Common Vulnerabilities and Exposures (CVE)

CVE-2026-7451

May 27, 2026 03:55:53 UTC

A maliciously crafted TIF file, when parsed through Autodesk 3ds Max, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in th...

CVE-2026-7452

May 27, 2026 03:55:52 UTC

A maliciously crafted WRL file, when parsed through Autodesk 3ds Max, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2026-9560

May 27, 2026 03:55:51 UTC

Privilege escalation via background service of OpenVPN Connect 3.5.1 through 3.8.1 on macOS allows attackers to execute arbitrary commands with elevated privileges via local IPC channel

CVE-2026-48899

May 27, 2026 03:55:50 UTC

An improper access check allows privilege escalation through the com_users batch task.

CVE-2026-35223

May 27, 2026 03:55:48 UTC

An improper access check allows unauthorized access to com_config webservice endpoints.

CVE-2026-48831

May 27, 2026 03:55:47 UTC

Wine ships a .desktop file that registers itself as a MIME handler for EXE files and several other Windows executable file types. In some configurations, handling of an EXE file causes that file to be blindly executed with the permissions o...

CVE-2026-48904

May 27, 2026 03:55:46 UTC

An improper access check allows privelege escalation through the com_users group editing webservice endpoint.

CVE-2026-48898

May 27, 2026 03:55:45 UTC

An improper access check allows privilege escalation through the com_users batch task.

CVE-2026-3294

May 27, 2026 03:55:44 UTC

An authentication logic vulnerability in multiple TP-Link range extenders allows an unauthenticated attacker on an adjacent network to manipulate a login parameter and reset the administrator password due to insufficient validation. Succes...

CVE-2026-4480

May 27, 2026 03:55:42 UTC

A flaw was found in the Samba printing subsystem. Samba passes the client-controlled job description string to the command configured with the "print command" setting via the "%J" substitution character without escaping shell meta character...

CVE-2026-27768

May 27, 2026 03:55:41 UTC

SQL Injection affecting the Access Manager role.

CVE-2026-40033

May 27, 2026 03:55:40 UTC

FreeRDP before 3.26.0 contains a heap-buffer-overflow vulnerability in gdi_CacheToSurface that allows remote attackers to write out-of-bounds heap memory. The vulnerability occurs because rectangle validation clamps coordinates to UINT16_MA...

CVE-2026-7374

May 27, 2026 03:55:39 UTC

A flaw was found in KubeVirt's virt-handler component. This vulnerability allows an authenticated OpenShift user with edit permissions in a single namespace to exploit improper symlink validation when connecting to virtual machine console s...

CVE-2026-5843

May 27, 2026 03:55:38 UTC

The MLX inference backend in Docker Model Runner on macOS uses the MLX-LM library, which unconditionally imports and executes arbitrary Python files from model directories via the model_file configuration field in config.json. When a model'...

CVE-2026-5817

May 27, 2026 03:55:37 UTC

The vllm-metal inference backend in Docker Model Runner on macOS unconditionally sets trust_remote_code=True when loading model tokenizers, and runs without sandboxing. This causes transformers.AutoTokenizer.from_pretrained() to import and ...