Export limit exceeded: 347749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34001 | 2 Redhat, X.org | 2 Enterprise Linux, X.org | 2026-04-29 | 7.8 High |
| A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system. | ||||
| CVE-2026-33999 | 1 Redhat | 1 Enterprise Linux | 2026-04-29 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2026-5367 | 1 Redhat | 4 Enterprise Linux, Fast Datapath, Openshift and 1 more | 2026-04-29 | 8.6 High |
| A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. | ||||
| CVE-2026-31847 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 8.8 High |
| Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. | ||||
| CVE-2026-31848 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 9.8 Critical |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. | ||||
| CVE-2026-7099 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-31849 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 6.5 Medium |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. | ||||
| CVE-2026-7100 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7101 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.3 Medium |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-31850 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 4.9 Medium |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information. | ||||
| CVE-2026-31851 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 9.8 Critical |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. | ||||
| CVE-2026-4159 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 3.3 Low |
| 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default. | ||||
| CVE-2026-5446 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 7.1 High |
| In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard. | ||||
| CVE-2026-5941 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction. | ||||
| CVE-2026-5447 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 7.5 High |
| Heap buffer overflow in CertFromX509 via AuthorityKeyIdentifier size confusion. A heap buffer overflow occurs when converting an X.509 certificate internally due to incorrect size handling of the AuthorityKeyIdentifier extension. | ||||
| CVE-2026-5263 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 6.5 Medium |
| URI nameConstraints from constrained intermediate CAs are parsed but not enforced during certificate chain verification in wolfcrypt/src/asn.c. A compromised or malicious sub-CA could issue leaf certificates with URI SAN entries that violate the nameConstraints of the issuing CA, and wolfSSL would accept them as valid. | ||||
| CVE-2026-5264 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 9.8 Critical |
| Heap buffer overflow in DTLS 1.3 ACK message processing. A remote attacker can send a crafted DTLS 1.3 ACK message that triggers a heap buffer overflow. | ||||
| CVE-2026-4958 | 1 Openbmb | 1 Xagent | 2026-04-29 | 3.1 Low |
| A vulnerability has been found in OpenBMB XAgent 1.0.0. This affects the function ReplayServer.on_connect/ReplayServer.send_data of the file XAgentServer/application/websockets/replayer.py of the component WebSocket Endpoint. Such manipulation of the argument interaction_id leads to authorization bypass. The attack may be launched remotely. Attacks of this nature are highly complex. The exploitability is reported as difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-4957 | 1 Openbmb | 1 Xagent | 2026-04-29 | 2.7 Low |
| A flaw has been found in OpenBMB XAgent 1.0.0. The impacted element is the function FunctionHandler.handle_tool_call of the file XAgent/function_handler.py of the component API Key Handler. This manipulation of the argument api_key causes sensitive information in log files. The attack may be initiated remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||