Export limit exceeded: 344942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344942 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344942 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3670 | 1 Freedom Factory | 1 Dgen1 | 2026-04-16 | 5.3 Medium |
| A vulnerability was detected in Freedom Factory dGEN1 up to 20260221. Affected is an unknown function of the component com.dgen.alarm. Performing a manipulation results in improper authorization. The attack requires a local approach. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3671 | 1 Freedom Factory | 1 Dgen1 | 2026-04-16 | 3.3 Low |
| A flaw has been found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function TokenBalanceContentProvider of the component org.ethereumphone.walletmanager.testing123. Executing a manipulation can lead to improper authorization. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3672 | 1 Jeecg | 1 Jeecgboot | 2026-04-16 | 6.3 Medium |
| A vulnerability has been found in JeecgBoot up to 3.9.1. Affected is the function isExistSqlInjectKeyword of the file /jeecg-boot/sys/api/getDictItems. Such manipulation leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3674 | 1 Freedom Factory | 1 Dgen1 | 2026-04-16 | 5.3 Medium |
| A vulnerability was found in Freedom Factory dGEN1 up to 20260221. Affected by this vulnerability is the function FakeAppProvider of the component org.ethosmobile.ethoslauncher. Performing a manipulation results in improper authorization. The attack must be initiated from a local position. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3675 | 1 Freedom Factory | 1 Dgen1 | 2026-04-16 | 5.3 Medium |
| A vulnerability was determined in Freedom Factory dGEN1 up to 20260221. Affected by this issue is the function FakeAppReceiver of the component org.ethosmobile.ethoslauncher. Executing a manipulation can lead to improper authorization. The attack needs to be launched locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3677 | 1 Tenda | 2 Fh451, Fh451 Firmware | 2026-04-16 | 8.8 High |
| A vulnerability was found in Tenda FH451 1.0.0.9. This impacts the function fromSetCfm of the file /goform/setcfm. The manipulation of the argument funcname/funcpara1 results in stack-based buffer overflow. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-35444 | 1 Libsdl | 1 Sdl Image | 2026-04-16 | 7.1 High |
| SDL_image is a library to load images of various formats as SDL surfaces. In do_layer_surface() in src/IMG_xcf.c, pixel index values from decoded XCF tile data are used directly as colormap indices without validating them against the colormap size (cm_num). A crafted .xcf file with a small colormap and out-of-range pixel indices causes heap out-of-bounds reads of up to 762 bytes past the colormap allocation. Both IMAGE_INDEXED code paths are affected (bpp=1 and bpp=2). The leaked heap bytes are written into the output surface pixel data, making them potentially observable in the rendered image. This vulnerability is fixed with commit 996bf12888925932daace576e09c3053410896f8. | ||||
| CVE-2026-35404 | 1 Openedx | 2 Openedx, Openedx-platform | 2026-04-16 | 4.7 Medium |
| Open edX Platform enables the authoring and delivery of online learning at any scale. he view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the server issues an immediate HTTP 302 redirect to the attacker-controlled URL. Additionally, the same unvalidated URL is embedded in a hidden form field and returned in a JSON response after form submission, where client-side JavaScript performs location.href = url. This enables phishing and credential theft attacks against authenticated Open edX users. This vulnerability is fixed with commit 76462f1e5fa9b37d2621ad7ad19514b403908970. | ||||
| CVE-2026-35184 | 2 Ecclesiacrm, Phili67 | 2 Ecclesiacrm, Ecclesiacrm | 2026-04-16 | 9.8 Critical |
| EcclesiaCRM is CRM Software for church management. Prior to 8.0.0, there is a SQL injection vulnerability in v2/templates/query/queryview.php via the custom and value parameters. This vulnerability is fixed in 8.0.0. | ||||
| CVE-2026-35406 | 1 Containers | 1 Aardvark-dns | 2026-04-16 | 6.2 Medium |
| Aardvark-dns is an authoritative dns server for A/AAAA container records. From 1.16.0 to 1.17.0, a truncated TCP DNS query followed by a connection reset causes aardvark-dns to enter an unrecoverable infinite error loop at 100% CPU. This vulnerability is fixed in 1.17.1. | ||||
| CVE-2026-39846 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-04-16 | 9.1 Critical |
| SiYuan is a personal knowledge management system. Prior to 3.6.4, a malicious note synced to another user can trigger remote code execution in the SiYuan Electron desktop client. The root cause is that table caption content is stored without safe escaping and later unescaped into rendered HTML, creating a stored XSS sink. Because the desktop renderer runs with nodeIntegration enabled and contextIsolation disabled, attacker-controlled JavaScript executes with access to Node.js APIs. In practice, an attacker can import a crafted note into a synced workspace, wait for the victim to sync, and achieve code execution when the victim opens the note. This vulnerability is fixed in 3.6.4. | ||||
| CVE-2026-39847 | 2 Emmett, Emmett-framework | 2 Emmett, Core | 2026-04-16 | 9.1 Critical |
| Emmett is a full-stack Python web framework designed with simplicity. From 2.5.0 to before 2.8.1, the RSGI static handler for Emmett's internal assets (/__emmett__ paths) is vulnerable to path traversal attacks. An attacker can use ../ sequences (eg /__emmett__/../rsgi/handlers.py) to read arbitrary files outside the assets directory. This vulnerability is fixed in 2.8.1. | ||||
| CVE-2026-22731 | 2 Spring, Vmware | 2 Spring Boot, Spring Boot | 2026-04-16 | 8.2 High |
| Spring Boot applications with Actuator can be vulnerable to an "Authentication Bypass" vulnerability when an application endpoint that requires authentication is declared under a specific path, already configured for a Health Group additional path. This issue affects Spring Boot: from 4.0 before 4.0.3, from 3.5 before 3.5.11, from 3.4 before 3.4.15. This CVE is similar but not equivalent to CVE-2026-22733, as the conditions for exploit and vulnerable versions are different. | ||||
| CVE-2026-3679 | 1 Tenda | 4 F451, F451 Firmware, Fh451 and 1 more | 2026-04-16 | 8.8 High |
| A vulnerability was identified in Tenda FH451 1.0.0.9. Affected by this vulnerability is the function formQuickIndex of the file /goform/QuickIndex. Such manipulation of the argument mit_linktype/PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3681 | 1 Welovemedia | 1 Ffmate | 2026-04-16 | 6.3 Medium |
| A weakness has been identified in welovemedia FFmate up to 2.0.15. This affects the function fireWebhook of the file /internal/service/webhook/webhook.go. Executing a manipulation can lead to server-side request forgery. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3682 | 1 Welovemedia | 1 Ffmate | 2026-04-16 | 6.3 Medium |
| A security vulnerability has been detected in welovemedia FFmate up to 2.0.15. This vulnerability affects the function Execute of the file /internal/service/ffmpeg/ffmpeg.go. The manipulation leads to argument injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3683 | 1 Bufanyun | 1 Hotgo | 2026-04-16 | 6.3 Medium |
| A vulnerability was detected in bufanyun HotGo up to 2.0. This issue affects the function ImageTransferStorage of the file /server/internal/logic/common/upload.go of the component Endpoint. The manipulation results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3693 | 1 Shy2593666979 | 1 Agentchat | 2026-04-16 | 7.3 High |
| A flaw has been found in Shy2593666979 AgentChat up to 2.3.0. This issue affects the function get_user_info/update_user_info of the file /src/backend/agentchat/api/v1/user.py of the component User Endpoint. This manipulation of the argument user_id causes improper control of resource identifiers. It is possible to initiate the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3711 | 2 Carmelo, Code-projects | 2 Simple Flight Ticket Booking System, Simple Flight Ticket Booking System | 2026-04-16 | 4.7 Medium |
| A vulnerability was detected in code-projects Simple Flight Ticket Booking System 1.0. Affected is an unknown function of the file /Adminupdate.php. The manipulation of the argument flightno/airplaneid/departure/dtime/arrival/atime/ec/ep/bc/bp results in sql injection. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2026-3713 | 1 Libpng | 1 Libpng | 2026-04-16 | 5.3 Medium |
| A flaw has been found in pnggroup libpng up to 1.6.55. Affected by this vulnerability is the function do_pnm2png of the file contrib/pngminus/pnm2png.c of the component pnm2png. This manipulation of the argument width/height causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet. | ||||