Export limit exceeded: 11472 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11472 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20628 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-15 | 7.1 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to break out of its sandbox. | ||||
| CVE-2026-39324 | 1 Rack | 1 Rack-session | 2026-04-15 | 9.8 Critical |
| Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted as valid session data without knowledge of any configured secret. Because this mechanism is used to load session state, an attacker can manipulate session contents and potentially gain unauthorized access. This vulnerability is fixed in 2.1.2. | ||||
| CVE-2026-3190 | 2 Keycloak, Redhat | 3 Keycloak, Build Keycloak, Build Of Keycloak | 2026-04-15 | 4.3 Medium |
| A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. | ||||
| CVE-2026-3184 | 2 Linux, Redhat | 4 Util-linux, Enterprise Linux, Hummingbird and 1 more | 2026-04-15 | 3.7 Low |
| A flaw was found in util-linux. Improper hostname canonicalization in the `login(1)` utility, when invoked with the `-h` option, can modify the supplied remote hostname before setting `PAM_RHOST`. A remote attacker could exploit this by providing a specially crafted hostname, potentially bypassing host-based Pluggable Authentication Modules (PAM) access control rules that rely on fully qualified domain names. This could lead to unauthorized access. | ||||
| CVE-2026-35642 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 4.3 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability where group reaction events bypass the requireMention access control mechanism. Attackers can trigger reactions in mention-gated groups to enqueue agent-visible system events that should remain restricted. | ||||
| CVE-2026-21724 | 1 Grafana | 1 Grafana | 2026-04-15 | 5.4 Medium |
| A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. | ||||
| CVE-2026-0633 | 3 Elementor, Roxnor, Wordpress | 3 Elementor, Metform Contact Form Survey Quiz Custom Form Builder For Elementor, Wordpress | 2026-04-15 | 3.7 Low |
| The MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.1.0. This is due to the use of a forgeable cookie value derived only from the entry ID and current user ID without a server-side secret. This makes it possible for unauthenticated attackers to access form submission entry data via MetForm shortcodes for entries created within the transient TTL (default is 15 minutes). | ||||
| CVE-2026-33175 | 2 Jupyter, Jupyterhub | 2 Oauthenticator, Oauthenticator | 2026-04-15 | 8.8 High |
| OAuthenticator is software that allows OAuth2 identity providers to be plugged in and used with JupyterHub. Prior to version 17.4.0, an authentication bypass vulnerability in oauthenticator allows an attacker with an unverified email address on an Auth0 tenant to login to JupyterHub. When email is used as the usrname_claim, this gives users control over their username and the possibility of account takeover. This issue has been patched in version 17.4.0. | ||||
| CVE-2026-21508 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 7 High |
| Improper authentication in Windows Storage allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-21255 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-15 | 8.8 High |
| Improper access control in Windows Hyper-V allows an authorized attacker to bypass a security feature locally. | ||||
| CVE-2026-21238 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-15 | 7.8 High |
| Improper access control in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34581 | 2 Goshs, Patrickhener | 2 Goshs, Goshs | 2026-04-15 | 8.1 High |
| goshs is a SimpleHTTPServer written in Go. From version 1.1.0 to before version 2.0.0-beta.2, when using the Share Token it is possible to bypass the limited selected file download with all the gosh functionalities, including code exec. This issue has been patched in version 2.0.0-beta.2. | ||||
| CVE-2026-2592 | 2 Wordpress, Zarinpal | 2 Wordpress, Zarinpal Gateway | 2026-04-15 | 7.7 High |
| The Zarinpal Gateway for WooCommerce plugin for WordPress is vulnerable to Improper Access Control to Payment Status Update in all versions up to and including 5.0.16. This is due to the payment callback handler 'Return_from_ZarinPal_Gateway' failing to validate that the authority token provided in the callback URL belongs to the specific order being marked as paid. This makes it possible for unauthenticated attackers to potentially mark orders as paid without proper payment by reusing a valid authority token from a different transaction of the same amount. | ||||
| CVE-2026-26119 | 1 Microsoft | 1 Windows Admin Center | 2026-04-15 | 8.8 High |
| Improper authentication in Windows Admin Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-21535 | 1 Microsoft | 1 Teams | 2026-04-15 | 8.2 High |
| Improper access control in Microsoft Teams allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-2768 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 10 Critical |
| Sandbox escape in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-1779 | 2 Wordpress, Wpeverest | 2 Wordpress, User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder | 2026-04-15 | 8.1 High |
| The User Registration & Membership plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 5.1.2. This is due to incorrect authentication in the 'register_member' function. This makes it possible for unauthenticated attackers to log in a newly registered user on the site who has the 'urm_user_just_created' user meta set. | ||||
| CVE-2026-35638 | 1 Openclaw | 1 Openclaw | 2026-04-15 | 8.8 High |
| OpenClaw before 2026.3.22 contains a privilege escalation vulnerability in the Control UI that allows unauthenticated sessions to retain self-declared privileged scopes without device identity verification. Attackers can exploit the device-less allow path in the trusted-proxy mechanism to maintain elevated permissions by declaring arbitrary scopes, bypassing device identity requirements. | ||||
| CVE-2026-30079 | 1 Openairinterface | 1 Oai-cn5g-amf | 2026-04-15 | 9.8 Critical |
| In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a registration accept! This leads the UE to be registered without proper authentication. | ||||
| CVE-2026-31272 | 2 Mrcms, Wuweiit | 2 Mrcms, Mushroom | 2026-04-15 | 9.8 Critical |
| MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication. | ||||