Export limit exceeded: 342216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342216 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342216 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34813 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the user parameter to /cgi-bin/proxyuser.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2025-13916 | 1 Ibm | 1 Aspera Shares | 2026-04-03 | 5.9 Medium |
| IBM Aspera Shares 1.9.9 through 1.11.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information | ||||
| CVE-2025-36373 | 1 Ibm | 3 Datapower Gateway 1050, Datapower Gateway 1060, Datapower Gateway 106cd | 2026-04-03 | 4.1 Medium |
| IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway could disclose sensitive system information from other domains to an administrative user. | ||||
| CVE-2026-22815 | 1 Aio-libs | 1 Aiohttp | 2026-04-03 | 5.3 Medium |
| AIOHTTP is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.13.4, insufficient restrictions in header/trailer handling could cause uncapped memory usage. This issue has been patched in version 3.13.4. | ||||
| CVE-2026-26928 | 1 Krajowa Izba Rozliczeniowa | 1 Szafirhost | 2026-04-03 | N/A |
| SzafirHost downloads necessary files in the context of the initiating web page. When called, SzafirHost updates its dynamic library. JAR files are correctly verified based on a list of trusted file hashes, and if a file was not on that list, it was checked to see if it had been digitally signed by the vendor. The application doesn't verify hash or vendor's digital signature of uploaded DLL, SO, JNILIB or DYLIB file. The attacker can provide malicious file which will be saved in users /temp folder and executed by the application. This issue was fixed in version 1.1.0. | ||||
| CVE-2026-27489 | 1 Onnx | 1 Onnx | 2026-04-03 | 8.6 High |
| Open Neural Network Exchange (ONNX) is an open standard for machine learning interoperability. Prior to version 1.21.0, a path traversal vulnerability via symlink allows to read arbitrary files outside model or user-provided directory. This issue has been patched in version 1.21.0. | ||||
| CVE-2026-28805 | 1 Devcode | 1 Openstamanager | 2026-04-03 | 8.8 High |
| OpenSTAManager is an open source management software for technical assistance and invoicing. Prior to version 2.10.2, multiple AJAX select handlers in OpenSTAManager are vulnerable to Time-Based Blind SQL Injection through the options[stato] GET parameter. The user-supplied value is read from $superselect['stato'] and concatenated directly into SQL WHERE clauses as a bare expression, without any sanitization, parameterization, or allowlist validation. An authenticated attacker can inject arbitrary SQL statements to extract sensitive data from the database, including usernames, password hashes, financial records, and any other information stored in the MySQL database. This issue has been patched in version 2.10.2. | ||||
| CVE-2026-29132 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. | ||||
| CVE-2026-29135 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | ||||
| CVE-2026-29137 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | ||||
| CVE-2026-29139 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | ||||
| CVE-2026-29141 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | ||||
| CVE-2026-29144 | 1 Seppmail | 1 Seppmail Secure Email Gateway | 2026-04-03 | N/A |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | ||||
| CVE-2026-32629 | 1 Thorsten | 1 Phpmyfaq | 2026-04-03 | N/A |
| phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, an unauthenticated attacker can submit a guest FAQ with an email address that is syntactically valid per RFC 5321 (quoted local part) yet contains raw HTML — for example "<script>alert(1)</script>"@evil.com. PHP's FILTER_VALIDATE_EMAIL accepts this email as valid. The email is stored in the database without HTML sanitization and later rendered in the admin FAQ editor template using Twig's |raw filter, which bypasses auto-escaping entirely. This issue has been patched in version 4.1.1. | ||||
| CVE-2026-32871 | 1 Prefecthq | 1 Fastmcp | 2026-04-03 | N/A |
| FastMCP is a Pythonic way to build MCP servers and clients. Prior to version 3.2.0, the OpenAPIProvider in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The RequestDirector class is responsible for constructing HTTP requests to the backend service. A vulnerability exists in the _build_url() method. When an OpenAPI operation defines path parameters (e.g., /api/v1/users/{user_id}), the system directly substitutes parameter values into the URL template string without URL-encoding. Subsequently, urllib.parse.urljoin() resolves the final URL. Since urljoin() interprets ../ sequences as directory traversal, an attacker controlling a path parameter can perform path traversal attacks to escape the intended API prefix and access arbitrary backend endpoints. This results in authenticated SSRF, as requests are sent with the authorization headers configured in the MCP provider. This issue has been patched in version 3.2.0. | ||||
| CVE-2026-32926 | 1 Fujielectric | 1 V-sft | 2026-04-03 | 7.8 High |
| V-SFT versions 6.2.10.0 and prior contain an out-of-bounds read vulnerability in VS6ComFile!load_link_inf. Opening a crafted V7 file may lead to information disclosure from the affected product. | ||||
| CVE-2026-32928 | 1 Fujielectric | 1 V-sft | 2026-04-03 | 7.8 High |
| V-SFT versions 6.2.10.0 and prior contain a stack-based buffer overflow in VS6ComFile!CSaveData::_conv_AnimationItem. Opening a crafted V7 file may lead to arbitrary code execution on the affected product. | ||||
| CVE-2026-33615 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2026-04-03 | 9.1 Critical |
| An unauthenticated remote attacker can exploit an unauthenticated SQL Injection vulnerability in the setinfo endpoint due to improper neutralization of special elements in a SQL UPDATE command. This can result in a total loss of integrity and availability. | ||||
| CVE-2026-34236 | 1 Auth0 | 1 Auth0-php | 2026-04-03 | 8.2 High |
| Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. From version 8.0.0 to before version 8.19.0, in applications built with the Auth0 PHP SDK, cookies are encrypted with insufficient entropy, which may result in threat actors brute-forcing the encryption key and forging session cookies. This issue has been patched in version 8.19.0. | ||||
| CVE-2026-34376 | 1 Mrmn2 | 1 Pdfding | 2026-04-03 | 7.5 High |
| PdfDing is a selfhosted PDF manager, viewer and editor offering a seamless user experience on multiple devices. Prior to version 1.7.0, an access-control vulnerability allows unauthenticated users to retrieve password-protected shared PDFs by directly calling the file-serving endpoint without completing the password verification flow. This results in unauthorized access to confidential documents that users expected to be protected by a shared-link password. This issue has been patched in version 1.7.0. | ||||