Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33078 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 9.8 Critical |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Versions prior to 8.2.6.4 have a SQL injection vulnerability in the haproxy_section_save function in app/routes/config/routes.py. The server_ip parameter, sourced from the URL path, is passed unsanitized through multiple function calls and ultimately interpolated into a SQL query string using Python string formatting, allowing attackers to execute arbitrary SQL commands. Version 8.2.6.4 fixes the issue. | ||||
| CVE-2026-33733 | 1 Espocrm | 1 Espocrm | 2026-04-27 | 7.2 High |
| EspoCRM is an open source customer relationship management application. Prior to version 9.3.4, the admin template management endpoints accept attacker-controlled `name` and `scope` values and pass them into template path construction without normalization or traversal filtering. As a result, an authenticated admin can use `../` sequences to escape the intended template directory and read, create, overwrite, or delete arbitrary files that resolve to `body.tpl` or `subject.tpl` under the web application user's filesystem permissions. Version 9.3.4 fixes the issue. | ||||
| CVE-2026-23752 | 1 Gfi | 1 Helpdesk | 2026-04-27 | 4.8 Medium |
| GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can inject malicious scripts through the companyname field that execute in the browsers of any administrator viewing the Templates > Groups page. | ||||
| CVE-2026-23753 | 1 Gfi | 1 Helpdesk | 2026-04-27 | 4.8 Medium |
| GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the language management functionality where the charset POST parameter is passed directly to SWIFT_Language::Create() without HTML sanitization and subsequently rendered unsanitized by View_Language.RenderGrid(). An authenticated administrator can inject arbitrary JavaScript through the charset field when creating or editing a language, and the payload executes in the browser of any administrator viewing the Languages page. | ||||
| CVE-2026-40890 | 1 Gomarkdown | 1 Markdown | 2026-04-27 | 7.5 High |
| The package `github.com/gomarkdown/markdown` is a Go library for parsing Markdown text and rendering as HTML. Processing a malformed input containing a < character that is not followed by a > character anywhere in the remaining text with a SmartypantsRenderer will lead to Out of Bounds read or a panic. This vulnerability is fixed with commit 759bbc3e32073c3bc4e25969c132fc520eda2778. | ||||
| CVE-2026-33077 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 7.5 High |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the oldconfig parameter in the haproxy_section_save interface has an arbitrary file read vulnerability. Version 8.2.6.4 fixes the issue. | ||||
| CVE-2026-5807 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-04-27 | 7.5 High |
| Vault is vulnerable to a denial-of-service condition where an unauthenticated attacker can repeatedly initiate or cancel root token generation or rekey operations, occupying the single in-progress operation slot. This prevents legitimate operators from completing these workflows. This vulnerability, CVE-2026-5807, is fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0. | ||||
| CVE-2026-5052 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-04-27 | 5.3 Medium |
| Vault’s PKI engine’s ACME validation did not reject local targets when issuing http-01 and tls-alpn-01 challenges. This may lead to these requests being sent to local network targets, potentially leading to information disclosure. Fixed in Vault Community Edition 2.0.0 and Vault Enterprise 2.0.0, 1.21.5, 1.20.10, and 1.19.16. | ||||
| CVE-2026-33076 | 1 Roxy-wi | 1 Roxy-wi | 2026-04-27 | 9.8 Critical |
| Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. Prior to version 8.2.6.4, the haproxy_section_save interface presents a vulnerability that could lead to remote code execution due to path traversal and writing into scheduled tasks. Version 8.2.6.4 fixes the issue. | ||||
| CVE-2026-4525 | 1 Hashicorp | 2 Vault, Vault Enterprise | 2026-04-27 | 7.5 High |
| If a Vault auth mount is configured to pass through the "Authorization" header, and the "Authorization" header is used to authenticate to Vault, Vault forwarded the Vault token to the auth plugin backend. Fixed in 2.0.0, 1.21.5, 1.20.10, and 1.19.16. | ||||
| CVE-2026-23756 | 1 Gfi | 1 Helpdesk | 2026-04-27 | 5.4 Medium |
| GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the Troubleshooter module where the subject POST parameter is not sanitized in Controller_Step.InsertSubmit() and EditSubmit() before being rendered by View_Step.RenderViewSteps(). An authenticated staff member can inject arbitrary JavaScript into the step subject field, and the payload executes when any user navigates to Troubleshooter > View Troubleshooter and clicks the affected step link. | ||||
| CVE-2026-33318 | 1 Actualbudget | 1 Actual | 2026-04-27 | 8.8 High |
| Actual is a local-first personal finance tool. Prior to version 26.4.0, any authenticated user (including `BASIC` role) can escalate to `ADMIN` on servers migrated from password authentication to OpenID Connect. Three weaknesses combine: `POST /account/change-password` has no authorization check, allowing any session to overwrite the password hash; the inactive password `auth` row is never removed on migration; and the login endpoint accepts a client-supplied `loginMethod` that bypasses the server's active auth configuration. Together these allow an attacker to set a known password and authenticate as the anonymous admin account created during the multiuser migration. The three weaknesses form a single, sequential exploit chain — none produces privilege escalation on its own. Missing authorization on POST /change-password allows overwriting a password hash, but only matters if there is an orphaned row to target. Orphaned password row persisting after migration provides the target row, but is harmless without the ability to authenticate using it. Client-controlled loginMethod: "password" allows forcing password-based auth, but is useless without a known hash established by step 1. All three must be chained in sequence to achieve the impact. No single weakness independently results in privilege escalation. The single root cause is the missing authorization check on /change-password; the other two are preconditions that make it exploitable. Version 26.4.0 contains a fix. | ||||
| CVE-2026-23757 | 1 Gfi | 1 Helpdesk | 2026-04-27 | 5.4 Medium |
| GFI HelpDesk before 4.99.10 contains a stored cross-site scripting vulnerability in the Reports module where the title parameter is passed directly to SWIFT_Report::Create() without HTML sanitization. Attackers can inject arbitrary JavaScript into the report title field when creating or editing a report, and the payload executes when staff members view and click the affected report link in the Manage Reports interface. | ||||
| CVE-2026-41153 | 1 Jetbrains | 1 Junie | 2026-04-27 | 5.8 Medium |
| In JetBrains Junie before 252.549.29 command execution was possible via malicious project file | ||||
| CVE-2026-31178 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMaxAlive parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31179 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunPort parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31181 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunServerAddr parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-23758 | 1 Gfi | 1 Helpdesk | 2026-04-27 | 5.4 Medium |
| GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the ticket subject field that allows authenticated staff members to inject malicious JavaScript by manipulating the editsubject POST parameter. Attackers can inject XSS payloads through inadequate sanitization in Controller_Ticket.EditSubmit() that bypass the incomplete SanitizeForXSS() method to execute arbitrary JavaScript when other staff members or administrators view the affected ticket. | ||||
| CVE-2026-31162 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the ttlWay parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31163 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-27 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the dhcpMtu parameter to /cgi-bin/cstecgi.cgi. | ||||