Export limit exceeded: 25155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26121 | 1 Microsoft | 1 Azure Iot Explorer | 2026-04-14 | 7.5 High |
| Server-side request forgery (ssrf) in Azure IoT Explorer allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-20967 | 1 Microsoft | 4 System Center Operations Manager, System Center Operations Manager 2019, System Center Operations Manager 2022 and 1 more | 2026-04-14 | 8.8 High |
| Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-25186 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-14 | 5.5 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-6160 | 1 Code-projects | 1 Simple Chatbox | 2026-04-14 | 5.3 Medium |
| A vulnerability was found in code-projects Simple ChatBox 1.0. Affected by this issue is the function SimpleChatbox_PHP of the file chatbox.sql of the component Endpoint. Performing a manipulation results in file and directory information exposure. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-64759 | 2 Homarr, Homarr-labs | 2 Homarr, Homarr | 2026-04-14 | 8.1 High |
| Homarr is an open-source dashboard. Prior to version 1.43.3, stored XSS vulnerability exists, allowing the execution of arbitrary JavaScript in a user's browser, with minimal or no user interaction required, due to the rendering of a malicious uploaded SVG file. This could be abused to add an attacker's account to the "credentials-admin" group, giving them full administrative access, if a user logged in as an administrator was to view the page which renders or redirects to the SVG. This issue has been patched in version 1.43.3. | ||||
| CVE-2025-67476 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-14 | 4.3 Medium |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Import/ImportableOldRevisionImporter.Php. This issue affects MediaWiki: from * before 1.44.3, 1.45.1. | ||||
| CVE-2025-67480 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-14 | 6.5 Medium |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryRevisionsBase.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | ||||
| CVE-2025-67484 | 2 Mediawiki, Wikimedia | 2 Mediawiki, Mediawiki | 2026-04-14 | 9.8 Critical |
| Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiFormatXml.Php. This issue affects MediaWiki: from * before 1.39.16, 1.43.6, 1.44.3, 1.45.1. | ||||
| CVE-2020-26146 | 4 Arista, Redhat, Samsung and 1 more | 39 C-100, C-100 Firmware, C-110 and 36 more | 2026-04-14 | 5.3 Medium |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. | ||||
| CVE-2020-26145 | 3 Redhat, Samsung, Siemens | 27 Enterprise Linux, Galaxy I9305, Galaxy I9305 Firmware and 24 more | 2026-04-14 | 6.5 Medium |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | ||||
| CVE-2020-26144 | 4 Arista, Redhat, Samsung and 1 more | 37 C-100, C-100 Firmware, C-110 and 34 more | 2026-04-14 | 6.5 Medium |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | ||||
| CVE-2020-26143 | 4 Alfa, Arista, Redhat and 1 more | 13 Awus036h, Awus036h Firmware, C-65 and 10 more | 2026-04-14 | 6.5 Medium |
| An issue was discovered in the ALFA Windows 10 driver 1030.36.604 for AWUS036ACH. The WEP, WPA, WPA2, and WPA3 implementations accept fragmented plaintext frames in a protected Wi-Fi network. An adversary can abuse this to inject arbitrary data frames independent of the network configuration. | ||||
| CVE-2020-24588 | 9 Arista, Cisco, Debian and 6 more | 351 C-100, C-100 Firmware, C-110 and 348 more | 2026-04-14 | 3.5 Low |
| The 802.11 standard that underpins Wi-Fi Protected Access (WPA, WPA2, and WPA3) and Wired Equivalent Privacy (WEP) doesn't require that the A-MSDU flag in the plaintext QoS header field is authenticated. Against devices that support receiving non-SSP A-MSDU frames (which is mandatory as part of 802.11n), an adversary can abuse this to inject arbitrary network packets. | ||||
| CVE-2026-3691 | 1 Openclaw | 1 Openclaw | 2026-04-13 | N/A |
| OpenClaw Client PKCE Verifier Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose stored credentials on affected installations of OpenClaw. User interaction is required to exploit this vulnerability in that the target must initiate an OAuth authorization flow. The specific flaw exists within the implementation of OAuth authorization. The issue results from the exposure of sensitive data in the authorization URL query string. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-29381. | ||||
| CVE-2026-39912 | 2 Cedar2025, V2board | 2 Xboard, V2board | 2026-04-13 | 9.1 Critical |
| V2Board 1.6.1 through 1.7.4 and Xboard through 0.1.9 expose authentication tokens in HTTP response bodies of the loginWithMailLink endpoint when the login_with_mail_link_enable feature is active. Unauthenticated attackers can POST to the loginWithMailLink endpoint with a known email address to receive the full authentication URL in the response, then exchange the token at the token2Login endpoint to obtain a valid bearer token with complete account access including admin privileges. | ||||
| CVE-2026-0888 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-13 | 5.3 Medium |
| Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | ||||
| CVE-2026-0883 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 5.3 Medium |
| Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||||
| CVE-2026-0878 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8 High |
| Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebGL component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||||
| CVE-2026-0818 | 1 Mozilla | 1 Thunderbird | 2026-04-13 | 4.3 Medium |
| When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1. | ||||
| CVE-2025-8039 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-13 | 8.1 High |
| In some cases search terms persisted in the URL bar even after navigating away from the search page. This vulnerability was fixed in Firefox 141, Firefox ESR 140.1, Thunderbird 141, and Thunderbird 140.1. | ||||