Export limit exceeded: 345193 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345193 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2529 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2026-04-17 | 6.3 Medium |
| A security flaw has been discovered in Wavlink WL-WN579A3 up to 20210219. Affected by this issue is the function DeleteMac of the file /cgi-bin/wireless.cgi. The manipulation of the argument delete_list results in command injection. The attack can be executed remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2530 | 1 Wavlink | 2 Wl-wn579a3, Wl-wn579a3 Firmware | 2026-04-17 | 6.3 Medium |
| A weakness has been identified in Wavlink WL-WN579A3 up to 20210219. This affects the function AddMac of the file /cgi-bin/wireless.cgi. This manipulation of the argument macAddr causes command injection. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2531 | 1 Mindsdb | 1 Mindsdb | 2026-04-17 | 6.3 Medium |
| A security vulnerability has been detected in MindsDB up to 25.14.1. This vulnerability affects the function clear_filename of the file mindsdb/utilities/security.py of the component File Upload. Such manipulation leads to server-side request forgery. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The name of the patch is 74d6f0fd4b630218519a700fbee1c05c7fd4b1ed. It is best practice to apply a patch to resolve this issue. | ||||
| CVE-2026-2532 | 1 Lintsinghua | 1 Deepaudit | 2026-04-17 | 6.3 Medium |
| A vulnerability was detected in lintsinghua DeepAudit up to 3.0.3. This issue affects some unknown processing of the file backend/app/api/v1/endpoints/embedding_config.py of the component IP Address Handler. Performing a manipulation results in server-side request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.0.4 and 3.1.0 is capable of addressing this issue. The patch is named da853fdd8cbe9d42053b45d83f25708ba29b8b27. It is suggested to upgrade the affected component. | ||||
| CVE-2026-28212 | 1 Firebirdsql | 1 Firebird | 2026-04-17 | 7.5 High |
| Firebird is an open-source relational database management system. In versions prior to 6.0.0, 5.0.4, 4.0.7 and 3.0.14, when processing an op_slice network packet, the server passes an unprepared structure containing a null pointer to the SDL_info() function, resulting in a null pointer dereference and server crash. An unauthenticated attacker can trigger this by sending a crafted packet to the server port. This issue has been fixed in versions 6.0.0, 5.0.4, 4.0.7 and 3.0.14. | ||||
| CVE-2026-27890 | 1 Firebirdsql | 1 Firebird | 2026-04-17 | 8.2 High |
| Firebird is an open-source relational database management system. In versions prior to 5.0.4, 4.0.7 and 3.0.14, when processing CNCT_specific_data segments during authentication, the server assumes segments arrive in strictly ascending order. If segments arrive out of order, the Array class's grow() method computes a negative size value, causing a SIGSEGV crash. An unauthenticated attacker who knows only the server's IP and port can exploit this to crash the server. This issue has been fixed in versions 5.0.4, 4.0.7 and 3.0.14. | ||||
| CVE-2026-33098 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Container Isolation FS Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-34866 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.1 Medium |
| Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34865 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 9.1 Critical |
| Out-of-bounds write vulnerability in the WEB module.Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34855 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 5.7 Medium |
| Out-of-bounds write vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34867 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.6 Medium |
| Double free vulnerability in the multi-mode input system. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-33099 | 1 Microsoft | 26 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 23 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33100 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33101 | 1 Microsoft | 12 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 9 more | 2026-04-17 | 7.8 High |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33824 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-17 | 9.8 Critical |
| Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-6359 | 1 Google | 1 Chrome | 2026-04-17 | 8.8 High |
| Use after free in Video in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who had compromised the renderer process to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-6360 | 1 Google | 1 Chrome | 2026-04-17 | 8.8 High |
| Use after free in FileSystem in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-6361 | 1 Google | 1 Chrome | 2026-04-17 | 7.2 High |
| Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: High) | ||||
| CVE-2026-6362 | 1 Google | 1 Chrome | 2026-04-17 | 6.3 Medium |
| Use after free in Codecs in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to potentially perform out of bounds memory access via a crafted video file. (Chromium security severity: High) | ||||
| CVE-2026-33826 | 1 Microsoft | 14 Windows Server 2012, Windows Server 2012 R2, Windows Server 2012 R2 and 11 more | 2026-04-17 | 8 High |
| Improper input validation in Windows Active Directory allows an authorized attacker to execute code over an adjacent network. | ||||