Export limit exceeded: 346736 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33750 | 1 Juliangruber | 1 Brace-expansion | 2026-04-22 | 6.5 Medium |
| The brace-expansion library generates arbitrary strings containing a common prefix and suffix. Prior to versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13, a brace pattern with a zero step value (e.g., `{1..2..0}`) causes the sequence generation loop to run indefinitely, making the process hang for seconds and allocate heaps of memory. Versions 5.0.5, 3.0.2, 2.0.3, and 1.1.13 fix the issue. As a workaround, sanitize strings passed to `expand()` to ensure a step value of `0` is not used. | ||||
| CVE-2025-66335 | 1 Apache | 1 Doris Mcp Server | 2026-04-22 | 5.3 Medium |
| Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected. | ||||
| CVE-2026-5358 | 1 The Gnu C Library | 1 Glibc | 2026-04-22 | 8.2 High |
| REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API can only be called with a trusted server from the pre-populated cache. The use of a trusted server means no trust boundary is crossed and this is therefore considered a normal bug. | ||||
| CVE-2026-39808 | 1 Fortinet | 3 Fortisandbox, Fortisandbox Paas, Fortisandboxpaas | 2026-04-22 | 9.1 Critical |
| A improper neutralization of special elements used in an os command ('os command injection') vulnerability in Fortinet FortiSandbox 4.4.0 through 4.4.8 may allow attacker to execute unauthorized code or commands via <insert attack vector here> | ||||
| CVE-2010-5326 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-22 | 10 Critical |
| The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote attackers to execute arbitrary code via an HTTP or HTTPS request, as exploited in the wild in 2013 through 2016, aka a "Detour" attack. | ||||
| CVE-2014-125120 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10056 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10045 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2013-10041 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2011-10031 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20124 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20118 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20117 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20116 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2010-20110 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2009-20012 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20003 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2008-20002 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2005-20001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||
| CVE-2000-5001 | 2026-04-22 | N/A | ||
| This CVE has the been REJECTED and will not be published by the CNA. | ||||