Search

Search Results (362578 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-45779 2 Gnu, Redhat 3 Grub2, Enterprise Linux, Openshift 2026-06-29 6 Medium
An integer overflow flaw was found in the BFS file system driver in grub2. When reading a file with an indirect extent map, grub2 fails to validate the number of extent entries to be read. A crafted or corrupted BFS filesystem may cause an integer overflow during the file reading, leading to a heap of bounds read. As a consequence, sensitive data may be leaked, or grub2 will crash.
CVE-2024-45778 2 Gnu, Redhat 4 Grub2, Enterprise Linux, Openshift and 1 more 2026-06-29 4.1 Medium
A stack overflow flaw was found when reading a BFS file system. A crafted BFS filesystem may lead to an uncontrolled loop, causing grub2 to crash.
CVE-2024-45777 2 Gnu, Redhat 3 Grub2, Enterprise Linux, Openshift 2026-06-29 6.7 Medium
A flaw was found in grub2. The calculation of the translation buffer when reading a language .mo file in grub_gettext_getstr_from_position() may overflow, leading to a Out-of-bound write. This issue can be leveraged by an attacker to overwrite grub2's sensitive heap data, eventually leading to the circumvention of secure boot protections.
CVE-2024-45776 1 Redhat 2 Enterprise Linux, Openshift 2026-06-29 6.7 Medium
When reading the language .mo file in grub_mofile_open(), grub2 fails to verify an integer overflow when allocating its internal buffer. A crafted .mo file may lead the buffer size calculation to overflow, leading to out-of-bound reads and writes. This flaw allows an attacker to leak sensitive data or overwrite critical data, possibly circumventing secure boot protections.
CVE-2024-45774 1 Redhat 2 Enterprise Linux, Openshift 2026-06-29 6.7 Medium
A flaw was found in grub2. A specially crafted JPEG file can cause the JPEG parser of grub2 to incorrectly check the bounds of its internal buffers, resulting in an out-of-bounds write. The possibility of overwriting sensitive information to bypass secure boot protections is not discarded.
CVE-2026-57340 2 Shoheitanaka, Wordpress 2 Japanized For Woocommerce, Wordpress 2026-06-29 6.5 Medium
Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions.
CVE-2026-13573 1 Llvm 1 Llvm-project 2026-06-29 3.3 Low
A vulnerability was found in llvm llvm-project up to 22.1.6. This affects the function llvm::StringMap::insert in the library /lib/IR/ValueSymbolTable.cpp of the component ValueSymbolTable Module. The manipulation results in stack-based buffer overflow. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2026-57327 2 Mainwp, Wordpress 2 Mainwp, Wordpress 2026-06-29 6.3 Medium
Subscriber Broken Access Control in MainWP <= 6.1.1 versions.
CVE-2026-57332 2 Wordpress, Wpswings 2 Wordpress, Wallet System For Woocommerce 2026-06-29 7.1 High
Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions.
CVE-2026-57997 1 Strapi 1 Strapi 2026-06-29 4.8 Medium
Strapi users-permissions plugin fails to restrict JWT algorithms when plugin::users-permissions.jwt.algorithm is not explicitly configured, allowing acceptance of HS384 and HS512 tokens alongside HS256. Attackers possessing the jwtSecret can mint tokens with non-standard HMAC variants to bypass algorithm restrictions and weaken authentication controls.
CVE-2026-53429 1 Leandrocp 2 Mdex, Mdex Native 2026-06-29 N/A
Missing Release of Memory after Effective Lifetime vulnerability in leandrocp mdex and mdex_native allows an attacker who controls a rendered document to cause a denial of service through unbounded native memory exhaustion. The native rendering code permanently leaks memory when rendering a document that contains escaped-tag nodes. The conversion of each %MDEx.EscapedTag{} node into its native representation (From<ExEscapedTag> for NodeValue in the Rust NIF) calls Box::leak on the caller-supplied literal string, which surrenders the backing allocation so that it lives for the entire lifetime of the operating system process and is never freed. Both the byte length of each literal and the number of escaped-tag nodes in a document are attacker-controlled, and there is no size cap, rate limit, or string interning on this path. Every render of a document containing escaped-tag nodes therefore leaks literal_size x node_count bytes that can never be reclaimed, and repeated renders accumulate without bound. Rendering reaches this path through the public MDEx.to_html/1 entry point and any other API that renders a supplied %MDEx.Document{}. Any application that uses mdex (or mdex_native directly) to render documents derived from user-supplied content is affected. Because the leaked memory is never reclaimed for the life of the BEAM process, an attacker can drive resident memory upward without limit until the node exhausts memory and crashes, taking down every process on it. The vulnerable native code originally shipped inside mdex (in native/comrak_nif/src/types/document.rs) and was later extracted into the separate mdex_native package (native/mdex_native_nif/src/types/document.rs), where it remains unpatched. This issue affects mdex from 0.11.0 before 0.12.3, and mdex_native from 0.1.0 before 0.2.3.
CVE-2026-54888 1 Leandrocp 2 Mdex, Mdex Native 2026-06-29 N/A
Uncontrolled Recursion vulnerability in leandrocp mdex allows denial of service via deeply nested Markdown input. mdex converts between an Elixir %MDEx.Document{} struct and Comrak's internal AST using two mutually recursive Rust functions, ex_document_to_comrak_ast and comrak_ast_to_ex_document, in the NIF source file document.rs. Neither function enforces a maximum nesting depth, so the recursion depth is bounded only by the structure of the input. An attacker who can get a Markdown document rendered (for example through MDEx.parse_document!/1 or MDEx.to_html/1) can supply a document with thousands of nested block quotes, which drives unbounded recursion across the NIF boundary and exhausts the native C stack. Because the resulting stack overflow is an uncatchable SIGSEGV raised inside a NIF, it cannot be contained by the Erlang runtime. It terminates the operating system process running the BEAM, killing every Elixir and Erlang process on the node, not just the caller that triggered the render. No authentication or special privileges are required. The vulnerable conversion code was extracted from mdex into the separate mdex_native package starting in mdex 0.12.3. This issue affects mdex from 0.3.0 before 0.12.3 and mdex_native from 0.1.0 before 0.2.3.
CVE-2026-57320 2 Realmag777, Wordpress 2 Bear, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions.
CVE-2026-57337 2 Pluginops, Wordpress 2 Landing Page Builder, Wordpress 2026-06-29 7.1 High
Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions.
CVE-2026-42010 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-06-29 7.1 High
A flaw was found in gnutls. Servers configured with RSA-PSK (Rivest–Shamir–Adleman – Pre-Shared Key) wrongfully matched usernames containing a NUL character with truncated usernames. A remote attacker could exploit this by sending a specially crafted username, leading to an authentication bypass. This vulnerability allows an attacker to gain unauthorized access by circumventing the authentication process.
CVE-2026-33846 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-06-29 7.5 High
A heap buffer overflow vulnerability exists in the DTLS handshake fragment reassembly logic of GnuTLS. The issue arises in merge_handshake_packet() where incoming handshake fragments are matched and merged based solely on handshake type, without validating that the message_length field remains consistent across all fragments of the same logical message. An attacker can exploit this by sending crafted DTLS fragments with conflicting message_length values, causing the implementation to allocate a buffer based on a smaller initial fragment and subsequently write beyond its bounds using larger, inconsistent fragments. Because the merge operation does not enforce proper bounds checking against the allocated buffer size, this results in an out-of-bounds write on the heap. The vulnerability is remotely exploitable without authentication via the DTLS handshake path and can lead to application crashes or potential memory corruption.
CVE-2026-33845 2 Gnu, Redhat 14 Gnutls, Discovery, Enterprise Linux and 11 more 2026-06-29 7.5 High
A flaw in GnuTLS DTLS handshake parsing allows malformed fragments with zero length and non-zero offset, leading to an integer underflow during reassembly and resulting in an out-of-bounds read. This issue is remotely exploitable and may cause information disclosure or denial of service.
CVE-2025-49796 1 Redhat 16 Cert Manager, Discovery, Enterprise Linux and 13 more 2026-06-29 9.1 Critical
A vulnerability was found in libxml2. Processing certain sch:name elements from the input XML file can trigger a memory corruption issue. This flaw allows an attacker to craft a malicious XML input file that can lead libxml to crash, resulting in a denial of service or other possible undefined behavior due to sensitive data being corrupted in memory.
CVE-2025-49794 1 Redhat 15 Cert Manager, Enterprise Linux, Hummingbird and 12 more 2026-06-29 9.1 Critical
A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the <sch:name path="..."/> schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program's crash using libxml or other possible undefined behaviors.
CVE-2026-53426 1 Leandrocp 1 Mdex 2026-06-29 N/A
Allocation of Resources Without Limits or Throttling vulnerability in leandrocp MDEx allows Excessive Allocation. MDEx.parse_document/2 accepts a {:json, json} source. In lib/mdex.ex, the private json_to_node/1 function passes the attacker-controlled node_type value to Module.concat/1, which calls String.to_atom/1 and interns a brand-new atom for every distinct value. Atoms are never garbage collected on the BEAM, so a crafted JSON document carrying a unique node_type at each (deeply nested) node mints one permanent atom per node. A single document can intern hundreds of thousands of atoms, and a large enough document exhausts the default atom table (around 1,048,576 atoms) and aborts the entire Erlang VM, taking down every process on the node. Any application that passes untrusted input to the {:json, ...} source of MDEx.parse_document is exposed to an unauthenticated denial-of-service. This issue affects mdex from 0.4.3 before 0.13.2.