Total
29891 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39911 | 1 Gitlab | 1 Gitlab | 2026-06-12 | 4.0 MEDIUM | 1.7 LOW |
| An improper access control flaw in all versions of GitLab CE/EE starting from 13.9 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 exposes private email address of Issue and Merge Requests assignee to Webhook data consumers | |||||
| CVE-2026-46239 | 1 Linux | 1 Linux Kernel | 2026-06-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl Three control cases (AUTOGAIN, EXPOSURE_AUTO, ANALOGUE_GAIN) directly return without calling pm_runtime_put(), causing runtime PM reference count leaks. Change these cases from 'return' to 'ret = ... break' pattern to ensure pm_runtime_put() is always called before function exit. | |||||
| CVE-2026-46214 | 1 Linux | 1 Linux Kernel | 2026-06-10 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix accept queue count leak on transport mismatch virtio_transport_recv_listen() calls sk_acceptq_added() before vsock_assign_transport(). If vsock_assign_transport() fails or selects a different transport, the error path returns without calling sk_acceptq_removed(), permanently incrementing sk_ack_backlog. After approximately backlog+1 such failures, sk_acceptq_is_full() returns true, causing the listener to reject all new connections. Fix by moving sk_acceptq_added() to after the transport validation, matching the pattern used by vmci_transport and hyperv_transport. | |||||
| CVE-2026-21017 | 1 Samsung | 1 Android | 2026-06-06 | N/A | 5.5 MEDIUM |
| Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files. | |||||
| CVE-2026-21025 | 1 Samsung | 1 Android | 2026-06-06 | N/A | 5.5 MEDIUM |
| Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information. | |||||
| CVE-2026-21026 | 1 Samsung | 1 Android | 2026-06-06 | N/A | 5.5 MEDIUM |
| Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information. | |||||
| CVE-2026-21027 | 1 Samsung | 1 Android | 2026-06-06 | N/A | 3.3 LOW |
| Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. | |||||
| CVE-2026-21029 | 1 Samsung | 1 Android | 2026-06-06 | N/A | 7.8 HIGH |
| Improper export of android application components in Galaxy Editing Service prior to SMR Jun-2026 Release 1 allows local attacker to execute privileged operations. | |||||
| CVE-2021-44149 | 2 Nxp, Trustedfirmware | 2 I.mx 6ultralite, Op-tee | 2026-06-05 | 4.6 MEDIUM | 7.8 HIGH |
| An issue was discovered in Trusted Firmware OP-TEE Trusted OS through 3.15.0. The OPTEE-OS CSU driver for NXP i.MX6UL SoC devices lacks security access configuration for wakeup-related registers, resulting in TrustZone bypass because the NonSecure World can perform arbitrary memory read/write operations on Secure World memory. This involves a v cycle. | |||||
| CVE-2023-51712 | 1 Trustedfirmware | 1 Trusted Firmware-m | 2026-06-05 | N/A | 4.7 MEDIUM |
| An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | |||||
| CVE-2025-7016 | 1 Akinsoft | 1 Qr Menu | 2026-06-05 | N/A | 8.0 HIGH |
| Improper Access Control vulnerability in Akın Software Computer Import Export Industry and Trade Ltd. QR Menu allows Authentication Abuse. This issue affects QR Menu: before s1.05.12. | |||||
| CVE-2021-32926 | 1 Rockwellautomation | 4 Micro800, Micro800 Firmware, Micrologix 1400 and 1 more | 2026-06-04 | 5.0 MEDIUM | 7.5 HIGH |
| When an authenticated password change request takes place, this vulnerability could allow the attacker to intercept the message that includes the legitimate, new password hash and replace it with an illegitimate hash. The user would no longer be able to authenticate to the controller (Micro800: All versions, MicroLogix 1400: Version 21 and later) causing a denial-of-service condition | |||||
| CVE-2024-1272 | 1 Tnbmobil | 1 Cockpit | 2026-06-03 | N/A | 7.5 HIGH |
| Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1. | |||||
| CVE-2019-18269 | 1 Omron | 2 Plc Cj Firmware, Plc Cs Firmware | 2026-06-02 | 7.5 HIGH | 9.8 CRITICAL |
| Omron’s CS and CJ series PLCs have an unrestricted externally accessible lock vulnerability. | |||||
| CVE-2019-10984 | 1 Redlion | 1 Crimson | 2026-06-02 | 6.8 MEDIUM | 7.8 HIGH |
| Red Lion Controls Crimson, version 3.0 and prior and version 3.1 prior to release 3112.00, allow multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that causes the program to mishandle pointers. | |||||
| CVE-2025-11159 | 1 Hitachi | 1 Vantara Pentaho Data Integration And Analytics | 2026-06-02 | N/A | 9.1 CRITICAL |
| Hitachi Vantara Pentaho Data Integration & Analytics of all versions contain a JDBC driver for H2 databases which is vulnerable to external script execution when a new connection is created by a data source administrator. | |||||
| CVE-2023-51767 | 3 Fedoraproject, Openbsd, Redhat | 3 Fedora, Openssh, Enterprise Linux | 2026-06-02 | N/A | 7.0 HIGH |
| OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states "we do not consider it to be the application's responsibility to defend against platform architectural weaknesses." | |||||
| CVE-2026-43098 | 1 Linux | 1 Linux Kernel | 2026-06-01 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: nfc: s3fwrn5: allocate rx skb before consuming bytes s3fwrn82_uart_read() reports the number of accepted bytes to the serdev core. The current code consumes bytes into recv_skb and may already deliver a complete frame before allocating a fresh receive buffer. If that alloc_skb() fails, the callback returns 0 even though it has already consumed bytes, and it leaves recv_skb as NULL for the next receive callback. That breaks the receive_buf() accounting contract and can also lead to a NULL dereference on the next skb_put_u8(). Allocate the receive skb lazily before consuming the next byte instead. If allocation fails, return the number of bytes already accepted. | |||||
| CVE-2026-31634 | 1 Linux | 1 Linux Kernel | 2026-06-01 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: rxrpc: fix reference count leak in rxrpc_server_keyring() This patch fixes a reference count leak in rxrpc_server_keyring() by checking if rx->securities is already set. | |||||
| CVE-2024-50012 | 1 Linux | 1 Linux Kernel | 2026-06-01 | N/A | 5.5 MEDIUM |
| In the Linux kernel, the following vulnerability has been resolved: cpufreq: Avoid a bad reference count on CPU node In the parse_perf_domain function, if the call to of_parse_phandle_with_args returns an error, then the reference to the CPU device node that was acquired at the start of the function would not be properly decremented. Address this by declaring the variable with the __free(device_node) cleanup attribute. | |||||