Export limit exceeded: 347095 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347095 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-41466 | 1 Projeqtor | 1 Projeqtor | 2026-04-28 | 5.4 Medium |
| ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the checkValidHtmlText() function within Security.php that fails to properly sanitize user input by only detecting specific patterns while returning unsanitized strings without output encoding. Attackers can inject malicious payloads that bypass the filter using alternative syntax such as img tags with event handlers, which are stored and executed in the browsers of users viewing the affected content. | ||||
| CVE-2026-6970 | 1 Canonical | 1 Authd | 2026-04-28 | N/A |
| authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was manually changed via the `authctl group set-gid` command, and the user's identity provider record is updated, authd incorrectly resets the user's primary group ID to their UID upon next login. This causes newly created files and directories to be owned by the wrong group, causing denial of service issues, and potentially granting unintended access to other local users and allowing local privilege escalation. | ||||
| CVE-2026-7151 | 1 Tenda | 1 Hg3 | 2026-04-28 | 8.8 High |
| A vulnerability was determined in Tenda HG3 2.0. Impacted is the function formUploadConfig of the file /boaform/formIPv6Routing. This manipulation of the argument destNet causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-28736 | 1 Mattermost | 1 Focalboard | 2026-04-28 | 4.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to validate file ownership when serving uploaded files. This allows an authenticated attacker who knows a victim's fileID to read the content of the file. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued. | ||||
| CVE-2026-25773 | 1 Mattermost | 1 Focalboard | 2026-04-28 | 8.1 High |
| ** UNSUPPORTED WHEN ASSIGNED ** Focalboard version 8.0 fails to sanitize category IDs before incorporating them into dynamic SQL statements when reordering categories. An attacker can inject a malicious SQL payload into the category id field, which is stored in the database and later executed unsanitized when the category reorder API processes the stored value. This Second-Order SQL Injection (Time-Based Blind) allows an authenticated attacker to exfiltrate sensitive data including password hashes of other users. NOTE: Focalboard as a standalone product is not maintained and no fix will be issued. | ||||
| CVE-2025-43340 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-24197 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43287 | 1 Apple | 1 Macos | 2026-04-28 | 7.1 High |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Tahoe 26. Processing a maliciously crafted image may corrupt process memory. | ||||
| CVE-2025-43321 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 5.5 Medium |
| The issue was resolved by blocking unsigned services from launching on Intel Macs. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-43208 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to read sensitive location information. | ||||
| CVE-2025-43316 | 1 Apple | 2 Macos, Visionos | 2026-04-28 | 7.8 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-43357 | 1 Apple | 4 Ios, Ipados, Iphone Os and 1 more | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26. An app may be able to fingerprint the user. | ||||
| CVE-2025-43285 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access protected user data. | ||||
| CVE-2025-43293 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43315 | 1 Apple | 4 Macos, Macos Sequoia, Macos Sonoma and 1 more | 2026-04-28 | 5.5 Medium |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43207 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in macOS Tahoe 26. An app may be able to access user-sensitive data. | ||||
| CVE-2025-43354 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-28 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43303 | 1 Apple | 7 Ios, Ipados, Iphone Os and 4 more | 2026-04-28 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in iOS 26 and iPadOS 26, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. An app may be able to access sensitive user data. | ||||
| CVE-2025-43231 | 1 Apple | 2 Macos, Macos Sonoma | 2026-04-28 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.8. An app may be able to access user-sensitive data. | ||||
| CVE-2025-31270 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26. An app may be able to access protected user data. | ||||