonts. This issue is fixed in version 2.14.2. | |||||
| CVE-2026-23720 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2026-23718 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted NDB files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2026-23717 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2026-23716 | 1 Siemens | 2 Simcenter Femap, Simcenter Nastran | 2026-06-17 | N/A | 7.8 HIGH |
| A vulnerability has been identified in Simcenter Femap (All versions < V2512), Simcenter Nastran (All versions < V2512). The affected applications contains an out of bounds read vulnerability while parsing specially crafted XDB files. This could allow an attacker to execute code in the context of the current process. | |||||
| CVE-2026-23673 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Out-of-bounds read in Windows Resilient File System (ReFS) allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-23672 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability | |||||
| CVE-2026-23569 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-06-17 | N/A | 6.5 MEDIUM |
| An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows a remote attacker to leak stack memory and cause a denial of service via a crafted request. The leaked stack memory could be used to bypass ASLR remotely and facilitate exploitation of other vulnerabilities on the affected system. | |||||
| CVE-2026-23568 | 2 Microsoft, Teamviewer | 2 Windows, Digital Employee Experience | 2026-06-17 | N/A | 5.4 MEDIUM |
| An out-of-bounds read vulnerability in the TeamViewer DEX Client (former 1E Client) - Content Distribution Service (NomadBranch.exe) prior version 26.1 for Windows allows an attacker on the adjacent network to cause information disclosure or denial-of-service via a special crafted packet. The leaked memory could be used to bypass ASLR and facilitate further exploitation. | |||||