Export limit exceeded: 347965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347965 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347965 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5111 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2026-05-04 | 7.2 High |
| The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to and including 2.10.0. This is due to insufficient input validation and output escaping on Hidden Product field values when used inside Repeater fields, where repeater subfields bypass state validation checks and the Hidden Product validate() method only validates the quantity field while ignoring the product name field that is later output without proper escaping in the get_value_entry_detail() method. This makes it possible for unauthenticated attackers to inject arbitrary web scripts through form submissions that will execute whenever an administrator views the entry details. | ||||
| CVE-2026-42084 | 2026-05-04 | 8.1 High | ||
| OpenC3 COSMOS provides the functionality needed to send commands to and receive data from one or more embedded systems. Prior to versions 6.10.5 and 7.0.0-rc3, the OpenC3 password change functionality allows a user to change their password without providing the old password, by accepting a valid session token instead. In assumed breach scenarios, this behaviour can be exploited by an attacker who has already obtained a valid session token, to gain persistence in hijacked account (including admin) and prevent legitimate users from accessing the account. This issue has been patched in versions 6.10.5 and 7.0.0-rc3. | ||||
| CVE-2026-7049 | 2 Pixelyoursite, Wordpress | 2 Pixelyoursite Pro – Your Smart Pixel (tag) Manager, Wordpress | 2026-05-04 | 7.2 High |
| The PixelYourSite Pro – Your smart PIXEL (TAG) Manager plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 12.5.0.1 via the scan_video. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. The SSRF is blind because fetched response bodies are only parsed internally for YouTube/Vimeo patterns and are never returned to the attacker. | ||||
| CVE-2026-6378 | 2 Ckp267, Wordpress | 2 Maxiblocks Builder | 17,000+ Design Assets, Patterns, Icons & Starter Sites, Wordpress | 2026-05-04 | 6.4 Medium |
| The Maxi Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `/wp-json/maxi-blocks/v1.0/style-card` REST API endpoint in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping of the `sc_styles` parameter. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts that execute on every page where the plugin's style card styles are loaded, including across the entire WordPress admin panel. | ||||
| CVE-2026-7600 | 1 Artmin96 | 1 Yii2-mcp-server | 2026-05-04 | 6.3 Medium |
| A flaw has been found in ArtMin96 yii2-mcp-server 1.0.2. This impacts the function yii_command_help/yii_execute_command of the file src/index.ts of the component MCP Interface. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-42052 | 2026-05-04 | N/A | ||
| Beets is the media library management system. Prior to version 2.10.0, the bundled web UI uses Underscore template interpolation mode <%= ... %> for untrusted metadata fields. In this runtime, <%= ... %> is raw insertion and HTML escaping is only performed by <%- ... %>. Rendered output is then inserted with .html(...), allowing attacker-controlled markup to become active DOM. This issue has been patched in version 2.10.0. | ||||
| CVE-2025-47401 | 2026-05-04 | 6.5 Medium | ||
| Transient DOS when processing target power rate tables during channel configuration. | ||||
| CVE-2026-42376 | 1 Dlink | 1 Dir-456u Firmware | 2026-05-04 | 9.8 Critical |
| D-Link DIR-456U Hardware Revision A1 (End-of-Life, EOL) contains a hardcoded telnet backdoor. The device starts a telnet daemon at boot via /etc/init0.d/S80telnetd.sh with the username "Alphanetworks" and the static password "whdrv01_dlob_dir456U" read from /etc/config/image_sign. The custom telnetd binary accepts a -u user:password flag, and the custom login binary uses strcmp() to validate credentials. Successful authentication grants an unauthenticated attacker on the local network a root shell with full administrative control. The device has reached End-of-Life (EOL) and will not receive patches. | ||||
| CVE-2026-24120 | 2026-05-04 | 9.8 Critical | ||
| vm2 is an open source vm/sandbox for Node.js. Prior to version 3.10.5, the fix for CVE-2023-37466 is insufficient and can be circumvented allowing attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. This issue has been patched in version 3.10.5. | ||||
| CVE-2026-20020 | 1 Cisco | 3 Adaptive Security Appliance Software, Firepower Threat Defense, Secure Firewall Threat Defense | 2026-05-04 | 6.8 Medium |
| A vulnerability in the OSPF protocol of Cisco Secure Firewall ASA Software and Cisco Secure FTD Software could allow an unauthenticated, adjacent attacker to cause an affected device to reload unexpectedly, resulting in a DoS condition. If OSPF authentication is enabled, the attacker must know the secret key to exploit this vulnerability. This vulnerability is due to insufficient input validation when processing OSPF update packets. An attacker could exploit this vulnerability by sending crafted OSPF update packets. A successful exploit could allow the attacker to create a buffer overflow, causing the affected device to reload, resulting in a DoS condition. | ||||
| CVE-2025-70067 | 1 Assimp | 1 Assimp | 2026-05-04 | N/A |
| Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation | ||||
| CVE-2026-6500 | 2026-05-04 | N/A | ||
| Plaintext storage of a password vulnerability in ILM Informatique OpenConcerto allows Retrieve Embedded Sensitive Data. This issue affects OpenConcerto: 1.7.5. | ||||
| CVE-2026-6501 | 2026-05-04 | N/A | ||
| Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | ||||
| CVE-2026-42809 | 2026-05-04 | 9.9 Critical | ||
| Apache Polaris can issue broad temporary ("vended") storage credentials during staged table creation before the effective table location has been validated or durably reserved. Those temporary credentials are meant to limit the scope of accessible table data and metadata, but this scope limitation becomes attacker- directed because the attacker can choose a reachable target location. In the confirmed variant, if the caller supplies a custom `location` during stage create and requests credential vending, Apache Polaris uses that location to construct delegated storage credentials immediately. The stage-create path itself neither runs the normal location validation nor the overlap checks before those credentials are issued. Closely related to that, the staged-create flow also accepts `write.data.path` / `write.metadata.path` in the request properties and feeds those location overrides into the same effective table location set used for credential vending. Those fields are secondary to the main custom-`location` exploit, but they are still attacker-influenced location inputs that should be validated before any credentials are issued. | ||||
| CVE-2026-40563 | 2026-05-04 | 7.1 High | ||
| Description: Improper Control of Generation of Code ('Code Injection') vulnerability in Apache Atlas Apache Atlas exposes a DSL search endpoint that accepts user-supplied query strings. Attacker can alter Gremlin traversal logic within grammar-allowed characters to access unintended data Affect Version: This issue affects Apache Atlas: from 0.8 through 2.4.0. For the affect version >= 2.0, vulnerability is only when Atlas is deployed with below non-default configuration. atlas.dsl.executor.traversal=false Mitigation: Users are recommended to upgrade to version 2.5.0, which fixes the issue. | ||||
| CVE-2026-37539 | 1 Mguentner | 1 Cannelloni | 2026-05-04 | 9.8 Critical |
| Buffer overflow vulnerability in cannelloni v2.0.0 in CAN frame parsing in parser.cpp in function parseCANFrame, and decoder.cpp in function decodeFrame allowing remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted CAN FD frames. | ||||
| CVE-2026-37540 | 1 Openamp | 1 Openamp | 2026-05-04 | 8.4 High |
| OpenAMP v2025.10.0 ELF loader contains an integer overflow vulnerability in firmware image parsing. In elf_loader.c, it performs multiplication of two attacker-controlled 16-bit values from the ELF header without overflow checking. On 32-bit embedded systems (STM32MP1, Zynq, i.MX), large values can cause the product to wrap around to a small value. | ||||
| CVE-2026-37541 | 1 Openvehicles | 1 Open Vehicle Monitoring System 3 | 2026-05-04 | 10 Critical |
| Buffer overflow vulnerability in Open Vehicle Monitoring System 3 (OVMS3) 3.3.005. In canformat_gvret.cpp, the length field in GVRET binary data is not properly validated, allowing remote attackers to cause a denial of service or possibly execute arbitrary code via crafted GVRET frames. | ||||
| CVE-2026-37552 | 1 Mix-php | 1 Mix | 2026-05-04 | 8.4 High |
| Unsafe deserialization vulnerability in MixPHP Framework 2.x thru 2.2.17. The sync-invoke TCP server (Server.php:87) receives data from a TCP socket, passes it directly to Opis\Closure\unserialize(), then executes the result via call_user_func(). No authentication or signature verification exists on the TCP connection. An attacker with access to the localhost TCP port (server binds 127.0.0.1) can send a crafted serialized PHP closure to achieve arbitrary code execution. | ||||
| CVE-2026-42996 | 1 Js8call | 2 Js8call, Js8call-improved | 2026-05-04 | N/A |
| JS8Call through 2.3.1 and JS8Call-improved before 3.0 have a stack-based buffer overflow via a radio transmission of @APRSIS GRID followed by a long Maidenhead locator. This occurs in grid2deg in APRSISClient.cpp. | ||||