Total
357356 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-53698 | 1 Silverpeas | 1 Silverpeas | 2026-06-10 | 6.5 Medium |
| Silverpeas through 6.4.6 mishandles the "Personal space" feature that is selected when no componentId is set. | ||||
| CVE-2026-53694 | 1 Nomachine | 1 Nomachine | 2026-06-10 | N/A |
| Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Nomachine allows Argument Injection.This issue affects Nomachine: before 9.5.7, before 8.23.2. | ||||
| CVE-2026-41721 | 1 Spring | 1 Spring Data Commons | 2026-06-10 | 5.9 Medium |
| Spring Data Commons contains a vulnerability that can lead to a Denial of Service (DoS) condition if Spring Data Web Support is enabled in conjunction with a Controller method using @ProjectedPayload, when an attacker sends a specially crafted HTTP request that causes the application to allocate lots of memory. Affected versions: Spring Data Commons 4.0.0 through 4.0.5; 3.5.0 through 3.5.11; 3.4.0 through 3.4.14; 3.3.0 through 3.3.16; 3.2.0 through 3.2.15; 3.1.0 through 3.1.14; 3.0.0 through 3.0.15; 2.7.0 through 2.7.19. | ||||
| CVE-2026-41726 | 2 Spring, Vmware | 2 Spring For Apache Kafka, Spring For Apache Kafka | 2026-06-10 | 6.5 Medium |
| When an application opts into DelegatingDeserializer, a producer can grow the consumer's heap without bound by sending records with unique random spring.kafka.serialization.selector header values, eventually causing GC thrash and OutOfMemoryError. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11. | ||||
| CVE-2026-5121 | 2 Libarchive, Redhat | 17 Libarchive, Ai Inference Server, Discovery and 14 more | 2026-06-10 | 7.5 High |
| A flaw was found in libarchive. On 32-bit systems, an integer overflow vulnerability exists in the zisofs block pointer allocation logic. A remote attacker can exploit this by providing a specially crafted ISO9660 image, which can lead to a heap buffer overflow. This could potentially allow for arbitrary code execution on the affected system. | ||||
| CVE-2025-14831 | 2 Red Hat, Redhat | 14 Enterprise Linux, Ai Inference Server, Ceph Storage and 11 more | 2026-06-10 | 5.3 Medium |
| A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). | ||||
| CVE-2025-14512 | 2 Gnome, Redhat | 13 Glib, Ai Inference Server, Enterprise Linux and 10 more | 2026-06-10 | 6.5 Medium |
| A flaw was found in glib. This vulnerability allows a heap buffer overflow and denial-of-service (DoS) via an integer overflow in GLib's GIO (GLib Input/Output) escape_byte_string() function when processing malicious file or remote filesystem attribute values. | ||||
| CVE-2026-41727 | 2 Spring, Vmware | 2 Spring For Apache Kafka, Spring For Apache Kafka | 2026-06-10 | 6.5 Medium |
| Spring Kafka's retry topic infrastructure did not sufficiently validate user-controlled header values before acting on them. A producer could send a record with a crafted retry_topic-attempts header to supply an out-of-range attempt count and cause the retry topic router to misidentify where the message was in the retry sequence. Affected versions: Spring for Apache Kafka 4.0.0 through 4.0.5; 3.3.0 through 3.3.15; 3.2.0 through 3.2.13; 2.9.0 through 2.9.13; 2.8.0 through 2.8.11. | ||||
| CVE-2026-5201 | 2 Gnome, Redhat | 12 Gdk-pixbuf, Ai Inference Server, Enterprise Linux and 9 more | 2026-06-10 | 7.5 High |
| A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions. | ||||
| CVE-2026-4775 | 3 Debian, Libtiff, Redhat | 13 Debian Linux, Libtiff, Ai Inference Server and 10 more | 2026-06-10 | 7.8 High |
| A flaw was found in the libtiff library. A remote attacker could exploit a signed integer overflow vulnerability in the putcontig8bitYCbCr44tile function by providing a specially crafted TIFF file. This flaw can lead to an out-of-bounds heap write due to incorrect memory pointer calculations, potentially causing a denial of service (application crash) or arbitrary code execution. | ||||
| CVE-2026-4424 | 2 Libarchive, Redhat | 21 Libarchive, Ai Inference Server, Discovery and 18 more | 2026-06-10 | 7.5 High |
| A flaw was found in libarchive. This heap out-of-bounds read vulnerability exists in the RAR archive processing logic due to improper validation of the LZSS sliding window size after transitions between compression methods. A remote attacker can exploit this by providing a specially crafted RAR archive, leading to the disclosure of sensitive heap memory information without requiring authentication or user interaction. | ||||
| CVE-2026-4111 | 1 Redhat | 11 Ai Inference Server, Discovery, Enterprise Linux and 8 more | 2026-06-10 | 7.5 High |
| A flaw was identified in the RAR5 archive decompression logic of the libarchive library, specifically within the archive_read_data() processing path. When a specially crafted RAR5 archive is processed, the decompression routine may enter a state where internal logic prevents forward progress. This condition results in an infinite loop that continuously consumes CPU resources. Because the archive passes checksum validation and appears structurally valid, affected applications cannot detect the issue before processing. This can allow attackers to cause persistent denial-of-service conditions in services that automatically process archives. | ||||
| CVE-2025-14087 | 2 Gnome, Redhat | 13 Glib, Ai Inference Server, Enterprise Linux and 10 more | 2026-06-10 | 5.6 Medium |
| A flaw was found in GLib (Gnome Lib). This vulnerability allows a remote attacker to cause heap corruption, leading to a denial of service or potential code execution via a buffer-underflow in the GVariant parser when processing maliciously crafted input strings. | ||||
| CVE-2023-52356 | 2 Libtiff, Redhat | 6 Libtiff, Ai Inference Server, Discovery and 3 more | 2026-06-10 | 7.5 High |
| A segment fault (SEGV) flaw was found in libtiff that could be triggered by passing a crafted tiff file to the TIFFReadRGBATileExt() API. This flaw allows a remote attacker to cause a heap-buffer overflow, leading to a denial of service. | ||||
| CVE-2026-48563 | 1 Microsoft | 18 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 15 more | 2026-06-10 | 7.5 High |
| Heap-based buffer overflow in Remote Desktop Client allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-41728 | 1 Spring | 1 Spring Data Rest | 2026-06-10 | 7.5 High |
| Spring Data REST's JSON Patch (application/json-patch+json) implementation does not apply the write-access filter to intermediate path segments when resolving a multi-segment JSON Pointer. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | ||||
| CVE-2026-25700 | 1 Apache | 1 Answer | 2026-06-10 | 7.2 High |
| Improper Restriction of Security Token Assignment vulnerability in Apache Answer. This issue affects Apache Answer: through 2.0.0. Previously issued administrative tokens were not invalidated after an administrator account was suspended, deleted, or deactivated, allowing continued access to administrative APIs until the token expired. Users are recommended to upgrade to version 2.0.1, which fixes the issue. | ||||
| CVE-2026-45566 | 1 Roxy-wi | 1 Roxy-wi | 2026-06-10 | 6.1 Medium |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the login flow allow-lists next URLs by rejecting strings containing https:// or http:// substrings, then constructs https://{request.host}{next_url} and the JS client redirects via window.location.replace(). The block does not consider the userinfo@host syntax. next=@evil.example/path produces https://victim.example@evil.example/path, which all modern browsers route to evil.example. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-41730 | 1 Spring | 1 Spring Data Rest | 2026-06-10 | 5.3 Medium |
| Spring Data REST serializes the full exception cause chain into HTTP error response bodies, potentially exposing persistence-layer internals to HTTP clients. Affected versions: Spring Data REST 3.7.0 through 3.7.19; 4.3.0 through 4.3.16; 4.4.0 through 4.4.14; 4.5.0 through 4.5.11; 5.0.0 through 5.0.5. | ||||
| CVE-2026-48566 | 1 Microsoft | 8 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 5 more | 2026-06-10 | 5.5 Medium |
| Out-of-bounds read in Windows DWM Core Library allows an authorized attacker to disclose information locally. | ||||