Export limit exceeded: 15478 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21476 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (21476 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32927 | 1 Fujielectric | 1 V-sft | 2026-04-08 | 7.8 High |
| V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6MemInIF!set_temp_type_default. Opening a crafted V7 file may lead to information disclosure from the affected product. | ||||
| CVE-2026-32928 | 1 Fujielectric | 1 V-sft | 2026-04-08 | 7.8 High |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | ||||
| CVE-2026-32929 | 1 Fujielectric | 1 V-sft | 2026-04-08 | 7.8 High |
| V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read in VS6ComFile!get_macro_mem_COM. Opening a crafted V7 file may lead to information disclosure from the affected product. | ||||
| CVE-2026-34876 | 2 Arm, Mbed-tls | 2 Mbed Tls, Mbedtls | 2026-04-08 | 7.5 High |
| An issue was discovered in Mbed TLS 3.x before 3.6.6. An out-of-bounds read vulnerability in mbedtls_ccm_finish() in library/ccm.c allows attackers to obtain adjacent CCM context data via invocation of the multipart CCM API with an oversized tag_len parameter. This is caused by missing validation of the tag_len parameter against the size of the internal 16-byte authentication buffer. The issue affects the public multipart CCM API in Mbed TLS 3.x, where mbedtls_ccm_finish() can be invoked directly by applications. In Mbed TLS 4.x versions prior to the fix, the same missing validation exists in the internal implementation; however, the function is not exposed as part of the public API. Exploitation requires application-level invocation of the multipart CCM API. | ||||
| CVE-2026-5349 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-08 | 8.8 High |
| A vulnerability was identified in Trendnet TEW-657BRM 1.00.1. The affected element is the function add_apcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-5350 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-08 | 8.8 High |
| A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-31062 | 1 Utt | 2 520w, 520w Firmware | 2026-04-08 | 4.5 Medium |
| UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the filename parameter of the formFtpServerDirConfig function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-31065 | 1 Utt | 2 520w, 520w Firmware | 2026-04-08 | 4.5 Medium |
| UTT Aggressive 520W v3v1.7.7-180627 was discovered to contain a buffer overflow in the addCommand parameter of the formConfigCliForEngineerOnly function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-54328 | 1 Samsung | 41 Exynos, Exynos 1080, Exynos 1080 Firmware and 38 more | 2026-04-08 | 10 Critical |
| An issue was discovered in SMS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A Stack-based Buffer Overflow occurs while parsing SMS RP-DATA messages. | ||||
| CVE-2026-34588 | 2 Academysoftwarefoundation, Openexr | 2 Openexr, Openexr | 2026-04-08 | 7.8 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.1.0 to before 3.2.7, 3.3.9, and 3.4.9, internal_exr_undo_piz() advances the working wavelet pointer with signed 32-bit arithmetic. Because nx, ny, and wcount are int, a crafted EXR file can make this product overflow and wrap. The next channel then decodes from an incorrect address. The wavelet decode path operates in place, so this yields both out-of-bounds reads and out-of-bounds writes. This vulnerability is fixed in 3.2.7, 3.3.9, and 3.4.9. | ||||
| CVE-2026-35039 | 1 Nearform | 1 Fast-jwt | 2026-04-08 | 9.1 Critical |
| fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.2.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token. Version 6.2.0 contains a patch. | ||||
| CVE-2026-33817 | 1 Etcd-io | 1 Bbolt | 2026-04-08 | 6.2 Medium |
| CVE confirmed to be a false positive | ||||
| CVE-2023-5527 | 2 Businessdirectoryplugin, Strategy11team | 2 Business Directory, Business Directory Plugin | 2026-04-08 | 7.4 High |
| The Business Directory Plugin plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 6.4.3 via the class-csv-exporter.php file. This allows authenticated attackers, with author-level permissions and above, to embed untrusted input into CSV files exported by administrators, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2023-0721 | 1 Wpmet | 1 Metform Elementor Contact Form Builder | 2026-04-08 | 8.3 High |
| The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to CSV injection in versions up to, and including, 3.3.0. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2022-4171 | 1 Superwhite | 1 Demon Image Annotation | 2026-04-08 | 6.5 Medium |
| The demon image annotation plugin for WordPress is vulnerable to improper input validation in versions up to, and including 5.0. This is due to the plugin improperly validating the number of characters supplied during an annotation despite there being a setting to limit the number characters input. This means that unauthenticated attackers can bypass the length restrictions and input more characters than allowed via the settings. | ||||
| CVE-2022-4034 | 1 Dwbooster | 1 Appointment Hour Booking | 2026-04-08 | 5.8 Medium |
| The Appointment Hour Booking Plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.3.72. This makes it possible for unauthenticated attackers to embed untrusted input into content during booking creation that may be exported as a CSV file when a site's administrator exports booking details. This can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2024-3214 | 1 Relevanssi | 1 Relevanssi | 2026-04-08 | 5.8 Medium |
| The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2023-5424 | 1 Westguardsolutions | 1 Ws Form | 2026-04-08 | 4.7 Medium |
| The WS Form LITE plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.9.217. This allows unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2022-3026 | 1 Wp-users-exporter Project | 1 Wp-users-exporter | 2026-04-08 | 6.5 Medium |
| The WP Users Exporter plugin for WordPress is vulnerable to CSV Injection in versions up to, and including, 1.4.2 via the 'Export Users' functionality. This makes it possible for authenticated attackers, such as a subscriber, to add untrusted input into profile information like First Names that will embed into the exported CSV file triggered by an administrator and can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. | ||||
| CVE-2024-10324 | 1 Rometheme | 1 Romethemekit For Elementor | 2026-04-08 | 4.3 Medium |
| The RomethemeKit For Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.5.2 via the register_controls function in widgets/offcanvas-rometheme.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | ||||