Export limit exceeded: 345217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345217 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345217 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25791 | 1 Bishopfox | 1 Sliver | 2026-04-17 | 7.5 High |
| Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored without a cleanup/expiry path in this flow, an unauthenticated remote actor can repeatedly create sessions and drive memory exhaustion. This vulnerability is fixed in 1.7.0. | ||||
| CVE-2026-25876 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.1 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/results.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). For example, this can be used to return all results for an assessment. | ||||
| CVE-2026-25810 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.1 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the backend/src/routes/student.submission.routes.ts verify authentication but fails to enforce object-level authorization (ownership checks). | ||||
| CVE-2026-25806 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 6.5 Medium |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the GET /api/students/:email PUT /api/students/:email/status, and DELETE /api/students/:email routes in backend/src/routes/student.routes.ts only enforce authentication using authenticateToken but do not enforce authorization. The application does not verify whether the authenticated user owns the student record being accessed, has an administrative / staff role, or is permitted to modify or delete the target student. | ||||
| CVE-2026-25809 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.8 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the code evaluation endpoint does not validate the assessment lifecycle state before allowing execution. There is no check to ensure that the assessment has started, is not expired, or the submission window is currently open. | ||||
| CVE-2026-25811 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.1 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application derives the tenant identifier directly from the email domain provided by the user, without validating domain ownership or registration. This allows cross-tenant data access. | ||||
| CVE-2026-25812 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 8.8 High |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, the application enables credentialed CORS requests but does not implement any CSRF protection mechanism. | ||||
| CVE-2026-25813 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 7.5 High |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The application logs highly sensitive data directly to console output without masking or redaction. | ||||
| CVE-2026-25814 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.8 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, User-controlled query parameters are passed directly into DynamoDB query/filter construction without validation or sanitization. | ||||
| CVE-2026-25875 | 2 Praskla-technology, Prasklatechnology | 2 Assessment-placipy, Placipy | 2026-04-17 | 9.8 Critical |
| PlaciPy is a placement management system designed for educational institutions. In version 1.0.0, The admin authorization middleware trusts client-controlled JWT claims (role and scope) without enforcing server-side role verification. | ||||
| CVE-2026-25880 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-04-17 | 7.8 High |
| SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, the PDF reader allows execution of a malicious binary (explorer.exe) located in the same directory as the opened PDF when the user clicks File → “Show in folder”. This behavior leads to arbitrary code execution on the victim’s system with the privileges of the current user, without any warning or user interaction beyond the menu click. | ||||
| CVE-2026-25885 | 2 Polarlearn, Polarnl | 2 Polarlearn, Polarlearn | 2026-04-17 | 7.5 High |
| PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a group UUID, and can also send messages to any group. The server accepts the message and stores it in the group’s chatContent, so this is not just a visual spam issue. | ||||
| CVE-2026-25889 | 1 Filebrowser | 1 Filebrowser | 2026-04-17 | 5.4 Medium |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, a case-sensitivity flaw in the password validation logic allows any authenticated user to change their password (or an admin to change any user's password) without providing the current password. By using Title Case field name "Password" instead of lowercase "password" in the API request, the current_password verification is completely bypassed. This enables account takeover if an attacker obtains a valid JWT token through XSS, session hijacking, or other means. This vulnerability is fixed in 2.57.1. | ||||
| CVE-2026-25890 | 1 Filebrowser | 1 Filebrowser | 2026-04-17 | 8.1 High |
| File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. Prior to 2.57.1, an authenticated user can bypass the application's "Disallow" file path rules by modifying the request URL. By adding multiple slashes (e.g., //private/) to the path, the authorization check fails to match the rule, while the underlying filesystem resolves the path correctly, granting unauthorized access to restricted files. This vulnerability is fixed in 2.57.1. | ||||
| CVE-2026-25918 | 1 Rageagainstthepixel | 1 Unity-cli | 2026-04-17 | 5.5 Medium |
| unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via JSON.stringify without sanitization, exposing secrets to shell history, CI/CD logs, and log aggregation systems. This vulnerability is fixed in 1.8.2. | ||||
| CVE-2026-25920 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-04-17 | 5.5 Medium |
| SumatraPDF is a multi-format reader for Windows. In 3.5.2 and earlier, a heap out-of-bounds read vulnerability exists in SumatraPDF's MOBI HuffDic decompressor. The bounds check in AddCdicData() only validates half the range that DecodeOne() actually accesses. Opening a crafted .mobi file can read nearly (1 << codeLength) bytes beyond the CDIC dictionary buffer, leading to a crash. | ||||
| CVE-2026-25961 | 1 Sumatrapdfreader | 1 Sumatrapdf | 2026-04-17 | 7.5 High |
| SumatraPDF is a multi-format reader for Windows. In 3.5.0 through 3.5.2, SumatraPDF's update mechanism disables TLS hostname verification (INTERNET_FLAG_IGNORE_CERT_CN_INVALID) and executes installers without signature checks. A network attacker with any valid TLS certificate (e.g., Let's Encrypt) can intercept the update check request, inject a malicious installer URL, and achieve arbitrary code execution. | ||||
| CVE-2026-25807 | 1 Taklaxbr | 2 Zai-shell, Zai Shell | 2026-04-17 | 8.8 High |
| ZAI Shell is an autonomous SysOps agent designed to navigate, repair, and secure complex environments. Prior to 9.0.3, the P2P terminal sharing feature (share start) opens a TCP socket on port 5757 without any authentication mechanism. Any remote attacker can connect to this port using a simple socket script. An attacker who connects to a ZAI-Shell P2P session running in --no-ai mode can send arbitrary system commands. If the host user approves the command without reviewing its contents, the command executes directly with the user's privileges, bypassing all Sentinel safety checks. This vulnerability is fixed in 9.0.3. | ||||
| CVE-2026-25923 | 2 My Little Forum, Mylittleforum | 2 My Little Forum, My Little Forum | 2026-04-17 | 9.1 Critical |
| my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1. | ||||
| CVE-2026-25925 | 1 Modery | 1 Powerdocu | 2026-04-17 | 7.8 High |
| PowerDocu contains a Windows GUI executable to perform technical documentations. Prior to 2.4.0, PowerDocu contains a critical security vulnerability in how it parses JSON files within Flow or App packages. The application blindly trusts the $type property in JSON files, allowing an attacker to instantiate arbitrary .NET objects and execute code. This vulnerability is fixed in 2.4.0. | ||||