Export limit exceeded: 346986 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346986 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32836 | 1 Mackron | 1 Dr Libs | 2026-04-27 | 6.2 Medium |
| dr_libs dr_flac.h version 0.13.3 and earlier (fixed in commits fefced4, 4f5a4cd, and 663239a) contain an uncontrolled memory allocation vulnerability in drflac__read_and_decode_metadata() that allows attackers to trigger excessive memory allocation by supplying crafted PICTURE metadata blocks. Attackers can exploit attacker-controlled mimeLength and descriptionLength fields to cause denial of service through memory exhaustion when processing FLAC streams with metadata callbacks. | ||||
| CVE-2026-32837 | 1 Mackron | 1 Miniaudio | 2026-04-27 | 4 Medium |
| miniaudio version 0.11.25 and earlier (fixed in commits 1df46ae and 1df46ae) contain a heap out-of-bounds read vulnerability in the WAV BEXT metadata parser that allows attackers to trigger memory access violations by processing crafted WAV files. Attackers can exploit improper null-termination handling in the coding history field to cause out-of-bounds reads past the allocated metadata pool, resulting in application crashes or denial of service. | ||||
| CVE-2026-33208 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 8.8 High |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the /config/ < service > /find-in-config endpoint in Roxy-WI fails to sanitize the user-supplied words parameter before embedding it into a shell command string that is subsequently executed on a remote managed server via SSH. An authenticated attacker can inject arbitrary shell metacharacters to break out of the intended grep command context and execute arbitrary OS commands with sudo privileges on the target server, resulting in full Remote Code Execution (RCE). Version 8.2.6.4 patches the issue. | ||||
| CVE-2026-3868 | 1 Moxa | 2 Edr-8010 Series, Edr-g9010 Series | 2026-04-27 | N/A |
| An improper handling of the length parameter inconsistency vulnerability has been identified in Moxa’s Secure Router. Because of improper validation of length parameters in the HTTPS management interface, an unauthenticated remote attacker could send specially crafted requests that trigger a buffer overflow condition, causing the web service to become unresponsive. Successful exploitation may result in a denial-of-service condition requiring a device reboot to restore normal operation. While successful exploitation can severely impact the availability of the affected device, no impact to the confidentiality or integrity of the affected product has been identified. Additionally, no confidentiality, integrity, or availability impact to the subsequent system has been identified. | ||||
| CVE-2026-33078 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 9.8 Critical |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter, sourced from the URL path, is passed unsanitized through multiple function calls and ultimately interpolated into a SQL query string using Python string formatting, allowing attackers to execute arbitrary SQL commands. Version 8.2.6.4 fixes the issue. | ||||
| CVE-2026-41462 | 2026-04-27 | 9.8 Critical | ||
| ProjeQtor versions 7.0 through 12.4.3 contain an unauthenticated SQL injection vulnerability in the login functionality where the login variable is directly concatenated into a SQL query without parameterization or sanitization. Attackers can inject arbitrary SQL expressions through the username field at the authentication endpoint to create privileged accounts, read sensitive data, and execute operating system commands if the database user has elevated permissions. | ||||
| CVE-2026-33076 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 9.8 Critical |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue. | ||||
| CVE-2026-33318 | 1 Actualbudget | 1 Actual | 2026-04-27 | 8.8 High |
| Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /account/change-password` has no authorization check, allowing any session to overwrite the password hash; the inactive password `auth` row is never removed on migration; and the login endpoint accepts a client-supplied `loginMethod` that bypasses the server's active auth configuration. Together these allow an attacker to set a known password and authenticate as the anonymous admin account created during the multiuser migration. The three weaknesses form a single, sequential exploit chain — none produces privilege escalation on its own. Missing authorization on POST /change-password allows overwriting a password hash, but only matters if there is an orphaned row to target. Orphaned password row persisting after migration provides the target row, but is harmless without the ability to authenticate using it. Client-controlled loginMethod: "password" allows forcing password-based auth, but is useless without a known hash established by step 1. All three must be chained in sequence to achieve the impact. No single weakness independently results in privilege escalation. The single root cause is the missing authorization check on /change-password; the other two are preconditions that make it exploitable. Version 26.4.0 contains a fix. | ||||
| CVE-2026-31178 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31179 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31181 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31162 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31163 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-6941 | 1 Radare | 1 Radare2 | 2026-04-27 | 6.6 Medium |
| radare2 prior to 6.1.4 contains a path traversal vulnerability in its project notes handling that allows attackers to read or write files outside the configured project directory by importing a malicious .zrp archive containing a symlinked notes.txt file. Attackers can craft a .zrp archive with a symlinked notes.txt that bypasses directory confinement checks, allowing note operations to follow the symlink and access arbitrary files outside the dir.projects root directory. | ||||
| CVE-2026-6940 | 1 Radare | 1 Radare2 | 2026-04-27 | 7.1 High |
| radare2 prior to 6.1.4 contains a path traversal vulnerability in project deletion that allows local attackers to recursively delete arbitrary directories by supplying absolute paths that escape the configured dir.projects root directory. Attackers can craft absolute paths to project marker files outside the project storage boundary to cause recursive deletion of attacker-chosen directories with permissions of the radare2 process, resulting in integrity and availability loss. | ||||
| CVE-2026-31168 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the recHour parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-41460 | 1 Socialengine | 1 Socialengine | 2026-04-27 | 9.8 Critical |
| SocialEngine versions 7.8.0 and prior contain a SQL injection vulnerability in the /activity/index/get-memberall endpoint where user-supplied input passed via the text parameter is not sanitized before being incorporated into a SQL query. An unauthenticated remote attacker can exploit this vulnerability to read arbitrary data from the database, reset administrator account passwords, and gain unauthorized access to the Packages Manager in the Admin Panel, potentially enabling remote code execution. | ||||
| CVE-2026-41461 | 1 Socialengine | 1 Socialengine | 2026-04-27 | 8.5 High |
| SocialEngine versions 7.8.0 and prior contain a blind server-side request forgery vulnerability in the /core/link/preview endpoint where user-supplied input passed via the uri request parameter is not sanitized before being used to construct outbound HTTP requests. Authenticated remote attackers can supply arbitrary URLs including internal network addresses and loopback addresses to cause the server to issue HTTP requests to attacker-controlled destinations, enabling internal network enumeration and access to services not intended to be externally reachable. | ||||
| CVE-2026-41044 | 1 Apache | 2 Activemq, Activemq Broker | 2026-04-27 | 8.8 High |
| Improper Input Validation, Improper Control of Generation of Code ('Code Injection') vulnerability in Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All. An authenticated attacker can use the admin web console page to construct a malicious broker name that bypasses name validation to include an xbean binding that can be later used by a VM transport to load a remote Spring XML application. The attacker can then use the DestinationView mbean to send a message to trigger a VM transport creation that will reference this malicious broker name which can lead to loading the malicious Spring XML context file. Because Spring's ResourceXmlApplicationContext instantiates all singleton beans before the BrokerService validates the configuration, arbitrary code execution occurs on the broker's JVM through bean factory methods such as Runtime.exec(). This issue affects Apache ActiveMQ: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ Broker: before 5.19.6, from 6.0.0 before 6.2.5; Apache ActiveMQ All: before 5.19.6, from 6.0.0 before 6.2.5. Users are recommended to upgrade to version 6.2.5 or 5.19.6, which fixes the issue. | ||||
| CVE-2026-31956 | 1 Xibosignage | 1 Xibo | 2026-04-27 | 4.3 Medium |
| Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to version 4.4.1, any authenticated user can manually construct a URL to preview campaigns/regions, and export saved reports belonging to other users. Exploitation of the vulnerability is possible on behalf of an authorized user who has any of the following privileges: Page which shows all Layouts that have been created for the purposes of Layout Management; page which shows all Campaigns that have been created for the purposes of Campaign Management; and page which shows all Reports that have been Saved. Users should upgrade to version 4.4.1 which fixes this issue. Upgrading to a fixed version is necessary to remediate. | ||||