Export limit exceeded: 347704 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347704 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7418 | 1 Utt | 1 Hiper 1250gw | 2026-04-30 | 8.8 High |
| A vulnerability was determined in UTT HiPER 1250GW up to 3.2.7-210907-180535. This vulnerability affects the function strcpy of the file route/goform/NTP. Executing a manipulation of the argument Profile can lead to buffer overflow. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-7447 | 1 Sourcecodester | 1 Pet Grooming Management Software | 2026-04-30 | 6.3 Medium |
| A flaw has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the file /admin/update_customer.php. This manipulation of the argument type/length/business parameter validity causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used. | ||||
| CVE-2026-6526 | 1 Wireshark | 1 Wireshark | 2026-04-30 | 5.5 Medium |
| RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 | ||||
| CVE-2026-21422 | 1 Dell | 1 Powerscale Onefs | 2026-04-30 | 3.4 Low |
| Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. | ||||
| CVE-2026-3325 | 1 Crm Sistemas De Fidelización | 1 Megacms | 2026-04-30 | N/A |
| SQL injection (SQLi) in MegaCMS v12.0.0, specifically in the “id_territorio” parameter of the “/web_comunications/cms/get_provincias” endpoint. The vulnerability arises from inadequate validation and sanitisation of user input. Specifically, via a POST request, the “id_territorio” parameter, used immediately after the registration form is submitted, could be manipulated by an unauthenticated attacker to execute arbitrary SQL queries. | ||||
| CVE-2026-42646 | 2 Steve Burge, Wordpress | 2 Taxopress, Wordpress | 2026-04-30 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Steve Burge TaxoPress simple-tags allows Blind SQL Injection.This issue affects TaxoPress: from n/a through <= 3.44.0. | ||||
| CVE-2026-42645 | 2 Barcode Scanner, Wordpress | 2 Barcode Scanner With Inventory & Order Manager, Wordpress | 2026-04-30 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Scanner with Inventory & Order Manager barcode-scanner-lite-pos-to-manage-products-inventory-and-orders allows Cross Site Request Forgery.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through <= 1.11.0. | ||||
| CVE-2026-5140 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus | 2026-04-30 | 8.8 High |
| Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus allows Authentication Bypass. This issue affects Pardus: from <=0.6.4 before 0.8.0. | ||||
| CVE-2026-42520 | 1 Jenkins Project | 1 Jenkins Credentials Binding Plugin | 2026-04-30 | 7.5 High |
| Jenkins Credentials Binding Plugin 719.v80e905ef14eb_ and earlier does not sanitize file names for file and zip file credentials, allowing attackers able to provide credentials to a job to write files to arbitrary locations on the node filesystem, which can lead to remote code execution if Jenkins is configured to allow a low-privileged user to configure file or zip file credentials used for a job running on the built-in node. | ||||
| CVE-2026-42521 | 1 Jenkins Project | 1 Jenkins Matrix Authorization Strategy Plugin | 2026-04-30 | 6.5 Medium |
| Jenkins Matrix Authorization Strategy Plugin 2.0-beta-1 through 3.2.9 (both inclusive) invokes parameterless constructors of classes specified in configuration when deserializing inheritance strategies, without restricting the classes that can be instantiated, allowing attackers with Item/Configure permission to instantiate arbitrary types, which may lead to information disclosure or other impacts depending on the classes available on the classpath. | ||||
| CVE-2026-42522 | 1 Jenkins Project | 1 Jenkins Github Branch Source Plugin | 2026-04-30 | 4.3 Medium |
| A missing permission check in Jenkins GitHub Branch Source Plugin 1967.vdea_d580c1a_b_a_ and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL with attacker-specified GitHub App credentials. | ||||
| CVE-2026-42523 | 1 Jenkins Project | 1 Jenkins Github Plugin | 2026-04-30 | 9 Critical |
| Jenkins GitHub Plugin 1.46.0 and earlier improperly processes the current job URL as part of JavaScript implementing validation of the feature "GitHub hook trigger for GITScm polling", resulting in a stored cross-site scripting (XSS) vulnerability exploitable by non-anonymous attackers with Overall/Read permission. | ||||
| CVE-2026-42524 | 1 Jenkins Project | 1 Jenkins Html Publisher Plugin | 2026-04-30 | 8 High |
| Jenkins HTML Publisher Plugin 427 and earlier does not escape job name and URL in the legacy wrapper file, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2026-42525 | 1 Jenkins Project | 1 Jenkins Microsoft Entra Id Plugin | 2026-04-30 | 4.3 Medium |
| Jenkins Microsoft Entra ID (previously Azure AD) Plugin 666.v6060de32f87d and earlier does not restrict the redirect URL after login, allowing attackers to perform phishing attacks. | ||||
| CVE-2026-25852 | 1 Acronis | 1 Acronis Devicelock Dlp | 2026-04-30 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212. | ||||
| CVE-2026-41952 | 1 Acronis | 2 Cyber Protect Cloud Agent, Devicelock Dlp | 2026-04-30 | N/A |
| Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183. | ||||
| CVE-2026-41220 | 1 Acronis | 2 Cyber Protect Cloud Agent, Devicelock Dlp | 2026-04-30 | N/A |
| Local privilege escalation due to improper input validation. The following products are affected: Acronis DeviceLock DLP (Windows) before build 9.0.93212, Acronis Cyber Protect Cloud Agent (Windows) before build 42183. | ||||
| CVE-2026-5141 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus Software Center | 2026-04-30 | 8.8 High |
| Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: from 1.0.2 before 1.0.3. | ||||
| CVE-2026-7111 | 1 Hmbrand | 1 Text::csv Xs | 2026-04-30 | 8.4 High |
| Text::CSV_XS versions before 1.62 for Perl have a use-after-free when registered callbacks extend the Perl argument stack, which may enable type confusion or memory corruption. The Parse, print, getline, and getline_all methods invoke registered callbacks (for example after_parse, before_print, or on_error) and cache the Perl argument stack pointer across the call. If a callback extends the argument stack enough to trigger a reallocation, the return value is written through the stale pointer into the freed buffer, and the caller reads the original $self argument as the return value instead. Calling code that expects parsed data from getline_all receives the Text::CSV_XS object in its place, leading to logic errors or crashes. Text::CSV_XS objects used without any registered callbacks are not affected. | ||||
| CVE-2026-5161 | 1 Tubitak Bilgem Software Technologies Research Institute | 1 Pardus About | 2026-04-30 | 8.8 High |
| Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack. This issue affects Pardus About: before v1.2.1. | ||||