Total
225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-7117 | 3 Canonical, Debian, Linux | 3 Ubuntu Linux, Debian Linux, Linux Kernel | 2026-05-06 | 10.0 HIGH | 9.8 CRITICAL |
| Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel before 4.5.2 allows remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing. | |||||
| CVE-2014-9803 | 2 Google, Linux | 2 Android, Linux Kernel | 2026-05-06 | 9.3 HIGH | 7.8 HIGH |
| arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020. | |||||
| CVE-2015-0560 | 2 Opensuse, Wireshark | 2 Opensuse, Wireshark | 2026-05-06 | 5.0 MEDIUM | N/A |
| The dissect_wccp2r1_address_table_info function in epan/dissectors/packet-wccp.c in the WCCP dissector in Wireshark 1.10.x before 1.10.12 and 1.12.x before 1.12.3 does not initialize certain data structures, which allows remote attackers to cause a denial of service (application crash) via a crafted packet. | |||||
| CVE-2016-1730 | 1 Apple | 1 Iphone Os | 2026-05-06 | 5.8 MEDIUM | 5.4 MEDIUM |
| WebSheet in Apple iOS before 9.2.1 allows remote attackers to read or write to cookies by operating a crafted captive portal. | |||||
| CVE-2015-7575 | 3 Canonical, Mozilla, Opensuse | 5 Ubuntu Linux, Firefox, Network Security Services and 2 more | 2026-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| Mozilla Network Security Services (NSS) before 3.20.2, as used in Mozilla Firefox before 43.0.2 and Firefox ESR 38.x before 38.5.2, does not reject MD5 signatures in Server Key Exchange messages in TLS 1.2 Handshake Protocol traffic, which makes it easier for man-in-the-middle attackers to spoof servers by triggering a collision. | |||||
| CVE-2016-2085 | 1 Linux | 1 Linux Kernel | 2026-05-06 | 2.1 LOW | 5.5 MEDIUM |
| The evm_verify_hmac function in security/integrity/evm/evm_main.c in the Linux kernel before 4.5 does not properly copy data, which makes it easier for local users to forge MAC values via a timing side-channel attack. | |||||
| CVE-2016-3306 | 1 Microsoft | 7 Windows 10, Windows 7, Windows 8.1 and 4 more | 2026-05-06 | 4.6 MEDIUM | 7.8 HIGH |
| The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 mishandles session objects, which allows local users to hijack sessions, and consequently gain privileges, via a crafted application, aka "Windows Session Object Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3305. | |||||
| CVE-2016-10081 | 1 Shutter-project | 1 Shutter | 2026-05-06 | 9.3 HIGH | 7.8 HIGH |
| /usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action. | |||||
| CVE-2010-0213 | 1 Isc | 1 Bind | 2026-04-29 | 2.6 LOW | N/A |
| BIND 9.7.1 and 9.7.1-P1, when a recursive validating server has a trust anchor that is configured statically or via DNSSEC Lookaside Validation (DLV), allows remote attackers to cause a denial of service (infinite loop) via a query for an RRSIG record whose answer is not in the cache, which causes BIND to repeatedly send RRSIG queries to the authoritative servers. | |||||
| CVE-2007-0494 | 1 Isc | 1 Bind | 2026-04-23 | 4.3 MEDIUM | N/A |
| ISC BIND 9.0.x, 9.1.x, 9.2.0 up to 9.2.7, 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (exit) via a type * (ANY) DNS query response that contains multiple RRsets, which triggers an assertion error, aka the "DNSSEC Validation" vulnerability. | |||||
| CVE-2005-4856 | 1 Ez | 1 Ez Publish | 2026-04-16 | 5.0 MEDIUM | N/A |
| The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url". | |||||
| CVE-1999-0226 | 1 Microsoft | 1 Windows Nt | 2026-04-16 | 10.0 HIGH | N/A |
| Windows NT TCP/IP processes fragmented IP packets improperly, causing a denial of service. | |||||
| CVE-2025-20311 | 2026-04-15 | N/A | 7.4 HIGH | ||
| A vulnerability in the handling of certain Ethernet frames in Cisco IOS XE Software for Catalyst 9000 Series Switches could allow an unauthenticated, adjacent attacker to cause an egress port to become blocked and drop all outbound traffic. This vulnerability is due to improper handling of crafted Ethernet frames. An attacker could exploit this vulnerability by sending crafted Ethernet frames through an affected switch. A successful exploit could allow the attacker to cause the egress port to which the crafted frame is forwarded to start dropping all frames, resulting in a denial of service (DoS) condition. | |||||
| CVE-2026-28552 | 1 Huawei | 2 Emui, Harmonyos | 2026-03-05 | N/A | 6.5 MEDIUM |
| Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-28539 | 1 Huawei | 1 Harmonyos | 2026-03-05 | N/A | 6.2 MEDIUM |
| Data processing vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | |||||
| CVE-2019-0941 | 1 Microsoft | 8 Windows 10, Windows 7, Windows 8.1 and 5 more | 2025-05-20 | 5.0 MEDIUM | 4.4 MEDIUM |
| A denial of service exists in Microsoft IIS Server when the optional request filtering feature improperly handles requests. An attacker who successfully exploited this vulnerability could perform a temporary denial of service against pages configured to use request filtering. To exploit this vulnerability, an attacker could send a specially crafted request to a page utilizing request filtering. The update addresses the vulnerability by changing the way certain requests are processed by the filter. | |||||
| CVE-2016-1000340 | 1 Bouncycastle | 1 Bc-java | 2025-05-12 | 5.0 MEDIUM | 7.5 HIGH |
| In the Bouncy Castle JCE Provider versions 1.51 to 1.55, a carry propagation bug was introduced in the implementation of squaring for several raw math classes have been fixed (org.bouncycastle.math.raw.Nat???). These classes are used by our custom elliptic curve implementations (org.bouncycastle.math.ec.custom.**), so there was the possibility of rare (in general usage) spurious calculations for elliptic curve scalar multiplications. Such errors would have been detected with high probability by the output validation for our scalar multipliers. | |||||
| CVE-2018-6332 | 1 Facebook | 1 Hhvm | 2025-05-06 | 4.3 MEDIUM | 5.9 MEDIUM |
| A potential denial-of-service issue in the Proxygen handling of invalid HTTP2 settings which can cause the server to spend disproportionate resources. This affects all supported versions of HHVM (3.24.3 and 3.21.7 and below) when using the proxygen server to handle HTTP2 requests. | |||||
| CVE-2019-9870 | 1 Oembed Project | 1 Oembed | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| plugin.js in the w8tcha oEmbed plugin before 2019-03-14 for CKEditor mishandles SCRIPT elements. | |||||
| CVE-2019-9673 | 1 Freenetproject | 1 Freenet | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Freenet 1483 has a MIME type bypass that allows arbitrary JavaScript execution via a crafted Freenet URI. | |||||