Export limit exceeded: 340426 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340426 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32633 | 1 Nicolargo | 1 Glances | 2026-03-24 | 9.1 Critical |
| Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, the `/api/4/serverslist` endpoint returns raw server objects from `GlancesServersList.get_servers_list()`. Those objects are mutated in-place during background polling and can contain a `uri` field with embedded HTTP Basic credentials for downstream Glances servers, using the reusable pbkdf2-derived Glances authentication secret. If the front Glances Browser/API instance is started without `--password`, which is supported and common for internal network deployments, `/api/4/serverslist` is completely unauthenticated. Any network user who can reach the Browser API can retrieve reusable credentials for protected downstream Glances servers once they have been polled by the browser instance. Version 4.5.2 fixes the issue. | ||||
| CVE-2026-32634 | 1 Nicolargo | 1 Glances | 2026-03-24 | 8.1 High |
| Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.2, in Central Browser mode, Glances stores both the Zeroconf-advertised server name and the discovered IP address for dynamic servers, but later builds connection URIs from the untrusted advertised name instead of the discovered IP. When a dynamic server reports itself as protected, Glances also uses that same untrusted name as the lookup key for saved passwords and the global `[passwords] default` credential. An attacker on the same local network can advertise a fake Glances service over Zeroconf and cause the browser to automatically send a reusable Glances authentication secret to an attacker-controlled host. This affects the background polling path and the REST/WebUI click-through path in Central Browser mode. Version 4.5.2 fixes the issue. | ||||
| CVE-2026-27135 | 1 Nghttp2 | 1 Nghttp2 | 2026-03-24 | 7.5 High |
| nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available. | ||||
| CVE-2026-20726 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-62403 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-65119 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-66042 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-66503 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-61952 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-47873 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-66617 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-58427 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-66633 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-64735 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-64776 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-64301 | 1 Canva | 1 Affinity | 2026-03-24 | 7.8 High |
| An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution. | ||||
| CVE-2025-66000 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-64733 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-61979 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||
| CVE-2025-62500 | 1 Canva | 1 Affinity | 2026-03-24 | 6.1 Medium |
| An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. | ||||