Export limit exceeded: 79038 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (79038 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35520 | 1 Pi-hole | 1 Ftldns | 2026-04-09 | 8.8 High |
| FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution (RCE) vulnerability in the DHCP lease time configuration parameter (dhcp.leaseTime). This vulnerability allows an authenticated attacker to inject arbitrary dnsmasq configuration directives through newline characters, ultimately achieving command execution on the underlying system. This vulnerability is fixed in 6.6. | ||||
| CVE-2026-4740 | 1 Redhat | 1 Multicluster Engine | 2026-04-09 | 8.2 High |
| A flaw was found in Open Cluster Management (OCM), the technology underlying Red Hat Advanced Cluster Management (ACM). Improper validation of Kubernetes client certificate renewal allows a managed cluster administrator to forge a client certificate that can be approved by the OCM controller. This enables cross-cluster privilege escalation and may allow an attacker to gain control over other managed clusters, including the hub cluster. | ||||
| CVE-2026-4319 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-09 | 7.3 High |
| A vulnerability was identified in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file /routers/add-item.php. Such manipulation of the argument price leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-32763 | 2 Kysely, Kysely-org | 2 Kysely, Kysely | 2026-04-09 | 8.2 High |
| Kysely is a type-safe TypeScript SQL query builder. Versions up to and including 0.28.11 has a SQL injection vulnerability in JSON path compilation for MySQL and SQLite dialects. The `visitJSONPathLeg()` function appends user-controlled values from `.key()` and `.at()` directly into single-quoted JSON path string literals (`'$.key'`) without escaping single quotes. An attacker can break out of the JSON path string context and inject arbitrary SQL. This is inconsistent with `sanitizeIdentifier()`, which properly doubles delimiter characters for identifiers — both are non-parameterizable SQL constructs requiring manual escaping, but only identifiers are protected. Version 0.28.12 fixes the issue. | ||||
| CVE-2026-32888 | 1 Opensourcepos | 2 Open Source Point Of Sale, Opensourcepos | 2026-04-09 | 8.8 High |
| Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled (search_custom filter), user-supplied input from the search GET parameter is interpolated directly into a HAVING clause without parameterization or sanitization. This allows an authenticated attacker with basic item search permissions to execute arbitrary SQL queries. A patch did not exist at the time of publication. | ||||
| CVE-2026-32933 | 1 Luckypennysoftware | 1 Automapper | 2026-04-09 | 7.5 High |
| AutoMapper is a convention-based object-object mapper in .NET. Versions prior to 15.1.1 and 16.1.1 are vulnerable to a Denial of Service (DoS) attack. When mapping deeply nested object graphs, the library uses recursive method calls without enforcing a default maximum depth limit. This allows an attacker to provide a specially crafted object graph that exhausts the thread's stack memory, triggering a `StackOverflowException` and causing the entire application process to terminate. Versions 15.1.1 and 16.1.1 fix the issue. | ||||
| CVE-2026-33419 | 1 Minio | 1 Minio | 2026-04-09 | 7.5 High |
| MinIO is a high-performance object storage system. Prior to RELEASE.2026-03-17T21-25-16Z, MinIO AIStor's STS (Security Token Service) AssumeRoleWithLDAPIdentity endpoint is vulnerable to LDAP credential brute-forcing due to two combined weaknesses: (1) distinguishable error responses that enable username enumeration, and (2) absence of rate limiting on authentication attempts. An unauthenticated network attacker can enumerate valid LDAP usernames and then perform unlimited password guessing to obtain temporary AWS-style STS credentials, gaining access to the victim's S3 buckets and objects. This issue has been patched in RELEASE.2026-03-17T21-25-16Z. | ||||
| CVE-2016-20045 | 2 Hnb, Hnb Project | 2 Hnb, Hierarchical Notebook | 2026-04-09 | 8.4 High |
| HNB Organizer 1.9.18-10 contains a local buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized argument to the -rc command-line parameter. Attackers can craft a malicious input string exceeding 108 bytes containing shellcode and a return address to overwrite the stack and achieve code execution. | ||||
| CVE-2018-25225 | 2 Sipp, Sipp Project | 2 Sipp, Sipp | 2026-04-09 | 8.4 High |
| SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets. | ||||
| CVE-2026-4415 | 1 Gigabyte | 2 Control Center, Gigabyte Control Center | 2026-04-09 | 8.1 High |
| Gigabyte Control Center developed by GIGABYTE has an Arbitrary File Write vulnerability. When the pairing feature is enabled, unauthenticated remote attackers can write arbitrary files to any location on the underlying operating system, leading to arbitrary code execution or privilege escalation. | ||||
| CVE-2026-4416 | 1 Gigabyte | 1 Performance Library | 2026-04-09 | 7.8 High |
| The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation. | ||||
| CVE-2025-59711 | 2 Biztalk360, Kovai | 2 Biztalk360, Biztalk360 | 2026-04-09 | 8.3 High |
| An issue was discovered in Biztalk360 before 11.5. Because of mishandling of user-provided input in an upload mechanism, an authenticated attacker is able to write files outside of the destination directory and/or coerce an authentication from the service, aka Directory Traversal. | ||||
| CVE-2026-25044 | 1 Budibase | 1 Budibase | 2026-04-09 | 8.8 High |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing arbitrary command execution. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35214 | 1 Budibase | 1 Budibase | 2026-04-09 | 8.7 High |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary directories via rmSync and write arbitrary files via tarball extraction to any filesystem path the Node.js process can access. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35218 | 1 Budibase | 1 Budibase | 2026-04-09 | 8.7 High |
| Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive without any sanitization. An authenticated user with Builder access can create a table, automation, view, or query whose name contains an HTML payload (e.g. <img src=x onerror=alert(document.domain)>). When any Builder-role user in the same workspace opens the Command Palette (Ctrl+K), the payload executes in their browser, stealing their session cookie and enabling full account takeover. This issue has been patched in version 3.32.5. | ||||
| CVE-2025-54601 | 1 Samsung | 23 Exynos, Exynos 1080, Exynos 1080 Firmware and 20 more | 2026-04-09 | 7 High |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race condition by invoking an ioctl function concurrently from multiple threads. | ||||
| CVE-2025-57835 | 1 Samsung | 41 Exynos, Exynos 1080, Exynos 1080 Firmware and 38 more | 2026-04-09 | 7.5 High |
| An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in an illegal memory access, causing a system crash via a malformed RRCReconfiguration message. | ||||
| CVE-2025-59440 | 1 Samsung | 41 Exynos, Exynos 1080, Exynos 1080 Firmware and 38 more | 2026-04-09 | 7.5 High |
| An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive commands leads to a Denial of Service. | ||||
| CVE-2025-47389 | 1 Qualcomm | 363 Ar8035, Ar8035 Firmware, Cologne and 360 more | 2026-04-09 | 7.8 High |
| Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||||
| CVE-2025-47390 | 1 Qualcomm | 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more | 2026-04-09 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||