Export limit exceeded: 342341 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342341 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28728 | 1 Acronis | 1 True Image | 2026-04-03 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | ||||
| CVE-2026-35507 | 1 Milesmcc | 1 Shynet | 2026-04-03 | 6.4 Medium |
| Shynet before 0.14.0 allows Host header injection in the password reset flow. | ||||
| CVE-2026-35508 | 1 Milesmcc | 1 Shynet | 2026-04-03 | 5.4 Medium |
| Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | ||||
| CVE-2026-35387 | 1 Openbsd | 1 Openssh | 2026-04-03 | 3.1 Low |
| OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | ||||
| CVE-2026-35538 | 1 Roundcube | 1 Webmail | 2026-04-03 | 3.1 Low |
| An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | ||||
| CVE-2026-35539 | 1 Roundcube | 1 Webmail | 2026-04-03 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. | ||||
| CVE-2026-35388 | 1 Openbsd | 1 Openssh | 2026-04-03 | 2.5 Low |
| OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | ||||
| CVE-2026-34817 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34821 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34974 | 1 Thorsten | 1 Phpmyfaq | 2026-04-03 | 5.4 Medium |
| phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from editor to full admin takeover. This issue has been patched in version 4.1.1. | ||||
| CVE-2026-34823 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-5346 | 1 Huimeicloud | 1 Hm Editor | 2026-04-03 | 7.3 High |
| A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5350 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-03 | 8.8 High |
| A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-34762 | 1 Ellanetworks | 1 Core | 2026-04-03 | 2.7 Low |
| Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0. | ||||
| CVE-2026-34083 | 1 Signalk | 1 Signalk-server | 2026-04-03 | 6.1 Medium |
| Signal K Server is a server application that runs on a central hub in a boat. Prior to version 2.24.0, SignalK Server contains a code-level vulnerability in its OIDC login and logout handlers where the unvalidated HTTP Host header is used to construct the OAuth2 redirect_uri. Because the redirectUri configuration is silently unset by default, an attacker can spoof the Host header to steal OAuth authorization codes and hijack user sessions in realistic deployments as The OIDC provider will then send the authorization code to whatever domain was injected. This issue has been patched in version 2.24.0. | ||||
| CVE-2026-34124 | 1 Tp-link | 1 Tapo C520ws V2 | 2026-04-03 | N/A |
| A denial-of-service vulnerability was identified in TP-Link Tapo C520WS v2.6 within the HTTP request path parsing logic. The implementation enforces length restrictions on the raw request path but does not account for path expansion performed during normalization. An attacker on the adjacent network may send a crafted HTTP request to cause buffer overflow and memory corruption, leading to system interruption or device reboot. | ||||
| CVE-2026-35545 | 1 Roundcube | 1 Webmail | 2026-04-03 | 5.3 Medium |
| An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail message. This may lead to information disclosure or access-control bypass. This involves the animate element with attributeName=fill/filter/stroke. | ||||
| CVE-2026-34523 | 1 Sillytavern | 1 Sillytavern | 2026-04-03 | 5.3 Medium |
| SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, a path traversal vulnerability in the static file route handler allows any unauthenticated user to determine whether files exist anywhere on the server's filesystem. by sending percent-encoded "../" sequences (%2E%2E%2F) in requests to static file routes, an attacker can check for the existence of files. This issue has been patched in version 1.17.0. | ||||
| CVE-2026-34526 | 1 Sillytavern | 1 Sillytavern | 2026-04-03 | 5 Medium |
| SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. Prior to version 1.17.0, in src/endpoints/search.js, the hostname is checked against /^\d+\.\d+\.\d+\.\d+$/. This only matches literal dotted-quad IPv4 (e.g. 127.0.0.1, 10.0.0.1). It does not catch: localhost (hostname, not dotted-quad), [::1] (IPv6 loopback), and DNS names resolving to internal addresses (e.g. localtest.me -> 127.0.0.1). A separate port check (urlObj.port !== '') limits exploitation to services on default ports (80/443), making this lower severity than a fully unrestricted SSRF. This issue has been patched in version 1.17.0. | ||||
| CVE-2026-34736 | 1 Openedx | 1 Openedx-platform | 2026-04-03 | 5.3 Medium |
| Open edX Platform enables the authoring and delivery of online learning at any scale. From the maple release to before the ulmo release, an unauthenticated attacker can fully bypass the email verification process by combining two issues: the OAuth2 password grant issuing tokens to inactive users (documented behavior) and the activation_key being exposed in the REST API response at /api/user/v1/accounts/. This issue has been patched in the ulmo release. | ||||