Export limit exceeded: 341843 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341843 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (341843 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33977 | 1 Freerdp | 1 Freerdp | 2026-04-01 | 6.5 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sending audio data in IMA ADPCM format with an invalid initial step index value (>= 89). The unvalidated step index is read directly from the network and used to index into a 89-entry lookup table, triggering a WINPR_ASSERT() failure and process abort via SIGABRT. This affects any FreeRDP client that has audio redirection (RDPSND) enabled, which is the default configuration. This issue has been patched in version 3.24.2. | ||||
| CVE-2026-33982 | 1 Freerdp | 1 Freerdp | 2026-04-01 | 7.1 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, there is a heap-buffer-overflow READ vulnerability at 24 bytes before the allocation, in winpr_aligned_offset_recalloc(). This issue has been patched in version 3.24.2. | ||||
| CVE-2026-33983 | 1 Freerdp | 1 Freerdp | 2026-04-01 | 6.5 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, progressive_decompress_tile_upgrade() detects a mismatch via progressive_rfx_quant_cmp_equal() but only emits WLog_WARN, execution continues. The wrapped value (247) is used as a shift exponent, causing undefined behavior and an approximately 80 billion iteration loop (CPU DoS). This issue has been patched in version 3.24.2. | ||||
| CVE-2026-33985 | 1 Freerdp | 1 Freerdp | 2026-04-01 | 5.9 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, pixel data from adjacent heap memory is rendered to screen, potentially leaking sensitive data to the attacker. This issue has been patched in version 3.24.2. | ||||
| CVE-2026-34442 | 1 Freescout | 1 Freescout | 2026-04-01 | 5.4 Medium |
| FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Prior to version 1.8.211, host header manipulation in FreeScout version (http://localhost:8080/system/status) allows an attacker to inject an arbitrary domain into generated absolute URLs. This leads to External Resource Loading and Open Redirect behavior. When the application constructs links and assets using the unvalidated Host header, user requests can be redirected to attacker-controlled domains and external resources may be loaded from malicious servers. This issue has been patched in version 1.8.211. | ||||
| CVE-2026-33986 | 1 Freerdp | 1 Freerdp | 2026-04-01 | 7.5 High |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, in yuv_ensure_buffer() in libfreerdp/codec/h264.c, h264->width and h264->height are updated before the reallocation loop. If any winpr_aligned_recalloc() call fails, the function returns FALSE but width/height are already inflated. This issue has been patched in version 3.24.2. | ||||
| CVE-2026-21630 | 2026-04-01 | N/A | ||
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | ||||
| CVE-2026-21629 | 2026-04-01 | N/A | ||
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-34506 | 1 Openclaw | 1 Openclaw | 2026-04-01 | 4.3 Medium |
| OpenClaw before 2026.3.8 contains a sender allowlist bypass vulnerability in its Microsoft Teams plugin that allows unauthorized senders to bypass intended authorization checks. When a team/channel route allowlist is configured with an empty groupAllowFrom parameter, the message handler synthesizes wildcard sender authorization, permitting any sender in the matched team/channel to trigger replies in allowlisted Teams routes. | ||||
| CVE-2026-33576 | 1 Openclaw | 1 Openclaw | 2026-04-01 | 6.5 Medium |
| OpenClaw before 2026.3.28 downloads and stores inbound media from Zalo channels before validating sender authorization. Unauthorized senders can force network fetches and disk writes to the media store by sending messages that are subsequently rejected. | ||||
| CVE-2026-33577 | 1 Openclaw | 1 Openclaw | 2026-04-01 | 8.1 High |
| OpenClaw before 2026.3.28 contains an insufficient scope validation vulnerability in the node pairing approval path that allows low-privilege operators to approve nodes with broader scopes. Attackers can exploit missing callerScopes validation in node-pairing.ts to extend privileges onto paired nodes beyond their authorization level. | ||||
| CVE-2026-4789 | 1 Kyverno | 1 Kyverno | 2026-04-01 | 9.8 Critical |
| Kyverno, versions 1.16.0 and later, are vulnerable to SSRF due to unrestricted CEL HTTP functions. | ||||
| CVE-2026-35000 | 2026-04-01 | 6.5 Medium | ||
| ChangeDetection.io versions prior to 0.54.7 contain a protection bypass vulnerability in the SafeXPath3Parser implementation that allows attackers to read arbitrary local files by using unblocked XPath 3.0/3.1 functions such as json-doc() and similar file-access primitives. Attackers can exploit the incomplete blocklist of dangerous XPath functions to access sensitive data from the local filesystem. | ||||
| CVE-2026-34875 | 2026-04-01 | 9.8 Critical | ||
| An issue was discovered in Mbed TLS through 3.6.5 and TF-PSA-Crypto 1.0.0. A buffer overflow can occur in public key export for FFDH keys. | ||||
| CVE-2026-34604 | 2026-04-01 | 7.1 High | ||
| Tina is a headless content management system. Prior to version 2.2.2, @tinacms/graphql uses string-based path containment checks in FilesystemBridge. That blocks plain ../ traversal, but it does not resolve symlink or junction targets. If a symlink/junction already exists under the allowed content root, a path like content/posts/pivot/owned.md is still considered "inside" the base even though the real filesystem target can be outside it. As a result, FilesystemBridge.get(), put(), delete(), and glob() can operate on files outside the intended root. This issue has been patched in version 2.2.2. | ||||
| CVE-2026-33029 | 1 0xjacky | 1 Nginx-ui | 2026-04-01 | 6.5 Medium |
| Nginx UI is a web user interface for the Nginx web server. Prior to version 2.3.4, an input validation vulnerability in the logrotate configuration allows an authenticated user to cause a complete Denial of Service (DoS). By submitting a negative integer for the rotation interval, the backend enters an infinite loop or an invalid state, rendering the web interface unresponsive. This issue has been patched in version 2.3.4. | ||||
| CVE-2026-32275 | 1 Tautulli | 1 Tautulli | 2026-04-01 | 9.1 Critical |
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0. | ||||
| CVE-2026-31027 | 2026-04-01 | 9.8 Critical | ||
| TOTOlink A3600R v5.9c.4959 contains a buffer overflow vulnerability in the setAppEasyWizardConfig interface of /lib/cste_modules/app.so. The vulnerability occurs because the rootSsid parameter is not properly validated for length, allowing remote attackers to trigger a buffer overflow, potentially leading to arbitrary code execution or denial of service. | ||||
| CVE-2026-30643 | 2026-04-01 | 9.8 Critical | ||
| An issue was discovered in DedeCMS 5.7.118 allowing attackers to execute code via crafted setup tag values in a module upload. | ||||
| CVE-2026-30314 | 2026-04-01 | 9.8 Critical | ||
| Ridvay Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Ridvay Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction. | ||||