Export limit exceeded: 344799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344799 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344799 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32080 | 1 Microsoft | 9 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 6 more | 2026-04-15 | 7 High |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32171 | 1 Microsoft | 1 Azure Logic Apps | 2026-04-15 | 8.8 High |
| Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32176 | 1 Microsoft | 15 Microsoft Sql Server 2016 Service Pack 3 (gdr), Microsoft Sql Server 2016 Service Pack 3 Azure Connect Feature Pack, Microsoft Sql Server 2017 (cu 31) and 12 more | 2026-04-15 | 6.7 Medium |
| Improper neutralization of special elements used in an sql command ('sql injection') in SQL Server allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32190 | 1 Microsoft | 7 365 Apps, Office 2016, Office 2019 and 4 more | 2026-04-15 | 8.4 High |
| Use after free in Microsoft Office allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32196 | 1 Microsoft | 1 Windows Admin Center | 2026-04-15 | 6.1 Medium |
| Improper neutralization of input during web page generation ('cross-site scripting') in Windows Admin Center allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-32197 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32198 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-32199 | 1 Microsoft | 8 365 Apps, Excel 2016, Office 2019 and 5 more | 2026-04-15 | 7.8 High |
| Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-39399 | 1 Nuget | 1 Nugetgallery | 2026-04-15 | 9.6 Critical |
| NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package metadata injection that may result in remote code execution (RCE) and/or arbitrary blob writes due to insufficient input validation. The issue is exploitable via URI fragment injection using unsanitized package identifiers, allowing an attacker to control the resolved blob path. This enables writes to arbitrary blobs within the storage container, not limited to .nupkg files, resulting in potential tampering of existing content. This issue has been patched in commit 0e80f87628349207cdcaf55358491f8a6f1ca276. | ||||
| CVE-2026-39842 | 1 Openremote | 1 Openremote | 2026-04-15 | 10 Critical |
| OpenRemote is an open-source IoT platform. Versions 1.21.0 and below contain two interrelated expression injection vulnerabilities in the rules engine that allow arbitrary code execution on the server. The JavaScript rules engine executes user-supplied scripts via Nashorn's ScriptEngine.eval() without sandboxing, class filtering, or access restrictions, and the authorization check in RulesResourceImpl only restricts Groovy rules to superusers while leaving JavaScript rules unrestricted for any user with the write:rules role. Additionally, the Groovy rules engine has a GroovyDenyAllFilter security filter that is defined but never registered, as the registration code is commented out, rendering the SandboxTransformer ineffective for superuser-created Groovy rules. A non-superuser attacker with the write:rules role can create JavaScript rulesets that execute with full JVM access, enabling remote code execution as root, arbitrary file read, environment variable theft including database credentials, and complete multi-tenant isolation bypass to access data across all realms. This issue has been fixed in version 1.22.0. | ||||
| CVE-2025-15470 | 2026-04-15 | 6.5 Medium | ||
| The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary directories on the server, including the WordPress root directory. | ||||
| CVE-2026-2396 | 2026-04-15 | 4.4 Medium | ||
| The List View Google Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event description in all versions up to, and including, 7.4.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2026-39963 | 1 S9y | 1 Serendipity | 2026-04-15 | 6.9 Medium |
| Serendipity is a PHP-powered weblog engine. In versions 2.6-beta2 and below, the serendipity_setCookie() function in include/functions_config.inc.php uses $_SERVER['HTTP_HOST'] without validation as the domain parameter of setcookie(). An attacker who can influence the Host header at login time, such as via MITM, reverse proxy misconfiguration, or load balancer manipulation, can force authentication cookies including session tokens and auto-login tokens to be scoped to an attacker-controlled domain. This enables session fixation, token leakage to attacker-controlled infrastructure, and privilege escalation if an admin logs in under a poisoned Host header. This issue has been fixed in version 2.6.0. | ||||
| CVE-2026-4134 | 1 Lenovo | 1 Software Fix | 2026-04-15 | 7.3 High |
| During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges. | ||||
| CVE-2026-4135 | 1 Lenovo | 1 Software Fix | 2026-04-15 | 6.6 Medium |
| During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to perform an arbitrary file write with elevated privileges. | ||||
| CVE-2025-8669 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Customify theme for WordPress is vulnerable to Cross-Site Request Forgery in version 0.4.11. This is due to missing or incorrect nonce validation on the reset_customize_section function. This makes it possible for unauthenticated attackers to reset theme customization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2026-3590 | 1 Mattermost | 1 Mattermost | 2026-04-15 | 6.5 Medium |
| Mattermost versions 10.11.x <= 10.11.12, 11.5.x <= 11.5.0, 11.4.x <= 11.4.2, 11.3.x <= 11.3.2 fail to enforce atomic single-use consumption of guest magic link tokens, which allows an attacker with access to a valid magic link to establish multiple independent authenticated sessions via concurrent requests.. Mattermost Advisory ID: MMSA-2026-00624 | ||||
| CVE-2025-48044 | 1 Ash-project | 1 Ash | 2026-04-15 | N/A |
| Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/ash@3.6.3 before pkg:hex/ash@3.7.1, from 3.6.3 before 3.7.1, from 79749c2685ea031ebb2de8cf60cc5edced6a8dd0 before 8b83efa225f657bfc3656ad8ee8485f9b2de923d. | ||||
| CVE-2025-10583 | 2 Emrevona, Wordpress | 2 Wp Fastest Cache, Wordpress | 2026-04-15 | 3.5 Low |
| The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get_server_time_ajax_request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The free version is not affected. | ||||
| CVE-2025-14151 | 2 Wordpress, Wp-slimstat | 2 Wordpress, Slimstat Analytics | 2026-04-15 | 7.2 High |
| The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'outbound_resource' parameter in the slimtrack AJAX action in all versions up to, and including, 5.3.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||