Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26892 | 2 Oretnom23, Sourcecodester | 2 Simple Logistic Hub Parcel\'s Management System, Logistic Hub Parcels Management System | 2026-04-16 | 2.7 Low |
| Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php. | ||||
| CVE-2026-27622 | 2 Academysoftwarefoundation, Openexr | 2 Openexr, Openexr | 2026-04-16 | 7.8 High |
| OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In CompositeDeepScanLine::readPixels, per-pixel totals are accumulated in vector<unsigned int> total_sizes for attacker-controlled large counts across many parts, total_sizes[ptr] wraps modulo 2^32. overall_sample_count is then derived from wrapped totals and used in samples[channel].resize(overall_sample_count). Decode pointer setup/consumption proceeds with true sample counts, and write operations in core unpack (generic_unpack_deep_pointers) overrun the undersized composite sample buffer. This vulnerability is fixed in v3.2.6, v3.3.8, and v3.4.6. | ||||
| CVE-2026-23601 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-04-16 | 5.4 Medium |
| A vulnerability has been identified in the wireless encryption handling of Wi-Fi transmissions. A malicious actor can generate shared-key authenticated transmissions containing targeted payloads while impersonating the identity of a primary BSSID.Successful exploitation allows for the delivery of tampered data to specific endpoints, bypassing standard cryptographic separation. | ||||
| CVE-2026-23808 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-04-16 | 5.4 Medium |
| A vulnerability has been identified in a standardized wireless roaming protocol that could enable a malicious actor to install an attacker-controlled Group Temporal Key (GTK) on a client device. Successful exploitation of this vulnerability could allow a remote malicious actor to perform unauthorized frame injection, bypass client isolation, interfere with cross-client traffic, and compromise network segmentation, integrity, and confidentiality. | ||||
| CVE-2026-23809 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-04-16 | 5.4 Medium |
| A technique has been identified that adapts a known port-stealing method to Wi-Fi environments that use multiple BSSIDs. By leveraging the relationship between BSSIDs and their associated virtual ports, an attacker could potentially bypass inter-BSSID isolation controls. Successful exploitation may enable an attacker to redirect and intercept the victim's network traffic, potentially resulting in eavesdropping, session hijacking, or denial of service. | ||||
| CVE-2026-23811 | 2 Arubanetworks, Hpe | 19 7010, 7030, 7205 and 16 more | 2026-04-16 | 4.3 Medium |
| A vulnerability in the client isolation mechanism may allow an attacker to bypass Layer 2 (L2) communication restrictions between clients and redirect traffic at Layer 3 (L3). In addition to bypassing policy enforcement, successful exploitation - when combined with a port-stealing attack - may enable a bi-directional Machine-in-the-Middle (MitM) attack. | ||||
| CVE-2026-20131 | 1 Cisco | 1 Secure Firewall Management Center | 2026-04-16 | 10 Critical |
| A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. This vulnerability is due to insecure deserialization of a user-supplied Java byte stream. An attacker could exploit this vulnerability by sending a crafted serialized Java object to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code on the device and elevate privileges to root. Note: If the FMC management interface does not have public internet access, the attack surface that is associated with this vulnerability is reduced. | ||||
| CVE-2026-3537 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-04-16 | 8.8 High |
| Object lifecycle issue in PowerVR in Google Chrome on Android prior to 145.0.7632.159 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-3381 | 1 Pmqs | 2 Compress::raw::zlib, Compress\ | 2026-04-16 | 9.8 Critical |
| Compress::Raw::Zlib versions through 2.219 for Perl use potentially insecure versions of zlib. Compress::Raw::Zlib includes a copy of the zlib library. Compress::Raw::Zlib version 2.220 includes zlib 1.3.2, which addresses findings fron the 7ASecurity audit of zlib. The includes fixs for CVE-2026-27171. | ||||
| CVE-2026-34850 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 1.9 Low |
| Race condition vulnerability in the notification service. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34851 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 2.2 Low |
| Race condition vulnerability in the event notification module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34852 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 6.1 Medium |
| Stack overflow vulnerability in the media platform. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34853 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-16 | 7.7 High |
| Permission bypass vulnerability in the LBS module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34856 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 7.3 High |
| UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34860 | 1 Huawei | 1 Harmonyos | 2026-04-16 | 4.1 Medium |
| Access control vulnerability in the memo module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-27749 | 2 Avira, Gen Digital | 3 Avira Internet Security Suite, Internet Security, Avira Internet Security | 2026-04-16 | 7.8 High |
| Avira Internet Security contains a deserialization of untrusted data vulnerability in the System Speedup component. The Avira.SystemSpeedup.RealTimeOptimizer.exe process, which runs with SYSTEM privileges, deserializes data from a file located in C:\\ProgramData using .NET BinaryFormatter without implementing input validation or deserialization safeguards. Because the file can be created or modified by a local user in default configurations, an attacker can supply a crafted serialized payload that is deserialized by the privileged process, resulting in arbitrary code execution as SYSTEM. | ||||
| CVE-2026-30794 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-04-16 | 8.1 High |
| Improper Certificate Validation vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (HTTP API client, TLS transport modules) allows Adversary in the Middle (AiTM). This vulnerability is associated with program files src/hbbs_http/http_client.Rs and program routines TLS retry with danger_accept_invalid_certs(true). This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30798 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-04-16 | 7.5 High |
| Insufficient Verification of Data Authenticity, Improper Handling of Exceptional Conditions vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Heartbeat sync loop, strategy processing modules) allows Protocol Manipulation. This vulnerability is associated with program files src/hbbs_http/sync.Rs and program routines stop-service handler in heartbeat loop. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-30789 | 6 Apple, Google, Linux and 3 more | 7 Iphone Os, Macos, Android and 4 more | 2026-04-16 | 9.8 Critical |
| Authentication Bypass by Capture-replay, Use of Password Hash With Insufficient Computational Effort vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android (Client login, peer authentication modules) allows Reusing Session IDs (aka Session Replay). This vulnerability is associated with program files src/client.Rs and program routines hash_password(), login proof construction. This issue affects RustDesk Client: through 1.4.5. | ||||
| CVE-2026-28393 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 7.7 High |
| OpenClaw versions 2.0.0-beta3 prior to 2026.2.14 contain a path traversal vulnerability in hook transform module loading that allows arbitrary JavaScript execution. The hooks.mappings[].transform.module parameter accepts absolute paths and traversal sequences, enabling attackers with configuration write access to load and execute malicious modules with gateway process privileges. | ||||