Export limit exceeded: 14084 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 11345 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39339 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 9.1 Critical |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, a critical authentication bypass vulnerability in ChurchCRM's API middleware (ChurchCRM/Slim/Middleware/AuthMiddleware.php) allows unauthenticated attackers to access all protected API endpoints by including "api/public" anywhere in the request URL, leading to complete exposure of church member data and system information. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-31398 | 1 Linux | 1 Linux Kernel | 2026-04-13 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: mm/rmap: fix incorrect pte restoration for lazyfree folios We batch unmap anonymous lazyfree folios by folio_unmap_pte_batch. If the batch has a mix of writable and non-writable bits, we may end up setting the entire batch writable. Fix this by respecting writable bit during batching. Although on a successful unmap of a lazyfree folio, the soft-dirty bit is lost, preserve it on pte restoration by respecting the bit during batching, to make the fix consistent w.r.t both writable bit and soft-dirty bit. I was able to write the below reproducer and crash the kernel. Explanation of reproducer (set 64K mTHP to always): Fault in a 64K large folio. Split the VMA at mid-point with MADV_DONTFORK. fork() - parent points to the folio with 8 writable ptes and 8 non-writable ptes. Merge the VMAs with MADV_DOFORK so that folio_unmap_pte_batch() can determine all the 16 ptes as a batch. Do MADV_FREE on the range to mark the folio as lazyfree. Write to the memory to dirty the pte, eventually rmap will dirty the folio. Then trigger reclaim, we will hit the pte restoration path, and the kernel will crash with the trace given below. The BUG happens at: BUG_ON(atomic_inc_return(&ptc->anon_map_count) > 1 && rw); The code path is asking for anonymous page to be mapped writable into the pagetable. The BUG_ON() firing implies that such a writable page has been mapped into the pagetables of more than one process, which breaks anonymous memory/CoW semantics. [ 21.134473] kernel BUG at mm/page_table_check.c:118! [ 21.134497] Internal error: Oops - BUG: 00000000f2000800 [#1] SMP [ 21.135917] Modules linked in: [ 21.136085] CPU: 1 UID: 0 PID: 1735 Comm: dup-lazyfree Not tainted 7.0.0-rc1-00116-g018018a17770 #1028 PREEMPT [ 21.136858] Hardware name: linux,dummy-virt (DT) [ 21.137019] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 21.137308] pc : page_table_check_set+0x28c/0x2a8 [ 21.137607] lr : page_table_check_set+0x134/0x2a8 [ 21.137885] sp : ffff80008a3b3340 [ 21.138124] x29: ffff80008a3b3340 x28: fffffdffc3d14400 x27: ffffd1a55e03d000 [ 21.138623] x26: 0040000000000040 x25: ffffd1a55f7dd000 x24: 0000000000000001 [ 21.139045] x23: 0000000000000001 x22: 0000000000000001 x21: ffffd1a55f217f30 [ 21.139629] x20: 0000000000134521 x19: 0000000000134519 x18: 005c43e000040000 [ 21.140027] x17: 0001400000000000 x16: 0001700000000000 x15: 000000000000ffff [ 21.140578] x14: 000000000000000c x13: 005c006000000000 x12: 0000000000000020 [ 21.140828] x11: 0000000000000000 x10: 005c000000000000 x9 : ffffd1a55c079ee0 [ 21.141077] x8 : 0000000000000001 x7 : 005c03e000040000 x6 : 000000004000ffff [ 21.141490] x5 : ffff00017fffce00 x4 : 0000000000000001 x3 : 0000000000000002 [ 21.141741] x2 : 0000000000134510 x1 : 0000000000000000 x0 : ffff0000c08228c0 [ 21.141991] Call trace: [ 21.142093] page_table_check_set+0x28c/0x2a8 (P) [ 21.142265] __page_table_check_ptes_set+0x144/0x1e8 [ 21.142441] __set_ptes_anysz.constprop.0+0x160/0x1a8 [ 21.142766] contpte_set_ptes+0xe8/0x140 [ 21.142907] try_to_unmap_one+0x10c4/0x10d0 [ 21.143177] rmap_walk_anon+0x100/0x250 [ 21.143315] try_to_unmap+0xa0/0xc8 [ 21.143441] shrink_folio_list+0x59c/0x18a8 [ 21.143759] shrink_lruvec+0x664/0xbf0 [ 21.144043] shrink_node+0x218/0x878 [ 21.144285] __node_reclaim.constprop.0+0x98/0x338 [ 21.144763] user_proactive_reclaim+0x2a4/0x340 [ 21.145056] reclaim_store+0x3c/0x60 [ 21.145216] dev_attr_store+0x20/0x40 [ 21.145585] sysfs_kf_write+0x84/0xa8 [ 21.145835] kernfs_fop_write_iter+0x130/0x1c8 [ 21.145994] vfs_write+0x2b8/0x368 [ 21.146119] ksys_write+0x70/0x110 [ 21.146240] __arm64_sys_write+0x24/0x38 [ 21.146380] invoke_syscall+0x50/0x120 [ 21.146513] el0_svc_common.constprop.0+0x48/0xf8 [ 21.146679] do_el0_svc+0x28/0x40 [ 21.146798] el0_svc+0x34/0x110 [ 21.146926] el0t ---truncated--- | ||||
| CVE-2026-23268 | 1 Linux | 1 Linux Kernel | 2026-04-13 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by passing the opened fd to a privileged process, and getting the privileged process to write to the interface. This does require a privileged target that can be manipulated to do the write for the unprivileged process, but once such access is achieved full policy management is possible and all the possible implications that implies: removing confinement, DoS of system or target applications by denying all execution, by-passing the unprivileged user namespace restriction, to exploiting kernel bugs for a local privilege escalation. The policy management interface can not have its permissions simply changed from 0666 to 0600 because non-root processes need to be able to load policy to different policy namespaces. Instead ensure the task writing the interface has privileges that are a subset of the task that opened the interface. This is already done via policy for confined processes, but unconfined can delegate access to the opened fd, by-passing the usual policy check. | ||||
| CVE-2026-32173 | 1 Microsoft | 3 Azure Sre Agent, Azure Sre Agent Gateway, Azure Sre Agent Gateway Signalr Hub | 2026-04-10 | 8.6 High |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-33105 | 1 Microsoft | 1 Azure Kubernetes Service | 2026-04-10 | 10 Critical |
| Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32213 | 1 Microsoft | 1 Azure Ai Foundry | 2026-04-10 | 10 Critical |
| Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-39389 | 1 Ci4-cms-erp | 1 Ci4ms | 2026-04-10 | 6.7 Medium |
| CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, This vulnerability is fixed in 0.31.4.0. | ||||
| CVE-2026-4105 | 1 Redhat | 4 Enterprise Linux, Hummingbird, Openshift and 1 more | 2026-04-10 | 6.7 Medium |
| A flaw was found in systemd. The systemd-machined service contains an Improper Access Control vulnerability due to insufficient validation of the class parameter in the RegisterMachine D-Bus (Desktop Bus) method. A local unprivileged user can exploit this by attempting to register a machine with a specific class value, which may leave behind a usable, attacker-controlled machine object. This allows the attacker to invoke methods on the privileged object, leading to the execution of arbitrary commands with root privileges on the host system. | ||||
| CVE-2026-32615 | 1 Discourse | 1 Discourse | 2026-04-10 | 5.4 Medium |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, category group moderators could perform privileged actions on topics inside private categories they did not have read access to. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2026-32619 | 1 Discourse | 1 Discourse | 2026-04-10 | 4.3 Medium |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, users who lost access to a topic (e.g., removed from a private category group) could still interact with polls in that topic, including voting and toggling poll status. No content was exposed, but users could modify poll state in topics they should no longer have access to. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2026-33074 | 1 Discourse | 1 Discourse | 2026-04-10 | 5.3 Medium |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher tier subscription. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2026-33415 | 1 Discourse | 1 Discourse | 2026-04-10 | 4.3 Medium |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, an authenticated moderator-level user could retrieve post content, topic titles, and usernames from categories they were not authorized to view. Insufficient access controls on a sentiment analytics endpoint allowed category permission boundaries to be bypassed. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2026-34372 | 1 Sulu | 1 Sulu | 2026-04-10 | 2.7 Low |
| Sulu is an open-source PHP content management system based on the Symfony framework. From versions 1.0.0 to before 2.6.22, and 3.0.0 to before 3.0.5, a user which has permission for the Sulu Admin via at least one role could have access to the sub-entities of contacts via the admin API without even have permission for contacts. This issue has been patched in versions 2.6.22 and 3.0.5. | ||||
| CVE-2026-23899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 8.8 High |
| An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-21629 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-10 | 7.3 High |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-34834 | 1 Bulwarkmail | 1 Webmail | 2026-04-10 | 7.5 High |
| Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that returned true if no session cookies were present. This allowed unauthenticated attackers to bypass security checks and access/modify user settings via the /api/settings endpoint by providing arbitrary headers. This issue has been patched in version 1.4.10. | ||||
| CVE-2026-39346 | 1 Orangehrm | 1 Orangehrm | 2026-04-10 | 6.5 Medium |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-39347 | 1 Orangehrm | 1 Orangehrm | 2026-04-10 | 2.7 Low |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-22628 | 1 Fortinet | 1 Fortiswitchaxfixed | 2026-04-09 | 5.1 Medium |
| An improper access control vulnerability in Fortinet FortiSwitchAXFixed 1.0.0 through 1.0.1 may allow an authenticated admin to execute system commands via a specifically crafted SSH config file. | ||||
| CVE-2025-3783 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2026-04-09 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||