Export limit exceeded: 21464 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345456 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40066 | 1 Anviz | 2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware | 2026-04-20 | 8.8 High |
| Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | ||||
| CVE-2026-40948 | 1 Apache | 1 Airflow | 2026-04-20 | 5.4 Medium |
| The Keycloak authentication manager in `apache-airflow-providers-keycloak` did not generate or validate the OAuth 2.0 `state` parameter on the login / login-callback flow, and did not use PKCE. An attacker with a Keycloak account in the same realm could deliver a crafted callback URL to a victim's browser and cause the victim to be logged into the attacker's Airflow session (login-CSRF / session fixation), where any credentials the victim subsequently stored in Airflow Connections would be harvestable by the attacker. Users are advised to upgrade `apache-airflow-providers-keycloak` to 0.7.0 or later. | ||||
| CVE-2026-5964 | 1 Digiwin | 1 Easyflow .net | 2026-04-20 | 9.8 Critical |
| EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-5966 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-04-20 | 8.1 High |
| ThreatSonar Anti-Ransomware developed by TeamT5 has an Arbitrary File Deletion vulnerability. Authenticated remote attackers with web access can exploit Path Traversal to delete arbitrary files on the system. | ||||
| CVE-2026-6437 | 1 Amazon | 1 Aws Efs Csi Driver | 2026-04-20 | 6.5 Medium |
| Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1 | ||||
| CVE-2026-6643 | 1 Asustor | 1 Adm | 2026-04-20 | N/A |
| A stack-based buffer overflow vulnerability was found in the VPN Clients on the ADM. The issue stems from the use of unbounded sscanf() and passing user-controlled data directly to printf(). Due to the lack of PIE and Stack Canary protections, an authenticated remote attacker can exploit these to execute arbitrary code as the web server user. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1. | ||||
| CVE-2026-32959 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.9 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack. | ||||
| CVE-2026-32964 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 6.5 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain an improper neutralization of CRLF sequences ('CRLF Injection') vulnerability. Processing some crafted configuration data may lead to arbitrary entries injected to the system configuration. | ||||
| CVE-2026-6654 | 1 Mozilla | 1 Thin-vec | 2026-04-20 | 5.1 Medium |
| Double-Free / Use-After-Free (UAF) in the `IntoIter::drop` and `ThinVec::clear` functions in the thin_vec crate. A panic in `ptr::drop_in_place` skips setting the length to zero. | ||||
| CVE-2026-32955 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 8.8 High |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | ||||
| CVE-2026-32958 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 6.5 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update. | ||||
| CVE-2026-3517 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command | ||||
| CVE-2026-4048 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. | ||||
| CVE-2026-5760 | 1 Sglang | 1 Sglang | 2026-04-20 | 9.8 Critical |
| SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). | ||||
| CVE-2026-5963 | 1 Digiwin | 1 Easyflow .net | 2026-04-20 | 9.8 Critical |
| EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-5967 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-04-20 | 8.8 High |
| ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges. | ||||
| CVE-2026-29013 | 1 Libcoap | 1 Libcoap | 2026-04-20 | N/A |
| libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation. | ||||
| CVE-2026-32963 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | N/A |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser. | ||||
| CVE-2026-3518 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command | ||||
| CVE-2026-3519 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | ||||