Export limit exceeded: 343968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343968 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343968 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28386 | 1 Openssl | 1 Openssl | 2026-04-10 | 4.7 Medium |
| Issue summary: Applications using AES-CFB128 encryption or decryption on systems with AVX-512 and VAES support can trigger an out-of-bounds read of up to 15 bytes when processing partial cipher blocks. Impact summary: This out-of-bounds read may trigger a crash which leads to Denial of Service for an application if the input buffer ends at a memory page boundary and the following page is unmapped. There is no information disclosure as the over-read bytes are not written to output. The vulnerable code path is only reached when processing partial blocks (when a previous call left an incomplete block and the current call provides fewer bytes than needed to complete it). Additionally, the input buffer must be positioned at a page boundary with the following page unmapped. CFB mode is not used in TLS/DTLS protocols, which use CBC, GCM, CCM, or ChaCha20-Poly1305 instead. For these reasons the issue was assessed as Low severity according to our Security Policy. Only x86-64 systems with AVX-512 and VAES instruction support are affected. Other architectures and systems without VAES support use different code paths that are not affected. OpenSSL FIPS module in 3.6 version is affected by this issue. | ||||
| CVE-2026-5707 | 2 Amazon, Aws | 2 Research And Engineering Studio, Research And Engineering Studio | 2026-04-10 | 8.8 High |
| Unsanitized input in an OS command in the virtual desktop session name handling in AWS Research and Engineering Studio (RES) version 2025.03 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands as root on the virtual desktop host via a crafted session name. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-34079 | 1 Flatpak | 1 Flatpak | 2026-04-10 | 6.7 Medium |
| Flatpak is a Linux application sandboxing and distribution framework. Prior to 1.16.4, the caching for ld.so removes outdated cache files without properly checking that the app controlled path to the outdated cache is in the cache directory. This allows Flatpak apps to delete arbitrary files on the host. This vulnerability is fixed in 1.16.4. | ||||
| CVE-2026-34020 | 1 Apache | 1 Openmeetings | 2026-04-10 | N/A |
| Use of GET Request Method With Sensitive Query Strings vulnerability in Apache OpenMeetings. The REST login endpoint uses HTTP GET method with username and password passed as query parameters. Please check references regarding possible impact This issue affects Apache OpenMeetings: from 3.1.3 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue. | ||||
| CVE-2026-5708 | 2 Amazon, Aws | 2 Research And Engineering Studio, Research And Engineering Studio | 2026-04-10 | 8.8 High |
| Unsanitized control of user-modifiable attributes in the session creation component in AWS Research and Engineering Studio (RES) prior to version 2026.03 could allow an authenticated remote user to escalate privileges, assume the virtual desktop host instance profile permissions, and interact with AWS resources and services via a crafted API request. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-5709 | 2 Amazon, Aws | 2 Research And Engineering Studio, Research And Engineering Studio | 2026-04-10 | 8.8 High |
| Unsanitized input in the FileBrowser API in AWS Research and Engineering Studio (RES) version 2024.10 through 2025.12.01 might allow a remote authenticated actor to execute arbitrary commands on the cluster-manager EC2 instance via crafted input when using the FileBrowser functionality. To remediate this issue, users are advised to upgrade to RES version 2026.03 or apply the corresponding mitigation patch to their existing environment. | ||||
| CVE-2026-20431 | 2 Mediatek, Mediatek, Inc. | 39 Mt6813, Mt6813 Firmware, Mt6815 and 36 more | 2026-04-10 | 6.5 Medium |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467. | ||||
| CVE-2026-20432 | 2 Mediatek, Mediatek, Inc. | 117 Mt2735, Mt2735 Firmware, Mt2737 and 114 more | 2026-04-10 | 8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. | ||||
| CVE-2026-20433 | 1 Mediatek | 125 Mediatek Chipset, Mt2735, Mt2735 Firmware and 122 more | 2026-04-10 | 8.8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. | ||||
| CVE-2026-32211 | 1 Microsoft | 1 Azure Web Apps | 2026-04-10 | 9.1 Critical |
| Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-32173 | 1 Microsoft | 3 Azure Sre Agent, Azure Sre Agent Gateway, Azure Sre Agent Gateway Signalr Hub | 2026-04-10 | 8.6 High |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-33105 | 1 Microsoft | 1 Azure Kubernetes Service | 2026-04-10 | 10 Critical |
| Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26135 | 1 Microsoft | 1 Azure Custom Locations Resource Provider | 2026-04-10 | 9.6 Critical |
| Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-33107 | 1 Microsoft | 1 Azure Databricks | 2026-04-10 | 10 Critical |
| Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32186 | 1 Microsoft | 1 Bing | 2026-04-10 | 10 Critical |
| Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32213 | 1 Microsoft | 1 Azure Ai Foundry | 2026-04-10 | 10 Critical |
| Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-39342 | 1 Churchcrm | 1 Churchcrm | 2026-04-10 | 8.8 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, the searchwhat parameter via QueryView.php with the QueryID=15 is vulnerable to a SQL injection. The authenticated user requires access to Data/Reports > Query Menu and access to the "Advanced Search" query. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-39343 | 1 Churchcrm | 1 Churchcrm | 2026-04-10 | 7.2 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, a SQL injection vulnerability exists in the EditEventTypes.php file, which is only accessible to administrators. The EN_tyid POST parameter is not sanitized before being used in a SQL query, allowing an administrator to execute arbitrary SQL commands directly against the database. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-35414 | 1 Openbsd | 1 Openssh | 2026-04-10 | 4.2 Medium |
| OpenSSH before 10.3 mishandles the authorized_keys principals option in uncommon scenarios involving a principals list in conjunction with a Certificate Authority that makes certain use of comma characters. | ||||
| CVE-2026-39348 | 1 Orangehrm | 1 Orangehrm | 2026-04-10 | 4.3 Medium |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifiers. This vulnerability is fixed in 5.8.1. | ||||