Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345237 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-22764 | 1 Dell | 1 Openmanage Network Integration | 2026-04-18 | 4.3 Medium |
| Dell OpenManage Network Integration, versions prior to 3.9, contains an Improper Authentication vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2026-1616 | 1 Redhat | 2 Open Security Issue Management, Osim | 2026-04-18 | 7.5 High |
| The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters. | ||||
| CVE-2026-1589 | 2 Angeljudesuarez, Itsourcecode | 2 School Management System, School Management System | 2026-04-18 | 7.3 High |
| A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/inquiry/index.php. This manipulation of the argument txtsearch causes sql injection. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-1595 | 2 Angeljudesuarez, Itsourcecode | 2 Society Management System, Society Management System | 2026-04-18 | 7.3 High |
| A vulnerability was detected in itsourcecode Society Management System 1.0. This affects an unknown part of the file /admin/edit_student_query.php. The manipulation of the argument student_id results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-1597 | 1 Bdtask | 1 Saleserp | 2026-04-18 | 6.3 Medium |
| A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-24413 | 2 Icinga, Microsoft | 2 Icinga, Windows | 2026-04-18 | 5.5 Medium |
| Icinga 2 is an open source monitoring system. Starting in version 2.3.0 and prior to versions 2.13.14, 2.14.8, and 2.15.2, the Icinga 2 MSI did not set appropriate permissions for the `%ProgramData%\icinga2\var` folder on Windows. This resulted in the its contents - including the private key of the user and synced configuration - being readable by all local users. All installations on Windows are affected. Versions 2.13.14, 2.14.8, and 2.15.2 contains a fix. There are two possibilities to work around the issue without upgrading Icinga 2. Upgrade Icinga for Windows to at least version v1.13.4, v1.12.4, or v1.11.2. These version will automatically fix the ACLs for the Icinga 2 agent as well. Alternatively, manually update the ACL for the given folder `C:\ProgramData\icinga2\var` (and `C:\Program Files\WindowsPowerShell\modules\icinga-powershell-framework\certificate` to fix the issue for the Icinga for Windows as well) including every sub-folder and item to restrict access for general users, only allowing the Icinga service user and administrators access. | ||||
| CVE-2026-1457 | 1 Tp-link | 2 Vigi C385, Vigi C385 Firmware | 2026-04-18 | 8.8 High |
| An authenticated buffer handling flaw in TP-Link VIGI C385 V1 Web API lacking input sanitization, may allow memory corruption leading to remote code execution. Authenticated attackers may trigger buffer overflow and potentially execute arbitrary code with elevated privileges. | ||||
| CVE-2026-1453 | 1 Kiloview | 1 Encoder Series | 2026-04-18 | 9.8 Critical |
| A missing authentication for critical function vulnerability in KiloView Encoder Series could allow an unauthenticated attacker to create or delete administrator accounts. This vulnerability can grant the attacker full administrative control over the product. | ||||
| CVE-2026-24846 | 2 Chainguard, Chainguard-dev | 2 Malcontent, Malcontent | 2026-04-18 | 5.5 Medium |
| malcontent discovers supply-chain compromises through. context, differential analysis, and YARA. Starting in version 1.8.0 and prior to version 1.20.3, malcontent could be made to create symlinks outside the intended extraction directory when scanning a specially crafted tar or deb archive. The `handleSymlink` function received arguments in the wrong order, causing the symlink target to be used as the symlink location. Additionally, symlink targets were not validated to ensure they resolved within the extraction directory. Version 1.20.3 introduces fixes that swap handleSymlink arguments, validate symlink location, and validate symlink targets that resolve within an extraction directory. | ||||
| CVE-2026-24904 | 2 Adguard, Trusttunnel | 2 Trusttunnel, Trusttunnel | 2026-04-18 | 5.3 Medium |
| TrustTunnel is an open-source VPN protocol with a rule bypass issue in versions prior to 0.9.115. In `tls_listener.rs`, `TlsListener::listen()` peeks 1024 bytes and calls `extract_client_random(...)`. If `parse_tls_plaintext` fails (for example, a fragmented/partial ClientHello split across TCP writes), `extract_client_random` returns `None`. In `rules.rs`, `RulesEngine::evaluate` only evaluates `client_random_prefix` when `client_random` is `Some(...)`. As a result, when extraction fails (`client_random == None`), any rule that relies on `client_random_prefix` matching is skipped and evaluation falls through to later rules. As an important semantics note: `client_random_prefix` is a match condition only. It does not mean "block non-matching prefixes" by itself. A rule with `client_random_prefix = ...` triggers its `action` only when the prefix matches (and the field is available to evaluate). Non-matches (or `None`) simply do not match that rule and continue to fall through. The vulnerability is fixed in version 0.9.115. | ||||
| CVE-2026-25063 | 1 Gradle | 1 Gradle-completion | 2026-04-18 | 7.8 High |
| gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. The `gradle-completion` script for Bash fails to adequately sanitize Gradle task names and task descriptions, allowing command injection via a malicious Gradle build file when the user completes a command in Bash (without them explicitly running any task in the build). For example, given a task description that includes a string between backticks, then that string would be evaluated as a command when presenting the task description in the completion list. While task execution is the core feature of Gradle, this inherent execution may lead to unexpected outcomes. The vulnerability does not affect zsh completion. The first patched version is 9.3.1. As a workaround, it is possible and effective to temporarily disable bash completion for Gradle by removing `gradle-completion` from `.bashrc` or `.bash_profile`. | ||||
| CVE-2026-25126 | 2 Polarlearn, Polarnl | 2 Polarlearn, Polarlearn | 2026-04-18 | 7.1 High |
| PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings (e.g., `"x"`) as `direction`. Downstream (`VoteServer`) treats any non-`"up"` and non-`null` value as a downvote and persists the invalid value in `votes_data`. This can be exploited to bypass intended business logic. Version 0-PRERELEASE-15 fixes the vulnerability. | ||||
| CVE-2026-25210 | 1 Libexpat Project | 1 Libexpat | 2026-04-18 | 6.9 Medium |
| In libexpat before 2.7.4, the doContent function does not properly determine the buffer size bufSize because there is no integer overflow check for tag buffer reallocation. | ||||
| CVE-2026-25211 | 1 Llamastack | 1 Llama Stack | 2026-04-18 | 3.2 Low |
| Llama Stack (aka llama-stack) before 0.4.0rc3 does not censor the pgvector password in the initialization log. | ||||
| CVE-2026-25643 | 2 Blakeblackshear, Frigate | 2 Frigate, Frigate | 2026-04-18 | 9.1 Critical |
| Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. Prior to 0.16.4, a critical Remote Command Execution (RCE) vulnerability has been identified in the Frigate integration with go2rtc. The application does not sanitize user input in the video stream configuration (config.yaml), allowing direct injection of system commands via the exec: directive. The go2rtc service executes these commands without restrictions. This vulnerability is only exploitable by an administrator or users who have exposed their Frigate install to the open internet with no authentication which allows anyone full administrative control. This vulnerability is fixed in 0.16.4. | ||||
| CVE-2026-25520 | 1 Nyariv | 1 Sandboxjs | 2026-04-18 | 10 Critical |
| SandboxJS is a JavaScript sandboxing library. Prior to 0.8.29, The return values of functions aren't wrapped. Object.values/Object.entries can be used to get an Array containing the host's Function constructor, by using Array.prototype.at you can obtain the hosts Function constructor, which can be used to execute arbitrary code outside of the sandbox. This vulnerability is fixed in 0.8.29. | ||||
| CVE-2026-25635 | 2 Calibre-ebook, Kovidgoyal | 2 Calibre, Calibre | 2026-04-18 | 8.6 High |
| calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows (haven't tested on other OS's), this can lead to Remote Code Execution by writing a payload to the Startup folder, which executes on next login. This vulnerability is fixed in 9.2.0. | ||||
| CVE-2026-25729 | 1 Lintsinghua | 1 Deepaudit | 2026-04-18 | 6.5 Medium |
| DeepAudit is a multi-agent system for code vulnerability discovery. In 3.0.4 and earlier, there is an improper access control vulnerability in the /api/v1/users/ endpoint allows any authenticated user to enumerate all users in the system and retrieve sensitive information including email addresses, phone numbers, full names, and role information. | ||||
| CVE-2026-25631 | 1 N8n | 1 N8n | 2026-04-18 | 6.5 Medium |
| n8n is an open source workflow automation platform. Prior to 1.121.0, there is a vulnerability in the HTTP Request node's credential domain validation allowed an authenticated attacker to send requests with credentials to unintended domains, potentially leading to credential exfiltration. This only might affect user who have credentials that use wildcard domain patterns (e.g., *.example.com) in the "Allowed domains" setting. This issue is fixed in version 1.121.0 and later. | ||||
| CVE-2026-25597 | 1 Prestashop | 1 Prestashop | 2026-04-18 | 5.3 Medium |
| PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by measuring response times. This vulnerability is fixed in 8.2.4 and 9.0.3. | ||||