Export limit exceeded: 344998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1692 | 2 Arcinfo, Arcinformatique | 2 Pcvue, Pcvue | 2026-04-16 | 6.1 Medium |
| A missing origin validation in WebSockets vulnerability affects the GraphicalData web services used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It might allow a remote attacker to lure a successfully authenticated user to a malicious website. This vulnerability only affects the following two endpoints: GraphicalData/js/signalR/connect and GraphicalData/js/signalR/reconnect. | ||||
| CVE-2026-1694 | 2 Arcinfo, Arcinformatique | 2 Pcvue, Pcvue | 2026-04-16 | 4.3 Medium |
| HTTP headers are added by the default configuration of IIS and ASP.net, and are not removed at the deployment phase of the webservices used by the WebVue, WebScheduler, TouchVue and SnapVue features of PcVue in version 12.0.0 through 16.3.3 included. It unnecessarily exposes sensitive information about the server configuration. | ||||
| CVE-2026-1698 | 2 Arcinfo, Arcinformatique | 2 Pcvue, Pcvue | 2026-04-16 | 6.1 Medium |
| A HTTP Host header attack vulnerability affects WebClient and the WebScheduler web apps of PcVue in version 15.0.0 through 16.3.3 included, allowing a remote attacker to inject harmful payloads that manipulate server-side behavior. This vulnerability only affects the endpoints /Authentication/ExternalLogin, /Authentication/AuthorizationCodeCallback and /Authentication/Logout of the WebClient and WebScheduler web apps. | ||||
| CVE-2026-28136 | 2 Veronalabs, Wordpress | 2 Wp Sms, Wordpress | 2026-04-16 | 7.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VeronaLabs WP SMS wp-sms allows SQL Injection.This issue affects WP SMS: from n/a through <= 6.9.12. | ||||
| CVE-2026-26228 | 1 Videolan | 2 Vlc, Vlc For Android | 2026-04-16 | 4.9 Medium |
| VideoLAN VLC for Android prior to version 3.7.0 contains a path traversal vulnerability in the Remote Access Server routing for the authenticated endpoint GET /download. The file query parameter is concatenated into a filesystem path under the configured download directory without canonicalization or directory containment checks, allowing an authenticated attacker with network reachability to the Remote Access Server to request files outside the intended directory. The impact is bounded by the Android application sandbox and storage restrictions, typically limiting exposure to app-internal and app-specific external storage. | ||||
| CVE-2026-26227 | 1 Videolan | 2 Vlc, Vlc For Android | 2026-04-16 | 3.7 Low |
| VideoLAN VLC for Android prior to version 3.7.0 contains an authentication bypass in the Remote Access Server feature due to missing or insufficient rate limiting on one-time password (OTP) verification. The Remote Access Server uses a 4-digit OTP and does not enforce effective throttling or lockout within the OTP validity window, allowing an attacker with network reachability to the server to repeatedly attempt OTP verification until a valid user_session cookie is issued. Successful exploitation results in unauthorized access to the Remote Access interface, limited to media files explicitly shared by the VLC for Android user. | ||||
| CVE-2026-27141 | 1 Go Standard Library | 1 Net/http | 2026-04-16 | 7.5 High |
| Due to missing nil check, sending 0x0a-0x0f HTTP/2 frames will cause a running server to panic | ||||
| CVE-2026-27509 | 2 Unitree, Unitreerobotics | 5 Go2, Go2 Edu, Go2 Edu Firmware and 2 more | 2026-04-16 | 8 High |
| Unitree Go2 firmware versions V1.1.7 through V1.1.9 and V1.1.11 (EDU) do not implement DDS authentication or authorization for the Eclipse CycloneDDS topic rt/api/programming_actuator/request handled by actuator_manager.py. A network-adjacent, unauthenticated attacker can join DDS domain 0 and publish a crafted message (api_id=1002) containing arbitrary Python, which the robot writes to disk under /unitree/etc/programming/ and binds to a physical controller keybinding. When the keybinding is pressed, the code executes as root and the binding persists across reboots. | ||||
| CVE-2026-27510 | 2 Unitree, Unitreerobotics | 3 Go2, Go2 Firmware, Unitree Go2 | 2026-04-16 | 9.6 Critical |
| Unitree Go2 firmware versions 1.1.7 through 1.1.11, when used with the Unitree Go2 Android application (com.unitree.doggo2), are vulnerable to remote code execution due to missing integrity protection and validation of user-created programmes. The Android application stores programs in a local SQLite database (unitree_go2.db, table dog_programme) and transmits the programme_text content, including the pyCode field, to the robot. The robot's actuator_manager.py executes the supplied Python as root without integrity verification or content validation. An attacker with local access to the Android device can tamper with the stored programme record to inject arbitrary Python that executes when the user triggers the program via a controller keybinding, and the malicious binding persists across reboots. Additionally, a malicious program shared through the application's community marketplace can result in arbitrary code execution on any robot that imports and runs it. | ||||
| CVE-2026-27021 | 1 Discourse | 1 Discourse | 2026-04-16 | 5.3 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the voters endpoint in the poll plugin lacked post visibility checks which allowed unauthorized access to voters details of polls in any post. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-27150 | 1 Discourse | 1 Discourse | 2026-04-16 | 3.8 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, missing `validate_before_create` authorization in Data Explorer's `QueryGroupBookmarkable` allows any logged-in user to create bookmarks for query groups they don't have access to, enabling metadata disclosure via bookmark reminder notifications. Versions 2025.12.2, 2026.1.1, and 2026.2.0 fix this issue and also make sure `validate_before_create` throws NotImplementedError in BaseBookmarkable if not implemented, to prevent similar issues in the future. No known workarounds are available. | ||||
| CVE-2026-27151 | 1 Discourse | 1 Discourse | 2026-04-16 | 2.7 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, the `move_posts` action only checked `can_move_posts?` on the source topic but never validated write permissions on the destination topic. This allowed TL4 users and category group moderators to move posts into topics in categories where they lack posting privileges (e.g., read-only categories or categories with group-restricted write access). Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-27162 | 1 Discourse | 1 Discourse | 2026-04-16 | 4.9 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, `posts_nearby` was checking topic access but then returning all posts regardless of type, including whispers that should only be visible to whisperers. Use `Post.secured(guardian)` to properly filter post types based on user permissions. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-27152 | 1 Discourse | 1 Discourse | 2026-04-16 | 3.8 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via `Chat::AddUsersToChannel` — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipient PM restrictions that are enforced during DM channel creation. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-22206 | 1 Spip | 2 Saisies, Spip | 2026-04-16 | 8.8 High |
| SPIP versions prior to 4.4.10 contain a SQL injection vulnerability that allows authenticated low-privilege users to execute arbitrary SQL queries by manipulating union-based injection techniques. Attackers can exploit this SQL injection flaw combined with PHP tag processing to achieve remote code execution on the server. | ||||
| CVE-2026-22205 | 1 Spip | 2 Saisies, Spip | 2026-04-16 | 7.5 High |
| SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protected information. Attackers can exploit loose type comparisons in authentication logic to bypass login verification and retrieve sensitive internal data. | ||||
| CVE-2026-28218 | 1 Discourse | 1 Discourse | 2026-04-16 | 5.4 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, fail-open access control in Data Explorer plugin allows any authenticated user to execute SQL queries that have no explicit group assignments, including built-in system queries. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. As a workaround, either explicitly set group permissions on each Data Explorer query that doesn't have permissions, or disable discourse-data-explorer plugin. | ||||
| CVE-2026-28219 | 1 Discourse | 1 Discourse | 2026-04-16 | 4.3 Medium |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an improper authorization check in the topic management logic allows authenticated users to modify privileged attributes of their topics. By manipulating specific parameters in a PUT or POST request, a regular user can elevate a topic’s status to a site-wide notice or banner, bypassing intended administrative restrictions. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. There are no practical workarounds to prevent this behavior other than applying the security patch. Administrators concerned about unauthorized promotions should audit recent changes to site banners and global notices until the fix is deployed. | ||||
| CVE-2026-28227 | 1 Discourse | 1 Discourse | 2026-04-16 | 2.7 Low |
| Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, TL4 users can publish topics into staff-only categories via the `publish_to_category` topic timer, bypassing authorization checks. Versions 2025.12.2, 2026.1.1, and 2026.2.0 patch the issue. No known workarounds are available. | ||||
| CVE-2026-25741 | 1 Zulip | 1 Zulip | 2026-04-16 | 7.1 High |
| Zulip is an open-source team collaboration tool. Prior to commit bf28c82dc9b1f630fa8e9106358771b20a0040f7, the API endpoint for creating a card update session during an upgrade flow was accessible to users with only organization member privileges. When the associated Stripe Checkout session is completed, the Stripe webhook updates the organization’s default payment method. Because no billing-specific authorization check is enforced, a regular (non-billing) member can change the organization’s payment method. This vulnerability affected the Zulip Cloud payment processing system, and has been patched as of commit bf28c82dc9b1f630fa8e9106358771b20a0040f7. Self-hosted deploys are no longer affected and no patch or upgrade is required for them. | ||||