Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-36233 | 1 Itsourcecode | 1 Online Student Enrollment System | 2026-04-15 | 9.8 Critical |
| A SQL injection vulnerability was found in the assignInstructorSubjects.php file of itsourcecode Online Student Enrollment System v1.0. The reason for this issue is that attackers can inject malicious code via the parameter "subjcode" and use it directly in SQL queries without the need for appropriate cleaning or validation. | ||||
| CVE-2026-36236 | 2 Janobe, Sourcecodester | 2 Engineers Online Portal, Engineers Online Portal | 2026-04-15 | 9.8 Critical |
| SourceCodester Engineers Online Portal v1.0 is vulnerable to SQL Injection in update_password.php via the new_password parameter. | ||||
| CVE-2026-23781 | 1 Bmc | 1 Control-m | 2026-04-15 | 9.8 Critical |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface. | ||||
| CVE-2026-6067 | 1 Nasm | 1 Nasm | 2026-04-15 | 7.5 High |
| A heap buffer overflow vulnerability exists in the Netwide Assembler (NASM) due to a lack of bounds checking in the obj_directive() function. This vulnerability can be exploited by a user assembling a malicious .asm file, potentially leading to heap memory corruption, denial of service (crash), and arbitrary code execution. | ||||
| CVE-2026-6069 | 1 Nasm | 1 Nasm | 2026-04-15 | 7.5 High |
| NASM’s disasm() function contains a stack based buffer overflow when formatting disassembly output, allowing an attacker triggered out-of-bounds write when `slen` exceeds the buffer capacity. | ||||
| CVE-2026-40227 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-04-15 | 6.2 Medium |
| In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. | ||||
| CVE-2026-22560 | 1 Rocket.chat | 1 Rocket.chat | 2026-04-15 | 5.3 Medium |
| An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | ||||
| CVE-2026-40163 | 1 Saltcorn | 1 Saltcorn | 2026-04-15 | 8.2 High |
| Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhere on the server filesystem. The GET /sync/upload_finished endpoint allows an unauthenticated attacker to list arbitrary directory contents and read specific JSON files. This vulnerability is fixed in 1.4.5, 1.5.5, and 1.6.0-beta.4. | ||||
| CVE-2026-3446 | 1 Python | 1 Cpython | 2026-04-15 | 5.3 Medium |
| When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "validate=True" to enable stricter processing of base64 data. | ||||
| CVE-2026-27460 | 2 Tandoor, Tandoorrecipes | 2 Recipes, Recipes | 2026-04-15 | 6.5 Medium |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly degrade its performance by uploading a large size ZIP file (ZIP Bomb). This vulnerability is fixed in 2.6.5. | ||||
| CVE-2026-30232 | 2 Chartbrew, Depomo | 2 Chartbrew, Chartbrew | 2026-04-15 | 9.6 Critical |
| Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP address validation, enabling Server-Side Request Forgery attacks against internal networks and cloud metadata endpoints. This vulnerability is fixed in 4.8.5. | ||||
| CVE-2026-32252 | 2 Chartbrew, Depomo | 2 Chartbrew, Chartbrew | 2026-04-15 | 7.7 High |
| Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project_id. The GET handler calls checkAccess(req, "updateAny", "chart") without awaiting the returned promise, and it does not verify that the supplied project_id belongs to req.params.team_id or to the caller's team. As a result, an authenticated attacker with valid template-generation permissions in their own team can request the template model for a project belonging to another team and receive victim project data. This vulnerability is fixed in 4.9.0. | ||||
| CVE-2026-40168 | 2 Gitroom, Gitroomhq | 2 Postiz, Postiz-app | 2026-04-15 | 8.2 High |
| Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a result, an attacker can supply a public HTTPS URL that passes validation and then redirects the server-side request to an internal resource. | ||||
| CVE-2025-52641 | 1 Hcltech | 1 Aion | 2026-04-15 | 2.9 Low |
| HCL AION is affected by a vulnerability where certain system behaviours may allow exploration of internal filesystem structures. Exposure of such information may provide insights into the underlying environment, which could potentially aid in further targeted actions or limited information disclosure. | ||||
| CVE-2026-39922 | 2 Geonode, Geosolutionsgroup | 2 Geonode, Geonode | 2026-04-15 | 6.3 Medium |
| GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during form validation. Attackers can probe internal network targets including loopback addresses, RFC1918 private IP ranges, link-local addresses, and cloud metadata services by exploiting insufficient URL validation in the WMS service handler without private IP filtering or allowlist enforcement. | ||||
| CVE-2026-5588 | 1 Bouncycastle | 1 Bc-java | 2026-04-15 | N/A |
| : Use of a Broken or Risky Cryptographic Algorithm vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA bcpkix on all (pkix modules). PKIX draft CompositeVerifier accepts empty signature sequence as valid. This issue affects BC-JAVA: from 1.49 before 1.84. | ||||
| CVE-2026-39863 | 1 Kamailio | 1 Kamailio | 2026-04-15 | 7.5 High |
| Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data packet sent over TCP. The issue impacts Kamailio instances having TCP or TLS listeners. This vulnerability is fixed in 5.1.1, 6.0.6, and 5.8.8. | ||||
| CVE-2026-39395 | 1 Sigstore | 1 Cosign | 2026-04-15 | 4.3 Medium |
| Cosign provides code signing and transparency for containers and binaries. Prior to 3.0.6 and 2.6.3, cosign verify-blob-attestation may erroneously report a "Verified OK" result for attestations with malformed payloads or mismatched predicate types. For old-format bundles and detached signatures, this was due to a logic flaw in the error handling of the predicate type validation. For new-format bundles, the predicate type validation was bypassed completely. This vulnerability is fixed in 3.0.6 and 2.6.3. | ||||
| CVE-2026-39381 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-04-15 | 4.3 Medium |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.7 and 8.6.75, the GET /sessions/me endpoint returns _Session fields that the server operator explicitly configured as protected via the protectedFields server option. Any authenticated user can retrieve their own session's protected fields with a single request. The equivalent GET /sessions and GET /sessions/:objectId endpoints correctly strip protected fields. This vulnerability is fixed in 9.8.0-alpha.7 and 8.6.75. | ||||
| CVE-2026-1541 | 2 Themefusion, Wordpress | 2 Fusion Builder, Wordpress | 2026-04-15 | 4.3 Medium |
| The Avada (Fusion) Builder plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.15.1. This is due to the plugin's `fusion_get_post_custom_field()` function failing to validate whether metadata keys are protected (underscore-prefixed). This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract protected post metadata fields that should not be publicly accessible via the Dynamic Data feature's `post_custom_field` parameter. | ||||