Export limit exceeded: 344698 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344698 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33166 | 2 Allure-framework, Qameta | 2 Allure2, Allure Report | 2026-04-14 | 8.6 High |
| Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. The Allure report generator prior to version 2.38.0 is vulnerable to an arbitrary file read via path traversal when processing test results. An attacker can craft a malicious result file (-result.json, -container.json, or .plist) that points an attachment source to a sensitive file on the host system. During report generation, Allure will resolve these paths and include the sensitive files in the final report. Version 2.38.0 fixes the issue. | ||||
| CVE-2026-32887 | 2 Effect Project, Effectful | 2 Effect, Effect | 2026-04-14 | 7.4 High |
| Effect is a TypeScript framework that consists of several packages that work together to help build TypeScript applications. Prior to version 3.20.0, when using `RpcServer.toWebHandler` (or `HttpApp.toWebHandlerRuntime`) inside a Next.js App Router route handler, any Node.js `AsyncLocalStorage`-dependent API called from within an Effect fiber can read another concurrent request's context — or no context at all. Under production traffic, `auth()` from `@clerk/nextjs/server` returns a different user's session. Version 3.20.0 contains a fix for the issue. | ||||
| CVE-2026-32178 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2026-04-14 | 7.5 High |
| Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32181 | 1 Microsoft | 9 Windows 10 21h2, Windows 10 22h2, Windows 11 23h2 and 6 more | 2026-04-14 | 5.5 Medium |
| Improper privilege management in Microsoft Windows allows an authorized attacker to deny service locally. | ||||
| CVE-2026-32168 | 1 Microsoft | 1 Azure Monitor Agent | 2026-04-14 | 7.8 High |
| Improper input validation in Azure Monitor Agent allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32158 | 1 Microsoft | 11 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 8 more | 2026-04-14 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Push Notifications allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32203 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2026-04-14 | 7.5 High |
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-32154 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-14 | 7.8 High |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32090 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-14 | 7.8 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Speech Brokered Api allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32082 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21331 | 2026-04-14 | 6.1 Medium | ||
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | ||||
| CVE-2026-34615 | 2026-04-14 | 9.3 Critical | ||
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user interaction. Scope is changed. | ||||
| CVE-2026-39542 | 2 Doofinder, Wordpress | 2 Doofinder For Woocommerce, Wordpress | 2026-04-14 | N/A |
| Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13. | ||||
| CVE-2026-34625 | 2026-04-14 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | ||||
| CVE-2026-34623 | 2026-04-14 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | ||||
| CVE-2026-34624 | 2026-04-14 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | ||||
| CVE-2026-27664 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-04-14 | 7.5 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition. | ||||
| CVE-2026-27663 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Rtum85 rtu Base | 2026-04-14 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. | ||||
| CVE-2026-24069 | 1 Kiuwan | 1 Sast | 2026-04-14 | 5.4 Medium |
| Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4. | ||||
| CVE-2026-33155 | 2 Qluster, Seperman | 2 Deepdiff, Deepdiff | 2026-04-14 | 7.5 High |
| DeepDiff is a project focused on Deep Difference and search of any Python data. From version 5.0.0 to before version 8.6.2, the pickle unpickler _RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFE_TO_IMPORT have constructors that allocate memory proportional to their input (builtins.bytes, builtins.list, builtins.range). A 40-byte pickle payload can force 10+ GB of memory, which crashes applications that load delta objects or call pickle_load with untrusted data. This issue has been patched in version 8.6.2. | ||||