Export limit exceeded: 342201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2950 | 1 Lodash | 2 Lodash, Lodash.unset | 2026-04-03 | 6.5 Medium |
| Impact: Lodash versions 4.17.23 and earlier are vulnerable to prototype pollution in the _.unset and _.omit functions. The fix for (CVE-2025-13465: https://github.com/lodash/lodash/security/advisories/GHSA-xxjr-mmjv-4gpg) only guards against string key members, so an attacker can bypass the check by passing array-wrapped path segments. This allows deletion of properties from built-in prototypes such as Object.prototype, Number.prototype, and String.prototype. The issue permits deletion of prototype properties but does not allow overwriting their original behavior. Patches: This issue is patched in 4.18.0. Workarounds: None. Upgrade to the patched version. | ||||
| CVE-2026-1579 | 1 Px4 | 1 Px4-autopilot | 2026-04-03 | 9.8 Critical |
| The MAVLink communication protocol does not require cryptographic authentication by default. When MAVLink 2.0 message signing is not enabled, any message -- including SERIAL_CONTROL, which provides interactive shell access -- can be sent by an unauthenticated party with access to the MAVLink interface. PX4 provides MAVLink 2.0 message signing as the cryptographic authentication mechanism for all MAVLink communication. When signing is enabled, unsigned messages are rejected at the protocol level. | ||||
| CVE-2026-4668 | 2 Ameliabooking, Wordpress | 2 Booking For Appointments And Events Calendar, Wordpress | 2026-04-03 | 6.5 Medium |
| The Booking for Appointments and Events Calendar - Amelia plugin for WordPress is vulnerable to SQL Injection via the `sort` parameter in the payments listing endpoint in all versions up to, and including, 2.1.2. This is due to insufficient escaping on the user-supplied `sort` parameter and lack of sufficient preparation on the existing SQL query in `PaymentRepository.php`, where the sort field is interpolated directly into an ORDER BY clause without sanitization or whitelist validation. PDO prepared statements do not protect ORDER BY column names. GET requests also skip Amelia's nonce validation entirely. This makes it possible for authenticated attackers, with Manager-level (`wpamelia-manager`) access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via time-based blind SQL injection. | ||||
| CVE-2026-5240 | 1 Code-projects | 1 Blood Bank Management System | 2026-04-03 | 4.3 Medium |
| A security vulnerability has been detected in code-projects BloodBank Managing System 1.0. This affects an unknown part of the file /admin_state.php. The manipulation of the argument statename leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-3777 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 5.5 Medium |
| The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution. | ||||
| CVE-2026-3779 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 7.8 High |
| The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution. | ||||
| CVE-2026-3778 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 6.2 Medium |
| The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep traversal can cause uncontrolled recursion, stack exhaustion, and application crashes. | ||||
| CVE-2026-3780 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 7.3 High |
| The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation. | ||||
| CVE-2026-3776 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 5.5 Medium |
| The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without a prior null or validity check, which allows a crafted document to trigger a null pointer dereference and crash the application, resulting in denial of service. | ||||
| CVE-2026-3775 | 1 Foxitsoftware | 2 Foxit Pdf Editor, Foxit Reader | 2026-04-03 | 7.8 High |
| The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution. | ||||
| CVE-2025-15484 | 2 Order Notification For Woocommerce, Wordpress | 2 Order Notification For Woocommerce, Wordpress | 2026-04-03 | 9.1 Critical |
| The Order Notification for WooCommerce WordPress plugin before 3.6.3 overrides WooCommerce's permission checks to grant full access to all unauthenticated requests, enabling complete read/write access to store resources like products, coupons, and customers. | ||||
| CVE-2026-2696 | 2 Export All Urls, Wordpress | 2 Export All Urls, Wordpress | 2026-04-03 | 5.3 Medium |
| The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS (including private posts) in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can brute-force the filenames to gain access to sensitive data contained within the exported files. | ||||
| CVE-2026-21632 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | ||||
| CVE-2026-21631 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-23899 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-21629 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-23898 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | ||||
| CVE-2026-21630 | 1 Joomla | 1 Joomla! | 2026-04-03 | N/A |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | ||||
| CVE-2026-35091 | 2 Corosync, Redhat | 4 Corosync, Enterprise Linux, Openshift and 1 more | 2026-04-03 | 8.2 High |
| A flaw was found in Corosync. A remote unauthenticated attacker can exploit a wrong return value vulnerability in the Corosync membership commit token sanity check by sending a specially crafted User Datagram Protocol (UDP) packet. This can lead to an out-of-bounds read, causing a denial of service (DoS) and potentially disclosing limited memory contents. This vulnerability affects Corosync when running in totemudp/totemudpu mode, which is the default configuration. | ||||
| CVE-2026-24068 | 1 Vienna Symphonic Library | 1 Vienna Assistant | 2026-04-03 | 8.8 High |
| The VSL privileged helper does utilize NSXPC for IPC. The implementation of the "shouldAcceptNewConnection" function, which is used by the NSXPC framework to validate if a client should be allowed to connect to the XPC listener, does not validate clients at all. This means that any process can connect to this service using the configured protocol. A malicious process is able to call all the functions defined in the corresponding HelperToolProtocol. No validation is performed in the functions "writeReceiptFile" and “runUninstaller” of the HelperToolProtocol. This allows an attacker to write files to any location with any data as well as execute any file with any arguments. Any process can call these functions because of the missing XPC client validation described before. The abuse of the missing endpoint validation leads to privilege escalation. | ||||