Export limit exceeded: 344354 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344354 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40028 | 1 Yamato-security | 1 Hayabusa | 2026-04-13 | 5.4 Medium |
| Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the Computer field of JSON logs that executes in the forensic examiner's browser session when viewing the generated HTML report, leading to information disclosure or code execution. | ||||
| CVE-2026-4114 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | ||||
| CVE-2026-33005 | 1 Apache | 1 Openmeetings | 2026-04-13 | 4.3 Medium |
| Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object. This issue affects Apache OpenMeetings: from 3.10 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue. | ||||
| CVE-2026-4660 | 1 Hashicorp | 1 Tooling | 2026-04-13 | 7.5 High |
| HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package. | ||||
| CVE-2025-12664 | 1 Gitlab | 1 Gitlab | 2026-04-13 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. | ||||
| CVE-2026-34538 | 1 Apache | 1 Airflow | 2026-04-13 | 6.5 Medium |
| Apache Airflow versions 3.0.0 through 3.1.8 DagRun wait endpoint returns XCom result values even to users who only have DAG Run read permissions, such as the Viewer role.This behavior conflicts with the FAB RBAC model, which treats XCom as a separate protected resource, and with the security model documentation that defines the Viewer role as read-only. Airflow uses the FAB Auth Manager to manage access control on a per-resource basis. The Viewer role is intended to be read-only by default, and the security model documentation defines Viewer users as those who can inspect DAGs without accessing sensitive execution results. Users are recommended to upgrade to Apache Airflow 3.2.0 which resolves this issue. | ||||
| CVE-2026-35205 | 1 Helm | 1 Helm | 2026-04-13 | N/A |
| Helm is a package manager for Charts for Kubernetes. From 4.0.0 to 4.1.3, Helm will install plugins missing provenance (.prov file) when signature verification is required. This vulnerability is fixed in 4.1.4. | ||||
| CVE-2026-39853 | 1 Mtrojnar | 1 Osslsigncode | 2026-04-13 | 7.8 High |
| osslsigncode is a tool that implements Authenticode signing and timestamping. Prior to 2.12, A stack buffer overflow vulnerability exists in osslsigncode in several signature verification paths. During verification of a PKCS#7 signature, the code copies the digest value from a parsed SpcIndirectDataContent structure into a fixed-size stack buffer (mdbuf[EVP_MAX_MD_SIZE], 64 bytes) without validating that the source length fits within the destination buffer. This pattern is present in the verification handlers for PE, MSI, CAB, and script files. An attacker can craft a malicious signed file with an oversized digest field in SpcIndirectDataContent. When a user verifies such a file with osslsigncode verify, the unbounded memcpy can overflow the stack buffer and corrupt adjacent stack state. This vulnerability is fixed in 2.12. | ||||
| CVE-2026-39901 | 1 Monetr | 1 Monetr | 2026-04-13 | 5.7 Medium |
| monetr is a budgeting application focused on planning for recurring expenses. Prior to 1.12.3, a transaction integrity flaw allows an authenticated tenant user to soft-delete synced non-manual transactions through the transaction update endpoint, despite the application explicitly blocking deletion of those transactions via the normal DELETE path. This bypass undermines the intended protection for imported transaction records and allows protected transactions to be hidden from normal views. This vulnerability is fixed in 1.12.3. | ||||
| CVE-2026-40026 | 1 Sleuthkit | 1 The Sleuth Kit | 2026-04-13 | 4.4 Medium |
| The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop. | ||||
| CVE-2026-40031 | 1 Ufrisk | 1 Memprocfs | 2026-04-13 | 7.8 High |
| MemProcFS before 5.17 contains multiple unsafe library-loading patterns that enable DLL and shared-library hijacking across six attack surfaces, including bare-name LoadLibraryU and dlopen calls without path qualification for vmmpyc, libMSCompression, and plugin DLLs. An attacker who places a malicious DLL or shared library in the working directory or manipulates LD_LIBRARY_PATH can achieve arbitrary code execution when MemProcFS loads. | ||||
| CVE-2026-28553 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 6.9 Medium |
| Vulnerability of improper permission control in the theme setting module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-54362 | 2 Cs-cart, Virtuemart | 2 Cs-cart, Cart | 2026-04-13 | 6.1 Medium |
| Joomla VirtueMart Shopping-Cart 4.0.12 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the keyword parameter. Attackers can craft malicious URLs containing script payloads in the keyword parameter of the product-variants endpoint to execute arbitrary JavaScript in victim browsers and steal session tokens or credentials. | ||||
| CVE-2026-5993 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-13 | 9.8 Critical |
| A vulnerability was identified in Totolink A7100RU 7.4cu.2313_b20191024. This vulnerability affects the function setWiFiGuestCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument wifiOff leads to os command injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-28205 | 1 Openplcproject | 1 Openplc V3 | 2026-04-13 | N/A |
| OpenPLC_V3 is vulnerable to an Initialization of a Resource with an Insecure Default vulnerability which could allow an attacker to gain access to the system by bypassing authentication via an API. | ||||
| CVE-2026-31170 | 1 Totolink | 1 A3300r | 2026-04-13 | N/A |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stun-pass parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-29923 | 1 Entechtaiwan | 1 Powerstrip | 2026-04-13 | N/A |
| The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures. | ||||
| CVE-2026-29129 | 1 Apache | 1 Tomcat | 2026-04-13 | 7.5 High |
| Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. | ||||
| CVE-2026-39943 | 1 Directus | 1 Directus | 2026-04-13 | 6.5 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. Prior to 11.17.0, Directus stores revision records (in directus_revisions) whenever items are created or updated. Due to the revision snapshot code not consistently calling the prepareDelta sanitization pipeline, sensitive fields (including user tokens, two-factor authentication secrets, external auth identifiers, auth data, stored credentials, and AI provider API keys) could be stored in plaintext within revision records. This vulnerability is fixed in 11.17.0. | ||||
| CVE-2026-5961 | 1 Code-projects | 1 Simple It Discussion Forum | 2026-04-13 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This vulnerability affects unknown code of the file /topic-details.php. The manipulation of the argument post_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||