Export limit exceeded: 345462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345462 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-3517 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command | ||||
| CVE-2026-4048 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. | ||||
| CVE-2026-5760 | 1 Sglang | 1 Sglang | 2026-04-20 | 9.8 Critical |
| SGLang's reranking endpoint (/v1/rerank) achieves Remote Code Execution (RCE) when a model file containing a malcious tokenizer.chat_template is loaded, as the Jinja2 chat templates are rendered using an unsandboxed jinja2.Environment(). | ||||
| CVE-2026-5963 | 1 Digiwin | 1 Easyflow .net | 2026-04-20 | 9.8 Critical |
| EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-5967 | 1 Teamt5 | 1 Threatsonar Anti-ransomware | 2026-04-20 | 8.8 High |
| ThreatSonar Anti-Ransomware developed by TeamT5 has an Privilege Escalation vulnerability. Authenticated remote attackers with shell access can inject OS commands and execute them with root privileges. | ||||
| CVE-2026-29013 | 1 Libcoap | 1 Libcoap | 2026-04-20 | N/A |
| libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation. | ||||
| CVE-2026-32963 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | N/A |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser. | ||||
| CVE-2026-3518 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command | ||||
| CVE-2026-3519 | 2026-04-20 | 8.4 High | ||
| OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | ||||
| CVE-2026-5958 | 1 Gnu | 1 Sed | 2026-04-20 | N/A |
| When sed is invoked with both -i (in-place edit) and --follow-symlinks, the function open_next_file() performs two separate, non-atomic filesystem operations on the same path: 1. resolves symlink to its target and stores the resolved path for determining when output is written, 2. opens the original symlink path (not the resolved one) to read the file. Between these two calls there is a race window. If an attacker atomically replaces the symlink with a different target during that window, sed will: read content from the new (attacker-chosen) symlink target and write the processed result to the path recorded in step 1. This can lead to arbitrary file overwrite with attacker-controlled content in the context of the sed process. This issue was fixed in version 4.10. | ||||
| CVE-2026-6369 | 2026-04-20 | N/A | ||
| An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server. | ||||
| CVE-2026-6644 | 1 Asustor | 1 Adm | 2026-04-20 | N/A |
| A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied input before it is passed to a system shell. Successful exploitation allows an attacker to achieve Remote Code Execution (RCE) and fully compromise the system. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.RR42 as well as from ADM 5.0.0 through ADM 5.1.2.REO1. | ||||
| CVE-2024-7083 | 2 Email Encoder, Wordpress | 2 Email Encoder, Wordpress | 2026-04-20 | 3.5 Low |
| The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2026-32957 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication. | ||||
| CVE-2026-32960 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 6.5 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a sensitive information in resource not removed before reuse. An attacker may login to the device without knowing the password by sending a crafted packet. | ||||
| CVE-2026-32961 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition. | ||||
| CVE-2026-32962 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication. | ||||
| CVE-2026-32965 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 7.5 High |
| Initialization of a resource with an insecure default vulnerability exists in SD-330AC and AMC Manager provided by silex technology, Inc. When the affected device is connected to the network with the initial (factory-default) configuration, the device can be configured with the null string password. | ||||
| CVE-2026-35061 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 5.3 Medium |
| Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | ||||
| CVE-2026-40434 | 1 Anviz | 1 Anviz Crosschex Standard | 2026-04-20 | 8.1 High |
| Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | ||||