Export limit exceeded: 344234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-40224 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.7 Medium |
| In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace. | ||||
| CVE-2026-40225 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.4 Medium |
| In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | ||||
| CVE-2026-23781 | 1 Bmc | 1 Control-m | 2026-04-13 | N/A |
| An issue was discovered in BMC Control-M/MFT 9.0.20 through 9.0.22. A set of default debug user credentials is hardcoded in cleartext within the application package. If left unchanged, these credentials can be easily obtained and may allow unauthorized access to the MFT API debug interface. | ||||
| CVE-2026-35602 | 1 Go-vikunja | 1 Vikunja | 2026-04-13 | 5.4 Medium |
| Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the Vikunja file import endpoint uses the attacker-controlled Size field from the JSON metadata inside the import zip instead of the actual decompressed file content length for the file size enforcement check. By setting Size to 0 in the JSON while including large compressed file entries in the zip, an attacker bypasses the configured maximum file size limit. This vulnerability is fixed in 2.3.0. | ||||
| CVE-2026-40162 | 1 Bugsink | 1 Bugsink | 2026-04-13 | 7.1 High |
| Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location writable by the Bugsink process. This vulnerability is fixed in 2.1.1. | ||||
| CVE-2026-33698 | 1 Chamilo | 1 Chamilo Lms | 2026-04-13 | N/A |
| Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals with the main/install/ directory still present and read-accessible. This vulnerability is fixed in 1.11.38. | ||||
| CVE-2026-35662 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 4.3 Medium |
| OpenClaw before 2026.3.22 fails to enforce controlScope restrictions on the send action, allowing leaf subagents to message controlled child sessions beyond their authorized scope. Attackers can exploit this by using the send action to communicate with child sessions without proper scope validation, bypassing intended access control restrictions. | ||||
| CVE-2026-33706 | 1 Chamilo | 1 Chamilo Lms | 2026-04-13 | 7.1 High |
| Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining course creation and management privileges. This vulnerability is fixed in 1.11.38. | ||||
| CVE-2026-33736 | 1 Chamilo | 1 Chamilo Lms | 2026-04-13 | 6.5 Medium |
| Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3. | ||||
| CVE-2026-40200 | 1 Musl-libc | 1 Musl | 2026-04-13 | 8.1 High |
| An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or the 64th Leonardo number on 64-bit platforms, which is not practical). | ||||
| CVE-2026-40226 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.4 Medium |
| In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file. | ||||
| CVE-2026-40227 | 1 Systemd | 1 Systemd | 2026-04-13 | 6.2 Medium |
| In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element. | ||||
| CVE-2026-22560 | 1 Rocket.chat | 1 Rocket.chat | 2026-04-13 | N/A |
| An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | ||||
| CVE-2026-29002 | 1 Couchcms | 1 Couchcms | 2026-04-13 | 7.2 High |
| CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass authorization validation and gain full application control, circumventing restrictions on SuperAdmin account creation and privilege assignment. | ||||
| CVE-2026-35667 | 1 Openclaw | 1 Openclaw | 2026-04-13 | 6.1 Medium |
| OpenClaw before 2026.3.24 contains an incomplete fix for CVE-2026-27486 where the !stop chat command uses an unpatched killProcessTree function from shell-utils.ts that sends SIGKILL immediately without graceful SIGTERM shutdown. Attackers can trigger process termination via the !stop command, causing data corruption, resource leaks, and skipped security-sensitive cleanup operations. | ||||
| CVE-2026-40177 | 1 Ajenti | 1 Ajenti | 2026-04-13 | N/A |
| ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112. | ||||
| CVE-2026-6057 | 1 Falkordb | 1 Falkordb Browser | 2026-04-13 | 9.8 Critical |
| FalkorDB Browser 1.9.3 contains an unauthenticated path traversal vulnerability in the file upload API that allows remote attackers to write arbitrary files and achieve remote code execution. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-04-13 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-33119 | 1 Microsoft | 1 Edge | 2026-04-13 | 5.4 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-5500 | 1 Wolfssl | 1 Wolfssl | 2026-04-13 | N/A |
| wolfSSL's wc_PKCS7_DecodeAuthEnvelopedData() does not properly sanitize the AES-GCM authentication tag length received and has no lower bounds check. A man-in-the-middle can therefore truncate the mac field from 16 bytes to 1 byte, reducing the tag check from 2⁻¹²⁸ to 2⁻⁸. | ||||