Export limit exceeded: 345225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345225 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345225 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25966 | 1 Imagemagick | 1 Imagemagick | 2026-04-18 | 5.9 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd:<n> pseudo-filenames (e.g., fd:0, fd:1). Prior to versions 7.1.2-15 and 6.9.13-40, this path form is not blocked by the secure policy templates, and therefore bypasses the protection goal of "no stdin/stdout." Versions 7.1.2-15 and 6.9.13-40 contain a patch by including a change to the more secure policies by default. As a workaround, add the change to one's security policy manually. | ||||
| CVE-2026-3057 | 1 A54552239 | 1 Pearprojectapi | 2026-04-18 | 6.3 Medium |
| A security flaw has been discovered in a54552239 pearProjectApi up to 2.8.10. Affected is the function dateTotalForProject of the file application/common/Model/Task.php of the component Backend Interface. The manipulation of the argument projectCode results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-3064 | 1 Hummerrisk | 1 Hummerrisk | 2026-04-18 | 6.3 Medium |
| A security vulnerability has been detected in HummerRisk up to 1.5.0. Affected by this issue is some unknown functionality of the file ResourceCreateService.java of the component Cloud Task Scheduler. Such manipulation of the argument regionId leads to command injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-27129 | 1 Craftcms | 2 Craft Cms, Craftcms | 2026-04-18 | 6.5 Medium |
| Craft is a content management system (CMS). In versions 4.5.0-RC1 through 4.16.18 and 5.0.0-RC1 through 5.8.22, the SSRF validation in Craft CMS’s GraphQL Asset mutation uses `gethostbyname()`, which only resolves IPv4 addresses. When a hostname has only AAAA (IPv6) records, the function returns the hostname string itself, causing the blocklist comparison to always fail and completely bypassing SSRF protection. This is a bypass of the security fix for CVE-2025-68437. Exploitation requires GraphQL schema permissions for editing assets in the `<VolumeName>` volume and creating assets in the `<VolumeName>` volume. These permissions may be granted to authenticated users with appropriate GraphQL schema access and/or Public Schema (if misconfigured with write permissions). Versions 4.16.19 and 5.8.23 patch the issue. | ||||
| CVE-2026-1459 | 1 Zyxel | 12 Dx5401-b1, Dx5401-b1 Firmware, Emg3525-t50b and 9 more | 2026-04-18 | 7.2 High |
| A post-authentication command injection vulnerability in the TR-369 certificate download CGI program of the Zyxel VMG3625-T50B firmware versions through 5.50(ABPM.9.7)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on an affected device. | ||||
| CVE-2026-3068 | 2 Admerc, Itsourcecode | 2 Document Management System, Document Management System | 2026-04-18 | 7.3 High |
| A weakness has been identified in itsourcecode Document Management System 1.0. This impacts an unknown function of the file /deluser.php. Executing a manipulation of the argument user2del can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3069 | 2 Admerc, Itsourcecode | 2 Document Management System, Document Management System | 2026-04-18 | 7.3 High |
| A security vulnerability has been detected in itsourcecode Document Management System 1.0. Affected is an unknown function of the file /edtlbls.php. The manipulation of the argument field1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-0399 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-04-18 | 4.9 Medium |
| Multiple post-authentication stack-based buffer overflow vulnerabilities in the SonicOS management interface due to improper bounds checking in a API endpoint. | ||||
| CVE-2026-0402 | 1 Sonicwall | 33 Nsa 2700, Nsa 2800, Nsa 3700 and 30 more | 2026-04-18 | 4.9 Medium |
| A post-authentication Out-of-bounds Read vulnerability in SonicOS allows a remote attacker to crash a firewall. | ||||
| CVE-2026-27518 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-04-18 | 4.3 Medium |
| Binardat 10G08-0800GSM network switch firmware version V300SP10260209 and prior lack CSRF protections for state-changing actions in the administrative interface. An attacker can trick an authenticated administrator into performing unauthorized configuration changes. | ||||
| CVE-2026-27520 | 1 Binardat | 3 10g08-0800gsm, 10g08-0800gsm Firmware, 10g08-0800gsm Network Switch | 2026-04-18 | 7.5 High |
| Binardat 10G08-0800GSM network switch firmware versions prior to V300SP10260209 store a user password in a client-side cookie as a Base64-encoded value accessible via the web interface. Because Base64 is reversible and provides no confidentiality, an attacker who can access the cookie value can recover the plaintext password. | ||||
| CVE-2026-27571 | 2 Linuxfoundation, Nats | 2 Nats-server, Nats Server | 2026-04-18 | 5.9 Medium |
| NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. The WebSockets handling of NATS messages handles compressed messages via the WebSockets negotiated compression. Prior to versions 2.11.2 and 2.12.3, the implementation bound the memory size of a NATS message but did not independently bound the memory consumption of the memory stream when constructing a NATS message which might then fail validation for size reasons. An attacker can use a compression bomb to cause excessive memory consumption, often resulting in the operating system terminating the server process. The use of compression is negotiated before authentication, so this does not require valid NATS credentials to exploit. The fix, present in versions 2.11.2 and 2.12.3, was to bounds the decompression to fail once the message was too large, instead of continuing on. The vulnerability only affects deployments which use WebSockets and which expose the network port to untrusted end-points. | ||||
| CVE-2026-24241 | 1 Nvidia | 2 Delegated License Service, Dls Component Of Nvidia License System | 2026-04-18 | 4.3 Medium |
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker could exploit an improper authentication issue. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2026-25891 | 1 Gofiber | 1 Fiber | 2026-04-18 | 7.5 High |
| Fiber is an Express inspired web framework written in Go. A Path Traversal (CWE-22) vulnerability in Fiber allows a remote attacker to bypass the static middleware sanitizer and read arbitrary files on the server file system on Windows. This affects Fiber v3 through version 3.0.0. This has been patched in Fiber v3 version 3.1.0. | ||||
| CVE-2026-27572 | 1 Bytecodealliance | 1 Wasmtime | 2026-04-18 | 7.5 High |
| Wasmtime is a runtime for WebAssembly. Prior to versions 24.0.6, 36.0.6, 4.0.04, 41.0.4, and 42.0.0, Wasmtime's implementation of the `wasi:http/types.fields` resource is susceptible to panics when too many fields are added to the set of headers. Wasmtime's implementation in the `wasmtime-wasi-http` crate is backed by a data structure which panics when it reaches excessive capacity and this condition was not handled gracefully in Wasmtime. Panicking in a WASI implementation is a Denial of Service vector for embedders and is treated as a security vulnerability in Wasmtime. Wasmtime 24.0.6, 36.0.6, 40.0.4, 41.0.4, and 42.0.0 patch this vulnerability and return a trap to the guest instead of panicking. There are no known workarounds at this time. Embedders are encouraged to update to a patched version of Wasmtime. | ||||
| CVE-2026-26717 | 1 Openfun | 1 Richie | 2026-04-18 | 4.8 Medium |
| An issue in OpenFUN Richie (LMS) in src/richie/apps/courses/api.py. The application used the non-constant time == operator for HMAC signature verification in the sync_course_run_from_request function. This allows remote attackers to forge valid signatures and bypass authentication by measuring response time discrepancies | ||||
| CVE-2026-25124 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-04-18 | 6.5 Medium |
| OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, the OpenEMR application is vulnerable to an access control flaw that allows low-privileged users, such as receptionists, to export the entire message list containing sensitive patient and user data. The vulnerability lies in the message_list.php report export functionality, where there is no permission check before executing sensitive database queries. The only control in place is CSRF token verification, which does not prevent unauthorized data access if the token is acquired through other means. Version 8.0.0 fixes the vulnerability. | ||||
| CVE-2026-27606 | 2 Rollup, Rollupjs | 2 Rollup, Rollup | 2026-04-18 | 9.8 Critical |
| Rollup is a module bundler for JavaScript. Versions prior to 2.80.0, 3.30.0, and 4.59.0 of the Rollup module bundler (specifically v4.x and present in current source) is vulnerable to an Arbitrary File Write via Path Traversal. Insecure file name sanitization in the core engine allows an attacker to control output filenames (e.g., via CLI named inputs, manual chunk aliases, or malicious plugins) and use traversal sequences (`../`) to overwrite files anywhere on the host filesystem that the build process has permissions for. This can lead to persistent Remote Code Execution (RCE) by overwriting critical system or user configuration files. Versions 2.80.0, 3.30.0, and 4.59.0 contain a patch for the issue. | ||||
| CVE-2026-27621 | 1 Typicms | 2 Core, Typicms | 2026-04-18 | 5.4 Medium |
| TypiCMS is a multilingual content management system based on the Laravel framework. A Stored Cross-Site Scripting (XSS) vulnerability exists in the file upload module of TypiCMS prior to version 16.1.7. The application allows users with file upload permissions to upload SVG files. While there is a MIME type validation, the content of the SVG file is not sanitized. An attacker can upload a specially crafted SVG file containing malicious JavaScript code. When another user (such as an administrator) views or accesses this file through the application, the script executes in their browser, leading to a compromise of that user's session. The issue is exacerbated by a bug in the SVG parsing logic, which can cause a 500 error if the uploaded SVG does not contain a `viewBox` attribute. However, this does not mitigate the XSS vulnerability, as an attacker can easily include a valid `viewBox` attribute in their malicious payload. Version 16.1.7 of TypiCMS Core fixes the issue. | ||||
| CVE-2026-27626 | 1 Olivetin | 1 Olivetin | 2026-04-18 | 10 Critical |
| OliveTin gives access to predefined shell commands from a web interface. In versions up to and including 3000.10.0, OliveTin's shell mode safety check (`checkShellArgumentSafety`) blocks several dangerous argument types but not `password`. A user supplying a `password`-typed argument can inject shell metacharacters that execute arbitrary OS commands. A second independent vector allows unauthenticated RCE via webhook-extracted JSON values that skip type safety checks entirely before reaching `sh -c`. When exploiting vector 1, any authenticated user (registration enabled by default, `authType: none` by default) can execute arbitrary OS commands on the OliveTin host with the permissions of the OliveTin process. When exploiting vector 2, an unauthenticated attacker can achieve the same if the instance receives webhooks from external sources, which is a primary OliveTin use case. When an attacker exploits both vectors, this results in unauthenticated RCE on any OliveTin instance using Shell mode with webhook-triggered actions. As of time of publication, a patched version is not available. | ||||