Export limit exceeded: 75438 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (75438 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-21916 | 1 Juniper Networks | 1 Junos Os | 2026-04-10 | 7.3 High |
| A UNIX Symbolic Link (Symlink) Following vulnerability in the CLI of Juniper Networks Junos OS allows a local, authenticated attacker with low privileges to escalate their privileges to root which will lead to a complete compromise of the system. When after a user has performed a specific 'file link ...' CLI operation, another user commits (unrelated configuration changes), the first user can login as root. This issue affects Junos OS: * all versions before 23.2R2-S7, * 23.4 versions before 23.4R2-S6, * 24.2 versions before 24.2R2-S3, * 24.4 versions before 24.4R2-S2, * 25.2 versions before 25.2R2. This issue does not affect versions 25.4R1 or later. | ||||
| CVE-2026-33797 | 1 Juniper Networks | 2 Junos Os, Junos Os Evolved | 2026-04-10 | 7.4 High |
| An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already established BGP session to reset only that session causing a Denial of Service (DoS). An attacker repeatedly sending the packet will sustain the Denial of Service (DoS).This issue affects Junos OS: * 25.2 versions before 25.2R2 This issue doesn't not affected Junos OS versions before 25.2R1. This issue affects Junos OS Evolved: * 25.2-EVO versions before 25.2R2-EVO This issue doesn't not affected Junos OS Evolved versions before 25.2R1-EVO. eBGP and iBGP are affected. IPv4 and IPv6 are affected. | ||||
| CVE-2025-13914 | 1 Juniper Networks | 1 Apstra | 2026-04-10 | 8.7 High |
| A Key Exchange without Entity Authentication vulnerability in the SSH implementation of Juniper Networks Apstra allows a unauthenticated, MITM attacker to impersonate managed devices. Due to insufficient SSH host key validation an attacker can perform a machine-in-the-middle attack on the SSH connections from Apstra to managed devices, enabling an attacker to impersonate a managed device and capture user credentials. This issue affects all versions of Apstra before 6.1.1. | ||||
| CVE-2026-33771 | 1 Juniper Networks | 1 Ctp Os | 2026-04-10 | 7.4 High |
| A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the administrator to set password complexity requirements, but these settings are not saved. The issue can be verified with the menu option "Show password requirements". Failure to enforce the intended requirements can lead to weak passwords being used, which significantly increases the likelihood that an attacker can guess these and subsequently attain unauthorized access. This issue affects CTP OS versions 9.2R1 and 9.2R2. | ||||
| CVE-2026-33785 | 1 Juniper Networks | 1 Junos Os | 2026-04-10 | 8.8 High |
| A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on MX Series allows a local, authenticated user with low privileges to execute specific commands which will lead to a complete compromise of managed devices. Any user logged in, without requiring specific privileges, can issue 'request csds' CLI operational commands. These commands are only meant to be executed by high privileged or users designated for Juniper Device Manager (JDM) / Connected Security Distributed Services (CSDS) operations as they will impact all aspects of the devices managed via the respective MX. This issue affects Junos OS on MX Series: * 24.4 releases before 24.4R2-S3, * 25.2 releases before 25.2R2. This issue does not affect Junos OS releases before 24.4. | ||||
| CVE-2026-5983 | 1 D-link | 1 Dir-605l | 2026-04-10 | 8.8 High |
| A vulnerability was determined in D-Link DIR-605L 2.13B01. This issue affects the function formSetDDNS of the file /goform/formSetDDNS of the component POST Request Handler. Executing a manipulation of the argument curTime can lead to buffer overflow. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-5988 | 1 Tenda | 2 F451, F451 Firmware | 2026-04-10 | 8.8 High |
| A vulnerability was detected in Tenda F451 1.0.0.7. This impacts the function formWrlsafeset of the file /goform/AdvSetWrlsafeset. Performing a manipulation of the argument mit_ssid results in stack-based buffer overflow. The attack can be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-5991 | 1 Tenda | 2 F451, F451 Firmware | 2026-04-10 | 8.8 High |
| A vulnerability was found in Tenda F451 1.0.0.7. Affected by this issue is the function formWrlExtraSet of the file /goform/WrlExtraSet. The manipulation of the argument GO results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-6015 | 1 Tenda | 2 Ac9, Ac9 Firmware | 2026-04-10 | 8.8 High |
| A vulnerability has been found in Tenda AC9 15.03.02.13. Impacted is the function formQuickIndex of the file /goform/QuickIndex of the component POST Request Handler. Such manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-6037 | 2026-04-10 | 7.3 High | ||
| A vulnerability was determined in code-projects Vehicle Showroom Management System 1.0. This affects an unknown function of the file /util/AddVehicleFunction.php. This manipulation of the argument BRANCH_ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-33466 | 1 Elastic | 1 Logstash | 2026-04-10 | 8.1 High |
| Improper Limitation of a Pathname to a Restricted Directory (CWE-22) in Logstash can lead to arbitrary file write and potentially remote code execution via Relative Path Traversal (CAPEC-139). The archive extraction utilities used by Logstash do not properly validate file paths within compressed archives. An attacker who can serve a specially crafted archive to Logstash through a compromised or attacker-controlled update endpoint can write arbitrary files to the host filesystem with the privileges of the Logstash process. In certain configurations where automatic pipeline reloading is enabled, this can be escalated to remote code execution. | ||||
| CVE-2026-5884 | 1 Google | 1 Chrome | 2026-04-10 | 8.0 High |
| Insufficient validation of untrusted input in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker who had compromised the renderer process to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5879 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Insufficient validation of untrusted input in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-5868 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Heap buffer overflow in ANGLE in Google Chrome on Mac prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-5862 | 1 Google | 1 Chrome | 2026-04-10 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-35455 | 1 Immich-app | 1 Immich | 2026-04-10 | 7.3 High |
| immich is a high performance self-hosted photo and video management solution. Prior to 2.7.0, sStored Cross-Site Scripting (XSS) in the 360° panorama viewer allows any authenticated user to execute arbitrary JavaScript in the browser of any other user who views the malicious panorama with the OCR overlay enabled. The attacker uploads an equirectangular image containing crafted text; OCR extracts it, and the panorama viewer renders it via innerHTML without sanitization. This enables session hijacking (via persistent API key creation), private photo exfiltration, and access to GPS location history and face biometric data. This vulnerability is fixed in 2.7.0. | ||||
| CVE-2026-26133 | 1 Microsoft | 35 365 Copilot, 365 Copilot Android, 365 Copilot For Android and 32 more | 2026-04-09 | 7.1 High |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-04-09 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-04-09 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26130 | 2 Microsoft, Redhat | 2 Asp.net Core, Enterprise Linux | 2026-04-09 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||