Export limit exceeded: 346845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346845 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31677 | 1 Linux | 1 Linux Kernel | 2026-04-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - limit RX SG extraction by receive buffer budget Make af_alg_get_rsgl() limit each RX scatterlist extraction to the remaining receive buffer budget. af_alg_get_rsgl() currently uses af_alg_readable() only as a gate before extracting data into the RX scatterlist. Limit each extraction to the remaining af_alg_rcvbuf(sk) budget so that receive-side accounting matches the amount of data attached to the request. If skcipher cannot obtain enough RX space for at least one chunk while more data remains to be processed, reject the recvmsg call instead of rounding the request length down to zero. | ||||
| CVE-2026-6043 | 1 Perforce | 1 Helix Core Server P4d | 2026-04-25 | N/A |
| P4 Server versions prior to 2026.1 are configured with insecure default settings that, when exposed to untrusted networks, allow unauthenticated attackers to create arbitrary user accounts, enumerate existing users, authenticate to accounts with no password set, and access depot contents via the built-in 'remote' user. These default settings, taken together, can lead to unauthorized access to source code repositories and other managed assets. The 2026.1 release, expected in May 2026, enforces secure-by-default configurations on upgrade and new installations | ||||
| CVE-2026-31534 | 2026-04-25 | 7.0 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-31671 | 1 Linux | 1 Linux Kernel | 2026-04-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: xfrm_user: fix info leak in build_report() struct xfrm_user_report is a __u8 proto field followed by a struct xfrm_selector which means there is three "empty" bytes of padding, but the padding is never zeroed before copying to userspace. Fix that up by zeroing the structure before setting individual member variables. | ||||
| CVE-2026-31670 | 1 Linux | 1 Linux Kernel | 2026-04-25 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: rfkill: prevent unlimited numbers of rfkill events from being created Userspace can create an unlimited number of rfkill events if the system is so configured, while not consuming them from the rfkill file descriptor, causing a potential out of memory situation. Prevent this from bounding the number of pending rfkill events at a "large" number (i.e. 1000) to prevent abuses like this. | ||||
| CVE-2026-31560 | 1 Linux | 1 Linux Kernel | 2026-04-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: spi: spi-dw-dma: fix print error log when wait finish transaction If an error occurs, the device may not have a current message. In this case, the system will crash. In this case, it's better to use dev from the struct ctlr (struct spi_controller*). | ||||
| CVE-2026-31559 | 1 Linux | 1 Linux Kernel | 2026-04-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix missing NULL checks for kstrdup() 1. Replace "of_find_node_by_path("/")" with "of_root" to avoid multiple calls to "of_node_put()". 2. Fix a potential kernel oops during early boot when memory allocation fails while parsing CPU model from device tree. | ||||
| CVE-2026-31537 | 1 Linux | 1 Linux Kernel | 2026-04-25 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: smb: server: make use of smbdirect_socket.send_io.bcredits It turns out that our code will corrupt the stream of reassabled data transfer messages when we trigger an immendiate (empty) send. In order to fix this we'll have a single 'batch' credit per connection. And code getting that credit is free to use as much messages until remaining_length reaches 0, then the batch credit it given back and the next logical send can happen. | ||||
| CVE-2023-5933 | 1 Gitlab | 1 Gitlab | 2026-04-25 | 6.4 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions after 13.7 before 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. Improper input sanitization of user name allows arbitrary API PUT requests. | ||||
| CVE-2023-3922 | 1 Gitlab | 1 Gitlab | 2026-04-25 | 3 Low |
| An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI to a malicious page. | ||||
| CVE-2023-3920 | 1 Gitlab | 1 Gitlab | 2026-04-25 | 4.3 Medium |
| An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship between existing projects contrary to the documentation. | ||||
| CVE-2026-42035 | 2026-04-25 | 7.4 High | ||
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself — any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-42033 | 2026-04-25 | 7.4 High | ||
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when Object.prototype has been polluted by any co-dependency with keys that axios reads without a hasOwnProperty guard, an attacker can (a) silently intercept and modify every JSON response before the application sees it, or (b) fully hijack the underlying HTTP transport, gaining access to request credentials, headers, and body. The precondition is prototype pollution from a separate source in the same process. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-32210 | 1 Microsoft | 1 Dynamics 365 Online | 2026-04-25 | 9.3 Critical |
| Server-side request forgery (ssrf) in Microsoft Dynamics 365 (Online) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33102 | 1 Microsoft | 1 365 Copilot | 2026-04-25 | 9.3 Critical |
| Url redirection to untrusted site ('open redirect') in M365 Copilot allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-33819 | 1 Microsoft | 1 Bing | 2026-04-25 | 10 Critical |
| Deserialization of untrusted data in Microsoft Bing allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-24303 | 1 Microsoft | 1 Partner Center | 2026-04-25 | 9.6 Critical |
| Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32172 | 1 Microsoft | 1 Power-apps | 2026-04-25 | 8 High |
| Uncontrolled search path element in Microsoft Power Apps allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-1726 | 1 Ibm | 1 Guardium Key Lifecycle Manager | 2026-04-25 | 4.8 Medium |
| IBM Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2, 4.2.1, 5.0, and 5.1 | ||||
| CVE-2026-41176 | 2026-04-25 | 9.8 Critical | ||
| Rclone is a command-line program to sync files and directories to and from different cloud storage providers. The RC endpoint `options/set` is exposed without `AuthRequired: true`, but it can mutate global runtime configuration, including the RC option block itself. Starting in version 1.45.0 and prior to version 1.73.5, an unauthenticated attacker can set `rc.NoAuth=true`, which disables the authorization gate for many RC methods registered with `AuthRequired: true` on reachable RC servers that are started without global HTTP authentication. This can lead to unauthorized access to sensitive administrative functionality, including configuration and operational RC methods. Version 1.73.5 patches the issue. | ||||