Export limit exceeded: 344276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33783 | 1 Juniper Networks | 1 Junos Os Evolved | 2026-04-13 | 6.5 Medium |
| A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO. | ||||
| CVE-2026-33784 | 1 Juniper Networks | 1 Jsi Lwc | 2026-04-13 | 9.8 Critical |
| A Use of Default Password vulnerability in the Juniper Networks Support Insights (JSI) Virtual Lightweight Collector (vLWC) allows an unauthenticated, network-based attacker to take full control of the device. vLWC software images ship with an initial password for a high privileged account. A change of this password is not enforced during the provisioning of the software, which can make full access to the system by unauthorized actors possible.This issue affects all versions of vLWC before 3.0.94. | ||||
| CVE-2026-33785 | 1 Juniper Networks | 1 Junos Os | 2026-04-13 | 8.8 High |
| A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4. | ||||
| CVE-2026-33787 | 1 Juniper Networks | 1 Junos Os | 2026-04-13 | 5.5 Medium |
| An Improper Check for Unusual or Exceptional Conditions vulnerability in the chassis control daemon (chassisd) of Juniper Networks Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600 allows a local attacker with low privileges to cause a complete Denial of Service (DoS). When a specific 'show chassis' CLI command is executed, chassisd crashes and restarts which causes a momentary impact to all traffic until all modules are online again. This issue affects Junos OS on SRX1500, SRX4100, SRX4200 and SRX4600: * 23.2 versions before 23.2R2-S6, * 23.4 versions before 23.4R2-S7 * 24.2 versions before 24.2R2-S2, * 24.4 versions before 24.4R2, * 25.2 versions before 25.2R1-S1, 25.2R2. | ||||
| CVE-2026-33791 | 1 Juniper Networks | 2 Junos Os, Junos Os Evolved | 2026-04-13 | 6.7 Medium |
| An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inject arbitrary shell commands as root, leading to a complete compromise of the system. Certain 'set system' commands, when executed with crafted arguments, are not properly sanitized, allowing for arbitrary shell injection. These shell commands are executed as root, potentially allowing for complete control of the vulnerable system. This issue affects: Junos OS: * all versions before 22.4R3-S8, * from 23.2 before 23.2R2-S5, * from 23.4 before 23.4R2-S7, * from 24.2 before 24.2R2-S2, * from 24.4 before 24.4R2, * from 25.2 before 25.2R2; Junos OS Evolved: * all versions before 22.4R3-S8-EVO, * from 23.2 before 23.2R2-S5-EVO, * from 23.4 before 23.4R2-S7-EVO, * from 24.2 before 24.2R2-S2-EVO, * from 24.4 before 24.4R2-EVO, * from 25.2 before 25.2R1-S1-EVO, 25.2R2-EVO. | ||||
| CVE-2018-25258 | 1 R-project | 1 Rgui | 2026-04-13 | 8.4 High |
| RGui 3.5.0 contains a local buffer overflow vulnerability in the GUI preferences dialog that allows attackers to bypass DEP protections through structured exception handling exploitation. Attackers can craft malicious input in the Language for menus and messages field to trigger a stack-based buffer overflow, execute a ROP chain for VirtualAlloc allocation, and achieve arbitrary code execution. | ||||
| CVE-2019-25699 | 1 Newsbull | 1 Newsbull Haber Script | 2026-04-13 | 7.1 High |
| Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data. | ||||
| CVE-2019-25708 | 1 Heatmiser | 1 Heatmiser Wifi Thermostat | 2026-04-13 | 4.3 Medium |
| Heatmiser Wifi Thermostat 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting the networkSetup.htm endpoint with parameters usnm, usps, and cfps to modify the admin username and password without user consent. | ||||
| CVE-2026-25204 | 1 Samsung Open Source | 1 Escargot | 2026-04-13 | 6.2 Medium |
| Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 | ||||
| CVE-2026-6179 | 1 Fpt Software | 1 Nightwolf Penetration Testing Platform | 2026-04-13 | N/A |
| Stored Cross Site Scripting in NightWolf Penetration Testing Platform allows attack trigger and run malicious script in user's browser | ||||
| CVE-2026-34850 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 1.9 Low |
| Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34851 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 2.2 Low |
| Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34852 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 6.1 Medium |
| Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34860 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 4.1 Medium |
| Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-40446 | 1 Samsung Open Source | 1 Escargot | 2026-04-13 | 6.9 Medium |
| Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||||
| CVE-2026-21003 | 2 Samsung, Samsung Mobile | 2 Mobile Devices, Samsung Mobile Devices | 2026-04-13 | N/A |
| Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions. | ||||
| CVE-2026-21009 | 2 Samsung, Samsung Mobile | 2 Mobile Devices, Samsung Mobile Devices | 2026-04-13 | N/A |
| Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning. | ||||
| CVE-2026-5873 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-13 | 8.8 High |
| Out of bounds read and write in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2025-5804 | 2 Case-themes, Wordpress | 2 Case Theme User, Wordpress | 2026-04-13 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Case Themes Case Theme User allows PHP Local File Inclusion.This issue affects Case Theme User: from n/a before 1.0.4. | ||||
| CVE-2025-58913 | 2 Cactusthemes, Wordpress | 2 Videopro, Wordpress | 2026-04-13 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CactusThemes VideoPro allows PHP Local File Inclusion.This issue affects VideoPro: from n/a through 2.3.8.1. | ||||