Export limit exceeded: 348808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348808 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348808 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-54345 | 2 Erpnext, Frappe | 2 Erpnext, Erpnext | 2026-05-05 | 8.8 High |
| Frappe Framework ERPNext 13.4.0 contains a sandbox escape vulnerability in RestrictedPython that allows authenticated users with System Manager role to execute arbitrary code by exploiting frame introspection. Attackers can create a server script via the /app/server-script endpoint and access the gi_frame attribute to traverse the call stack and invoke os.popen to execute system commands. | ||||
| CVE-2026-36356 | 2026-05-05 | 9.1 Critical | ||
| The GoAhead web server on MeiG Smart FORGE_SLT711 devices (firmware MDM9607.LE.1.0-00110-STD.PROD-1) allows unauthenticated OS command injection via the /action/SetRemoteAccessCfg endpoint. | ||||
| CVE-2026-7707 | 1 Open5gs | 1 Open5gs | 2026-05-05 | 4.3 Medium |
| A vulnerability was found in Open5GS up to 2.7.7. Impacted is the function udr_nudr_dr_handle_subscription_context of the file /src/udr/nudr-handler.c of the component UDR. The manipulation of the argument pei results in denial of service. The attack can be launched remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-0073 | 1 Google | 1 Android | 2026-05-05 | 8.8 High |
| In adbd_tls_verify_cert of auth.cpp, there is a possible bypass of wireless ADB mutual authentication due to a logic error in the code. This could lead to remote (proximal/adjacent) code execution as the shell user with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-7701 | 1 Telegram | 1 Telegram Desktop | 2026-05-05 | 4.3 Medium |
| A security vulnerability has been detected in Telegram Desktop up to 6.7.5. This vulnerability affects the function RequestButton of the file Telegram/SourceFiles/boxes/url_auth_box.cpp of the component Bot API. The manipulation of the argument login_url leads to null pointer dereference. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-7695 | 1 Acrel Electrical | 1 Eems Enterprise Power Operation And Maintenance Cloud Platform | 2026-05-05 | 7.3 High |
| A vulnerability has been found in Acrel Electrical EEMS Enterprise Power Operation and Maintenance Cloud Platform 1.3.0. This affects an unknown function of the file /SubstationWEBV2/main/elecMaxMinAvgValue. The manipulation of the argument fCircuitids leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6553 | 1 Typo3 | 1 Typo3 | 2026-05-05 | 7.5 High |
| Changing backend users' passwords via the user settings module results in storing the cleartext password in the uc and user_settings fields of the be_users database table. This issue affects TYPO3 CMS version 14.2.0. | ||||
| CVE-2026-7688 | 1 Dolibarr | 1 Erp Crm | 2026-05-05 | 5 Medium |
| A vulnerability was identified in Dolibarr ERP CRM up to 23.0.2. This affects the function _checkValForAPI of the file htdocs/expedition/class/expedition.class.php of the component Shipments API Endpoint. The manipulation of the argument fields leads to sql injection. The attack is possible to be carried out remotely. A high degree of complexity is needed for the attack. It is indicated that the exploitability is difficult. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-43862 | 1 Mutt | 1 Mutt | 2026-05-05 | 3.7 Low |
| In mutt before 2.3.2, the imap_auth_gss security level is mishandled. | ||||
| CVE-2026-43860 | 1 Mutt | 1 Mutt | 2026-05-05 | 3.7 Low |
| mutt before 2.3.2 sometimes truncates the hash_passwd by one byte for IMAP auth_cram MD5 digest. | ||||
| CVE-2026-43863 | 1 Mutt | 1 Mutt | 2026-05-05 | 3.7 Low |
| mutt before 2.3.2 has an infinite loop in data_object_to_stream in crypt-gpgme.c. | ||||
| CVE-2026-43861 | 1 Mutt | 1 Mutt | 2026-05-05 | 3.7 Low |
| mutt before 2.3.2 does not check for '\0' in url_pct_decode. | ||||
| CVE-2026-43859 | 1 Mutt | 1 Mutt | 2026-05-05 | 3.7 Low |
| mutt before 2.3.2 sometimes uses strfcpy instead of memcpy for the IMAP auth_cram MD5 digest. | ||||
| CVE-2026-31893 | 2026-05-05 | N/A | ||
| Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix socket. The socket is configured with mode 0666, allowing any local user to connect. No authorization check is performed on the connecting client. The tunnelblick-helper process constructs a path to config.ovpn inside a user-controlled .tblk directory and reads it as root without symlink validation. An attacker can create a .tblk configuration with a symlinked config.ovpn pointing to any file and request tunnelblickd to read it. This issue has been fixed in versions 9.0beta02. | ||||
| CVE-2026-41651 | 1 Packagekit Project | 1 Packagekit | 2026-05-05 | 8.8 High |
| PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5. A local unprivileged user can install arbitrary RPM packages as root, including executing RPM scriptlets, without authentication. The vulnerability is a TOCTOU race condition on `transaction->cached_transaction_flags` combined with a silent state-machine guard that discards illegal backward transitions while leaving corrupted flags in place. Three bugs exist in `src/pk-transaction.c`: 1. Unconditional flag overwrite (line 4036): `InstallFiles()` writes caller-supplied flags to `transaction->cached_transaction_flags` without checking whether the transaction has already been authorized/started. A second call blindly overwrites the flags even while the transaction is RUNNING. 2. Silent state-transition rejection (lines 873–882): `pk_transaction_set_state()` silently discards backward state transitions (e.g. `RUNNING` → `WAITING_FOR_AUTH`) but the flag overwrite at step 1 already happened. The transaction continues running with corrupted flags. 3. Late flag read at execution time (lines 2273–2277): The scheduler's idle callback reads cached_transaction_flags at dispatch time, not at authorization time. If flags were overwritten between authorization and execution, the backend sees the attacker's flags. | ||||
| CVE-2026-7732 | 1 Code-projects | 1 Blood Bank Management System | 2026-05-05 | 6.3 Medium |
| A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-7738 | 1 Puchunjie | 1 Doc-tools-mcp | 2026-05-05 | 6.3 Medium |
| A security flaw has been discovered in puchunjie doc-tools-mcp 1.0.18. This affects the function create_document/open_document of the file src/mcp-server.ts of the component MCP Interface. The manipulation of the argument filePath results in path traversal. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-6022 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2026-05-05 | 7.5 High |
| In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion. | ||||
| CVE-2026-6023 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2026-05-05 | 8.1 High |
| In Progress® Telerik® UI for AJAX versions 2024.4.1114 through 2026.1.421, the RadFilter control is vulnerable to insecure deserialization when restoring filter state if the state is exposed to the client. If an attacker tampers with this state, a server-side remote code execution is possible. | ||||
| CVE-2026-7847 | 1 Chatchat-space | 1 Langchain-chatchat | 2026-05-05 | 2.6 Low |
| A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||