Export limit exceeded: 17560 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39958 | 1 Aosc-dev | 1 Oma | 2026-04-16 | 9.1 Critical |
| oma is a package manager for AOSC OS. Prior to 1.25.2, oma-topics is responsible for fetching metadata for testing repositories (topics) named "Topic Manifests" ({mirror}/debs/manifest/topics.json) from remote repository servers, registering them as APT source entries. However, the name field in said metadata were not checked for transliteration. In this case, a malicious party may supply a malformed Topic Manifest, which may cause malicious APT source entries to be added to /etc/apt/sources.list.d/atm.list as oma-topics finishes fetching and registering metadata. This vulnerability is fixed in 1.25.2. | ||||
| CVE-2026-27306 | 1 Adobe | 1 Coldfusion | 2026-04-16 | 8.4 High |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Attacker requires elevated privileges. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2026-27307 | 1 Adobe | 1 Coldfusion | 2026-04-16 | 2.4 Low |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-27308 | 1 Adobe | 1 Coldfusion | 2026-04-16 | 2.4 Low |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could exploit this vulnerability and exhaust system resources, reducing application speed. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-32989 | 1 Precurio | 3 Intranet Portal, Precurio, Precurio Intranet Portal | 2026-04-16 | 8.8 High |
| Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling file uploads. Attackers can exploit this to upload executable files to web-accessible locations, leading to arbitrary code execution in the context of the web server. | ||||
| CVE-2026-2378 | 2 The Browsercompany Of New York, Thebrowser | 2 Arcsearch, Arc Search | 2026-04-16 | 7.4 High |
| ArcSearch for Android versions prior to 1.12.7 could display a different domain in the address bar than the content being shown, enabling address bar spoofing after user interaction via crafted web content. | ||||
| CVE-2026-2784 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Mitigation bypass in the DOM: Security component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2779 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Incorrect boundary conditions in the Networking: JAR component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2778 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 10 Critical |
| Sandbox escape due to incorrect boundary conditions in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2776 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 10 Critical |
| Sandbox escape due to incorrect boundary conditions in the Telemetry component in External Software. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2775 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Mitigation bypass in the DOM: HTML Parser component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2773 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Incorrect boundary conditions in the Web Audio component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2771 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Undefined behavior in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-28398 | 1 Nocodb | 1 Nocodb | 2026-04-16 | 5.4 Medium |
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, user-controlled content in comments and rich text cells was rendered via v-html without sanitization, enabling stored XSS. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-28401 | 1 Nocodb | 1 Nocodb | 2026-04-16 | 5.4 Medium |
| NocoDB is software for building databases as spreadsheets. Prior to version 0.301.3, rich text cell content rendered via v-html without sanitization enables stored XSS. This issue has been patched in version 0.301.3. | ||||
| CVE-2026-0655 | 1 Tp-link | 2 Deco Be25, Deco Be25 Firmware | 2026-04-16 | 8.0 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TP-Link Deco BE25 v1.0 (web modules) allows authenticated adjacent attacker to read arbitrary files or cause denial of service. This issue affects Deco BE25 v1.0: through 1.1.1 Build 20250822. | ||||
| CVE-2026-0005 | 1 Google | 1 Android | 2026-04-16 | 6.2 Medium |
| In onServiceDisconnected of KeyguardServiceDelegate.java, there is a possible partial bypass of app pinning allowing limited interaction with other apps without knowing the LSKF due to a missing permission check. This could lead to local information disclosure where the extent of interaction and impact is app-dependent with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0006 | 1 Google | 1 Android | 2026-04-16 | 9.8 Critical |
| In multiple locations, there is a possible out of bounds read and write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0008 | 1 Google | 1 Android | 2026-04-16 | 8.4 High |
| In multiple locations, there is a possible privilege escalation due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-0010 | 1 Google | 1 Android | 2026-04-16 | 8.4 High |
| In onTransact of IDrmManagerService.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||