Export limit exceeded: 347031 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347031 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33258 | 1 Powerdns | 1 Recursor | 2026-04-28 | 5.3 Medium |
| By publishing and querying a crafted zone an attacker can cause allocation of large entries in the negative and aggressive NSEC(3) caches. | ||||
| CVE-2026-40048 | 1 Apache | 1 Camel | 2026-04-28 | 7.8 High |
| The Camel-PQC FileBasedKeyLifecycleManager class deserializes the contents of `<keyId>.key` files in the configured key directory using java.io.ObjectInputStream without applying any ObjectInputFilter or class-loading restrictions. The cast to `java.security.KeyPair` is evaluated only after `readObject()` has already returned, so any `readObject()` side effects in the deserialized object run before the type check. An attacker who can write to the key directory used by a Camel application — for example through a path traversal into the directory, misconfigured filesystem permissions on the volume where keys are stored, a compromised key provisioning pipeline, or a symlink attack — can place a crafted serialized Java object that, when deserialized during normal key lifecycle operations, results in arbitrary code execution in the context of the application. This issue affects Apache Camel: from 4.19.0 before 4.20.0, from 4.18.0 before 4.18.2. Users are recommended to upgrade to version 4.20.0, which fixes the issue by replacing java.io.ObjectInputStream-based key and metadata storage with standard PKCS#8 (private key) / X.509 SubjectPublicKeyInfo (public key) Base64 JSON encoding. For users on the 4.18.x LTS releases stream, upgrade to 4.18.2. | ||||
| CVE-2026-42379 | 2 Wordpress, Wpdevteam | 2 Wordpress, Templately | 2026-04-28 | 7.7 High |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data.This issue affects Templately: from n/a through 3.6.1. | ||||
| CVE-2026-5941 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 7.8 High |
| Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction. | ||||
| CVE-2026-5943 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 7.8 High |
| Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing an invalid pointer during page information queries. | ||||
| CVE-2026-5942 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 5.5 Medium |
| Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program. | ||||
| CVE-2026-5940 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 7.8 High |
| Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | ||||
| CVE-2026-5938 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 5.5 Medium |
| Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | ||||
| CVE-2026-5937 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-28 | 5.5 Medium |
| Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | ||||
| CVE-2025-54505 | 1 Amd | 2 Epyc 7001 Series Processors, Epyc Embedded 3000 Series Processors | 2026-04-28 | N/A |
| A transient execution vulnerability within AMD CPUs may allow a local user-privileged attacker to leak data via the floating point divisor unit, potentially resulting in loss of confidentiality. | ||||
| CVE-2026-7233 | 1 Artifex | 1 Mupdf | 2026-04-28 | 3.3 Low |
| A vulnerability was determined in Artifex MuPDF up to 1.28.0. The impacted element is the function fz_subset_cff_for_gids of the file subset-cff.c of the component CFF Index Handler. This manipulation causes out-of-bounds read. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through a bug report but has not responded yet. | ||||
| CVE-2026-7240 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-28 | 9.8 Critical |
| A vulnerability has been found in Totolink A8000RU 7.1cu.643_b20200521. This vulnerability affects the function setVpnAccountCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Such manipulation of the argument User leads to os command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-5201 | 2 Gnome, Redhat | 5 Gdk-pixbuf, Enterprise Linux, Enterprise Linux Eus and 2 more | 2026-04-28 | 7.5 High |
| A flaw was found in the gdk-pixbuf library. This heap-based buffer overflow vulnerability occurs in the JPEG image loader due to improper validation of color component counts when processing a specially crafted JPEG image. A remote attacker can exploit this flaw without user interaction, for example, via thumbnail generation. Successful exploitation leads to application crashes and denial of service (DoS) conditions. | ||||
| CVE-2026-31166 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the hour parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31167 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the mode parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31169 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the week parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31173 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the interval parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2026-31177 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 9.8 Critical |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the stunMinAlive parameter to /cgi-bin/cstecgi.cgi. | ||||
| CVE-2025-50229 | 1 Jizhicms | 1 Jizhicms | 2026-04-28 | 9.8 Critical |
| Jizhicms v2.5.4 is vulnerable to SQL injection in the product editing module. | ||||
| CVE-2026-31159 | 1 Totolink | 2 A3300r, A3300r Firmware | 2026-04-28 | 6.5 Medium |
| An issue was discovered in ToToLink A3300R firmware v17.0.0cu.557_B20221024 allowing attackers to execute arbitrary commands via the password parameter to /cgi-bin/cstecgi.cgi. | ||||