Export limit exceeded: 344234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39921 | 1 Geonode | 1 Geonode | 2026-04-13 | N/A |
| GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. Attackers can supply URLs pointing to internal network targets, loopback addresses, RFC1918 addresses, or cloud metadata services to cause the server to make requests to internal resources without SSRF mitigations such as private IP filtering or redirect validation. | ||||
| CVE-2025-58920 | 2 Wordpress, Zootemplate | 2 Wordpress, Cerato | 2026-04-13 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zootemplate Cerato allows Reflected XSS.This issue affects Cerato: from n/a through 2.2.18. | ||||
| CVE-2021-47960 | 1 Synology | 1 Ssl Vpn Client | 2026-04-13 | 6.5 Medium |
| A files or directories accessible to external parties vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access files within the installation directory via a local HTTP server bound to the loopback interface. By leveraging user interaction with a crafted web page, attackers may retrieve sensitive files such as configuration files, certificates, and logs, leading to information disclosure. | ||||
| CVE-2021-47961 | 1 Synology | 1 Ssl Vpn Client | 2026-04-13 | 8.1 High |
| A plaintext storage of a password vulnerability in Synology SSL VPN Client before 1.4.5-0684 allows remote attackers to access or influence the user's PIN code due to insecure storage. This may lead to unauthorized VPN configuration and potential interception of subsequent VPN traffic when combined with user interaction. | ||||
| CVE-2026-23780 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A SQL injection vulnerability in the MFT API's debug interface allows an authenticated attacker to inject malicious queries due to improper input validation and unsafe dynamic SQL handling. Successful exploitation can enable arbitrary file read/write operations and potentially lead to remote code execution. | ||||
| CVE-2026-28704 | 1 Japan Computer Emergency Response Team Coordination Center (jpcert/cc) | 1 Emocheck | 2026-04-13 | N/A |
| Emocheck insecurely loads Dynamic Link Libraries (DLLs). If a crafted DLL file is placed to the same directory, an arbitrary code may be executed with the privilege of the user invoking EmoCheck. | ||||
| CVE-2026-29043 | 1 Hdfgroup | 1 Hdf5 | 2026-04-13 | 5.5 Medium |
| HDF5 is software for managing data. In 1.14.1-2 and earlier, an attacker who can control an h5 file parsed by HDF5 can trigger a write-based heap buffer overflow condition in the H5T__ref_mem_setnull method. This can lead to a denial-of-service condition, and potentially further issues such as remote code execution depending on the practical exploitability of the heap overflow against modern operating systems. | ||||
| CVE-2026-30232 | 1 Chartbrew | 1 Chartbrew | 2026-04-13 | N/A |
| Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5. | ||||
| CVE-2026-31412 | 1 Linux | 1 Linux Kernel | 2026-04-13 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_mass_storage: Fix potential integer overflow in check_command_size_in_blocks() The `check_command_size_in_blocks()` function calculates the data size in bytes by left shifting `common->data_size_from_cmnd` by the block size (`common->curlun->blkbits`). However, it does not validate whether this shift operation will cause an integer overflow. Initially, the block size is set up in `fsg_lun_open()` , and the `common->data_size_from_cmnd` is set up in `do_scsi_command()`. During initialization, there is no integer overflow check for the interaction between two variables. So if a malicious USB host sends a SCSI READ or WRITE command requesting a large amount of data (`common->data_size_from_cmnd`), the left shift operation can wrap around. This results in a truncated data size, which can bypass boundary checks and potentially lead to memory corruption or out-of-bounds accesses. Fix this by using the check_shl_overflow() macro to safely perform the shift and catch any overflows. | ||||
| CVE-2026-35641 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 7.8 High |
| OpenClaw before 2026.3.24 contains an arbitrary code execution vulnerability in local plugin and hook installation that allows attackers to execute malicious code by crafting a .npmrc file with a git executable override. During npm install execution in the staged package directory, attackers can leverage git dependencies to trigger execution of arbitrary programs specified in the attacker-controlled .npmrc configuration file. | ||||
| CVE-2026-35643 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 8.8 High |
| OpenClaw before 2026.3.22 contains an unvalidated WebView JavascriptInterface vulnerability allowing attackers to inject arbitrary instructions. Untrusted pages can invoke the canvas bridge to execute malicious code within the Android application context. | ||||
| CVE-2026-35647 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.3 Medium |
| OpenClaw before 2026.3.25 contains an access control vulnerability where verification notices bypass DM policy checks and reply to unpaired peers. Attackers can send verification notices to users outside allowed direct message policies by exploiting insufficient access validation before message transmission. | ||||
| CVE-2026-35651 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 4.3 Medium |
| OpenClaw versions 2026.2.13 through 2026.3.24 contain an ANSI escape sequence injection vulnerability in approval prompts that allows attackers to spoof terminal output. Untrusted tool metadata can carry ANSI control sequences into approval prompts and permission logs, enabling attackers to manipulate displayed information through malicious tool titles. | ||||
| CVE-2026-35652 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 6.5 Medium |
| OpenClaw before 2026.3.22 contains an authorization bypass vulnerability in interactive callback dispatch that allows non-allowlisted senders to execute action handlers. Attackers can bypass sender authorization checks by dispatching callbacks before normal security validation completes, enabling unauthorized actions. | ||||
| CVE-2026-35653 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 8.1 High |
| OpenClaw before 2026.3.24 contains an incorrect authorization vulnerability in the POST /reset-profile endpoint that allows authenticated callers with operator.write access to browser.request to bypass profile mutation restrictions. Attackers can invoke POST /reset-profile through the browser.request surface to stop the running browser, close Playwright connections, and move profile directories to Trash, crossing intended privilege boundaries. | ||||
| CVE-2026-35659 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 4.6 Medium |
| OpenClaw before 2026.3.22 contains a service discovery vulnerability where TXT metadata from Bonjour and DNS-SD could influence CLI routing even when actual service resolution failed. Attackers can exploit unresolved hints to steer routing decisions to unintended targets by providing malicious discovery metadata. | ||||
| CVE-2026-35661 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.3 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Telegram callback query handling that allows attackers to mutate session state without satisfying normal DM pairing requirements. Remote attackers can exploit weaker callback-only authorization in direct messages to bypass DM pairing and modify session state. | ||||
| CVE-2026-35663 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 8.8 High |
| OpenClaw before 2026.3.25 contains a privilege escalation vulnerability allowing non-admin operators to self-request broader scopes during backend reconnect. Attackers can bypass pairing requirements to reconnect as operator.admin, gaining unauthorized administrative privileges. | ||||
| CVE-2026-35665 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.3 Medium |
| OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-32011 where the Feishu webhook handler accepts request bodies with permissive limits of 1MB and 30-second timeout before signature verification. An unauthenticated attacker can exhaust server connection resources by sending concurrent slow HTTP POST requests to the Feishu webhook endpoint, blocking legitimate webhook deliveries. | ||||
| CVE-2026-35670 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 5.9 Medium |
| OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect webhook-triggered replies to different users, bypassing the intended recipient binding recorded in webhook events. | ||||