Export limit exceeded: 343860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343860 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5852 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-09 | 9.8 Critical |
| A weakness has been identified in Totolink A7100RU 7.4cu.2313_b20191024. Affected is the function setIptvCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. This manipulation of the argument igmpVer causes os command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2025-29165 | 1 Dlink | 1 Dir-1253 | 2026-04-09 | 9.8 Critical |
| An issue in D-Link DIR-1253 MESH V1.6.1684 allows an attacker to escalate privileges via the etc/shadow.sample component | ||||
| CVE-2026-39328 | 1 Churchcrm | 1 Churchcrm | 2026-04-09 | 8.9 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in ChurchCRM's person profile editing functionality. Non-administrative users who have the EditSelf permission can inject malicious JavaScript into their Facebook, LinkedIn, and X profile fields. Due to a 50-character field limit, the payload is distributed across all three fields and chains their onfocus event handlers to execute in sequence. When any user, including administrators, views the attacker's profile, their session cookies are exfiltrated to a remote server. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-39325 | 1 Churchcrm | 1 Churchcrm | 2026-04-09 | 7.2 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-22682 | 1 Hkuds | 1 Openharness | 2026-04-09 | 7.1 High |
| OpenHarness prior to commit 166fcfe contains an improper access control vulnerability in built-in file tools due to inconsistent parameter handling in permission enforcement, allowing attackers who can influence agent tool execution to read arbitrary local files outside the intended repository scope. Attackers can exploit the path parameter not being passed to the PermissionChecker in read_file, write_file, edit_file, and notebook_edit tools to bypass deny rules and access sensitive files such as configuration files, credentials, and SSH material, or create and overwrite files in restricted host paths in full_auto mode. | ||||
| CVE-2026-2104 | 1 Gitlab | 1 Gitlab | 2026-04-09 | 4.3 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to access confidential issues assigned to other users via CSV export due to insufficient authorization checks. | ||||
| CVE-2026-39316 | 1 Openprinting | 1 Cups | 2026-04-09 | 4 Medium |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a use-after-free vulnerability exists in the CUPS scheduler (cupsd) when temporary printers are automatically deleted. cupsdDeleteTemporaryPrinters() in scheduler/printers.c calls cupsdDeletePrinter() without first expiring subscriptions that reference the printer, leaving cupsd_subscription_t.dest as a dangling pointer to freed heap memory. The dangling pointer is subsequently dereferenced at multiple code sites, causing a crash (denial of service) of the cupsd daemon. With heap grooming, this can be leveraged for code execution. | ||||
| CVE-2026-1516 | 1 Gitlab | 1 Gitlab | 2026-04-09 | 5.7 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.0.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that in Code Quality reports could have allowed an authenticated user to leak IP addresses of users viewing the report via specially crafted content. | ||||
| CVE-2026-1101 | 1 Gitlab | 1 Gitlab | 2026-04-09 | 6.5 Medium |
| GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an authenticated user to cause denial of service to the GitLab instance due to improper input validation in GraphQL queries. | ||||
| CVE-2026-39307 | 1 Mervinpraison | 1 Praisonai | 2026-04-09 | 8.1 High |
| PraisonAI is a multi-agent teams system. Prior to 1.5.113, The PraisonAI templates installation feature is vulnerable to a "Zip Slip" Arbitrary File Write attack. When downloading and extracting template archives from external sources (e.g., GitHub), the application uses Python's zipfile.extractall() without verifying if the files within the archive resolve outside of the intended extraction directory. This vulnerability is fixed in 1.5.113. | ||||
| CVE-2026-35614 | 1 Frappe | 1 Frappe | 2026-04-09 | 9.8 Critical |
| Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe has a SQL injection in bulk_update. This vulnerability is fixed in 16.14.0 and 15.104.0. | ||||
| CVE-2026-35605 | 1 Filebrowser | 1 Filebrowser | 2026-04-09 | 7.5 High |
| File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the Matches() function in rules/rules.go uses strings.HasPrefix() without a trailing directory separator when matching paths against access rules. A rule for /uploads also matches /uploads_backup/, granting or denying access to unintended directories. This vulnerability is fixed in 2.63.1. | ||||
| CVE-2026-35584 | 1 Freescout Helpdesk | 1 Freescout | 2026-04-09 | N/A |
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to 1.8.212, the endpoint GET /thread/read/{conversation_id}/{thread_id} does not require authentication and does not validate whether the given thread_id belongs to the given conversation_id. This allows any unauthenticated attacker to mark any thread as read by passing arbitrary IDs, enumerate valid thread IDs via HTTP response codes (200 vs 404), and manipulate opened_at timestamps across conversations (IDOR). This vulnerability is fixed in 1.8.212. | ||||
| CVE-2026-35578 | 1 Churchcrm | 1 Churchcrm | 2026-04-09 | N/A |
| ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For this write-up the DonatedItemEditor.php will be used as an example, however wherever all instances of 'linkBack' should be assessed. This vulnerability is fixed in 7.0.0. | ||||
| CVE-2026-35520 | 1 Pi-hole | 1 Ftldns | 2026-04-09 | 8.8 High |
| FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parameter (dhcp.leaseTime). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This vulnerability is fixed in 6.6. | ||||
| CVE-2026-35516 | 1 Kovah | 1 Linkace | 2026-04-09 | 5 Medium |
| LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, LinkRepository::update and CheckLinksCommand::checkLink do not check for private IPs. An authenticated user can read responses from internal services (AWS IMDSv1, cloud metadata, internal APIs) by creating a link with a public URL and then updating it to a private IP. The links:check cron job makes the request server-side without IP filtering. This can expose cloud credentials, internal service data, and network topology. This vulnerability is fixed in 2.5.4. | ||||
| CVE-2026-35490 | 1 Dgtlmoon | 1 Changedetection.io | 2026-04-09 | 9.8 Critical |
| changedetection.io is a free open source web page change detection tool. Prior to 0.54.8, the @login_optionally_required decorator is placed before (outer to) @blueprint.route() instead of after it. In Flask, @route() must be the outermost decorator because it registers the function it receives. When the order is reversed, @route() registers the original undecorated function, and the auth wrapper is never in the call chain. This silently disables authentication on these routes. This vulnerability is fixed in 0.54.8. | ||||
| CVE-2026-35461 | 1 Papra-hq | 1 Papra | 2026-04-09 | 5 Medium |
| Papra is a minimalistic document management and archiving platform. Prior to 26.4.0, the Papra webhook system allows authenticated users to register arbitrary URLs as webhook endpoints with no validation of the destination address. The server makes outbound HTTP POST requests to registered URLs, including localhost, internal network ranges, and cloud provider metadata endpoints, on every document event. This vulnerability is fixed in 26.4.0. | ||||
| CVE-2026-35458 | 1 Gotenberg | 1 Gotenberg | 2026-04-09 | 9.8 Critical |
| Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely. | ||||
| CVE-2026-39654 | 2 Ashish Ajani, Wordpress | 2 Wp Simple Html Sitemap, Wordpress | 2026-04-09 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashish Ajani WP Simple HTML Sitemap wp-simple-html-sitemap allows DOM-Based XSS.This issue affects WP Simple HTML Sitemap: from n/a through <= 3.8. | ||||