Export limit exceeded: 345030 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345030 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1880 | 1 Asus | 1 Driverhub | 2026-04-16 | N/A |
| An Incorrect Permission Assignment for Critical Resource vulnerability in the ASUS DriverHub update process allows privilege escalation due to improper protection of required execution resources during the validation phase, permitting a local user to make unprivileged modifications. This allows the altered resource to pass system checks and be executed with elevated privileges upon a user-initiated update. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-3428 | 1 Asus | 1 Member Center | 2026-04-16 | N/A |
| A Download of Code Without Integrity Check vulnerability in the update modules in ASUS Member Center(华硕大厅) allows a local user to achieve privilege escalation to Administrator via exploitation of a Time-of-check Time-of-use (TOC-TOU) during the update process, where an unexpected payload is substituted for a legitimate one immediately after download, and subsequently executed with administrative privileges upon user consent. Refer to the 'Security Update for ASUS Member Center' section on the ASUS Security Advisory for more information. | ||||
| CVE-2026-41030 | 1 Ascensio | 1 Onlyoffice Desktopeditors | 2026-04-16 | 6.2 Medium |
| In ONLYOFFICE DesktopEditors before 9.3.0, the update service allows attackers to perform actions on files with SYSTEM privileges. | ||||
| CVE-2026-3861 | 1 Line Corporation | 1 Line Client For Ios | 2026-04-16 | 6.5 Medium |
| LINE client for iOS versions prior to 26.3.0 contains a vulnerability in the in-app browser where opening a crafted web page can repeatedly trigger OS-level dialogs, potentially causing the iOS device to become temporarily inoperable. | ||||
| CVE-2026-41034 | 1 Onlyoffice | 1 Document Server | 2026-04-16 | 5 Medium |
| ONLYOFFICE DocumentServer before 9.3.0 has an untrusted pointer dereference in XLS processing/conversion (via pictFmla.cbBufInCtlStm and other vectors), leading to an information leak and ASLR bypass. | ||||
| CVE-2025-6024 | 1 Wso2 | 2 Wso2 Api Manager, Wso2 Identity Server | 2026-04-16 | 6.1 Medium |
| The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious website, manipulation of the web page's user interface, or the retrieval of information from the browser. However, session hijacking is not possible due to the httpOnly flag protecting session-related cookies. | ||||
| CVE-2026-28550 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4 Medium |
| Race condition vulnerability in the security control module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28552 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-16 | 6.5 Medium |
| Out-of-bounds write vulnerability in the IMS module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28538 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 5.9 Medium |
| Path traversal vulnerability in the certificate management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28540 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4 Medium |
| Out-of-bounds character read vulnerability in Bluetooth. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-28541 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4 Medium |
| Permission control vulnerability in the cellular_data module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28543 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4.4 Medium |
| Race condition vulnerability in the maintenance and diagnostics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28546 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 5.9 Medium |
| Buffer overflow vulnerability in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28547 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 6.8 Medium |
| Vulnerability of uninitialized pointer access in the scanning module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28551 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4.7 Medium |
| Race condition vulnerability in the device security management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-28548 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-16 | 7.1 High |
| Vulnerability of improper verification in the email application. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-3236 | 1 Octopus | 1 Octopus Server | 2026-04-16 | 4.3 Medium |
| In affected versions of Octopus Server it was possible to create a new API key from an existing access token resulting in the new API key having a lifetime exceeding the original API key used to mint the access token. | ||||
| CVE-2026-27750 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-16 | 7.8 High |
| Avira Internet Security contains a time-of-check time-of-use (TOCTOU) vulnerability in the Optimizer component. A privileged service running as SYSTEM identifies directories for cleanup during a scan phase and subsequently deletes them during a separate cleanup phase without revalidating the target path. A local attacker can replace a previously scanned directory with a junction or reparse point before deletion occurs, causing the privileged process to delete an unintended system location. This may result in deletion of protected files or directories and can lead to local privilege escalation, denial of service, or system integrity compromise depending on the affected target. | ||||
| CVE-2026-30791 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-04-16 | 7.5 High |
| Use of a Broken or Risky Cryptographic Algorithm vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android, WebClient (Config import, URI scheme handler, CLI --config modules) allows Retrieve Embedded Sensitive Data. This vulnerability is associated with program files flutter/lib/common.Dart, hbb_common/src/config.Rs and program routines parseRustdeskUri(), importConfig(). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30795 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-04-16 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop modules) allows Sniffing Attacks. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines Heartbeat JSON payload construction (preset-address-book-password). This issue affects RustDesk Client: through 1.4.5. | ||||