Total
5260 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-27141 | 2026-06-17 | N/A | 7.5 HIGH | ||
| Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | |||||
| CVE-2026-26983 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 5.3 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, the MSL interpreter crashes when processing a invalid `<map>` element that causes it to use an image after it has been freed. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-26829 | 2026-06-17 | N/A | 7.5 HIGH | ||
| A NULL pointer dereference in the safe_atou64 function (src/misc.c) of owntone-server through commit c4d57aa allows attackers to cause a Denial of Service (DoS) via sending a series of crafted HTTP requests to the server. | |||||
| CVE-2026-26828 | 2026-06-17 | N/A | 7.5 HIGH | ||
| A NULL pointer dereference in the daap_reply_playlists function (src/httpd_daap.c) of owntone-server commit 3d1652d allows attackers to cause a Denial of Service (DoS) via sending a crafted DAAP request to the server | |||||
| CVE-2026-26173 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 7.0 HIGH |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-26025 | 1 Free5gc | 1 Smf | 2026-06-17 | N/A | 7.5 HIGH |
| free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only). | |||||
| CVE-2026-26024 | 1 Free5gc | 1 Smf | 2026-06-17 | N/A | 7.5 HIGH |
| free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics and terminates when processing a malformed PFCP SessionReportRequest on the PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only). | |||||
| CVE-2026-25798 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 5.3 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a NULL pointer dereference in ClonePixelCacheRepository allows a remote attacker to crash any application linked against ImageMagick by supplying a crafted image file, resulting in denial of service. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-25795 | 1 Imagemagick | 1 Imagemagick | 2026-06-17 | N/A | 5.3 MEDIUM |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, in `ReadSFWImage()` (`coders/sfw.c`), when temporary file creation fails, `read_info` is destroyed before its `filename` member is accessed, causing a NULL pointer dereference and crash. Versions 7.1.2-15 and 6.9.13-40 contain a patch. | |||||
| CVE-2026-25501 | 1 Free5gc | 1 Smf | 2026-06-17 | N/A | 7.5 HIGH |
| free5GC SMF provides Session Management Function for free5GC, an open-source project for 5th generation (5G) mobile core networks. In versions up to and including 1.4.1, SMF panics due to nil pointer dereference and the SMF process terminates. This is triggered by a malformed PFCP SessionReportRequest on the SMF PFCP (UDP/8805) interface. No known upstream fix is available, but some workarounds are available. ACL/firewall the PFCP interface so only trusted UPF IPs can reach SMF (reduce spoofing/abuse surface); drop/inspect malformed PFCP SessionReportRequest messages at the network edge where feasible, and/or add recover() around PFCP handler dispatch to avoid whole-process termination (mitigation only). | |||||
| CVE-2026-25168 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 6.2 MEDIUM |
| Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally. | |||||
| CVE-2026-25165 | 1 Microsoft | 14 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 11 more | 2026-06-17 | N/A | 7.8 HIGH |
| Null pointer dereference in Windows Performance Counters allows an authorized attacker to elevate privileges locally. | |||||
| CVE-2026-25110 | 2026-06-17 | N/A | 3.3 LOW | ||
| in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS. | |||||
| CVE-2026-25075 | 2026-06-17 | N/A | 7.5 HIGH | ||
| strongSwan versions 4.5.0 prior to 6.0.5 contain an integer underflow vulnerability in the EAP-TTLS AVP parser that allows unauthenticated remote attackers to cause a denial of service by sending crafted AVP data with invalid length fields during IKEv2 authentication. Attackers can exploit the failure to validate AVP length fields before subtraction to trigger excessive memory allocation or NULL pointer dereference, crashing the charon IKE daemon. | |||||
| CVE-2026-24929 | 1 Huawei | 1 Harmonyos | 2026-06-17 | N/A | 5.9 MEDIUM |
| Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-24918 | 1 Huawei | 2 Emui, Harmonyos | 2026-06-17 | N/A | 6.8 MEDIUM |
| Address read vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | |||||
| CVE-2026-24883 | 2 Gnupg, Gpg4win | 2 Gnupg, Gpg4win | 2026-06-17 | N/A | 3.7 LOW |
| In GnuPG before 2.5.17, a long signature packet length causes parse_signature to return success with sig->data[] set to a NULL value, leading to a denial of service (application crash). | |||||
| CVE-2026-24826 | 2026-06-17 | N/A | N/A | ||
| Out-of-bounds Write, Divide By Zero, NULL Pointer Dereference, Use of Uninitialized Resource, Out-of-bounds Read, Reachable Assertion vulnerability in cadaver turso3d.This issue affects . | |||||
| CVE-2026-24813 | 2026-06-17 | N/A | N/A | ||
| NULL Pointer Dereference vulnerability in abcz316 SKRoot-linuxKernelRoot (testRoot/jni/utils modules). This vulnerability is associated with program files cJSON.Cpp. This issue affects SKRoot-linuxKernelRoot. | |||||
| CVE-2026-24805 | 2026-06-17 | N/A | N/A | ||
| NULL Pointer Dereference vulnerability in visualfc liteide (liteidex/src/3rdparty/libvterm/src modules). This vulnerability is associated with program files screen.C, state.C, vterm.C. This issue affects liteide: before x38.4. | |||||