Export limit exceeded: 342291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342291 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34118 | 1 Tp-link | 1 Tapo C520ws V2 | 2026-04-03 | N/A |
| A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 in the HTTP POST body parsing logic due to missing validation of remaining buffer capacity after dynamic allocation, due to insufficient boundary validation when handling externally supplied HTTP input. An attacker on the same network segment could trigger heap memory corruption conditions by sending crafted payloads that cause write operations beyond allocated buffer boundaries. Successful exploitation causes a Denial-of-Service (DoS) condition, causing the device’s process to crash or become unresponsive. | ||||
| CVE-2026-33746 | 1 Convoypanel | 1 Panel | 2026-04-03 | 9.8 Critical |
| Convoy is a KVM server management panel for hosting businesses. From version 3.9.0-beta to before version 4.5.1, the JWTService::decode() method did not verify the cryptographic signature of JWT tokens. While the method configured a symmetric HMAC-SHA256 signer via lcobucci/jwt, it only validated time-based claims (exp, nbf, iat) using the StrictValidAt constraint. The SignedWith constraint was not included in the validation step. This means an attacker could forge or tamper with JWT token payloads — such as modifying the user_uuid claim — and the token would be accepted as valid, as long as the time-based claims were satisfied. This directly impacts the SSO authentication flow (LoginController::authorizeToken), allowing an attacker to authenticate as any user by crafting a token with an arbitrary user_uuid. This issue has been patched in version 4.5.1. | ||||
| CVE-2026-33271 | 1 Acronis | 1 True Image | 2026-04-03 | N/A |
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 42902. | ||||
| CVE-2026-30603 | 1 Qianniao | 1 Qn-l23pa0904 | 2026-04-03 | 6.8 Medium |
| An issue in the firmware update mechanism of Qianniao QN-L23PA0904 v20250721.1640 allows attackers to gain root access, install backdoors, and exfiltrate data via supplying a crafted iu.sh script contained in an SD card. | ||||
| CVE-2026-30332 | 1 Balena-io | 1 Etcher | 2026-04-03 | 7.5 High |
| A Time-of-Check to Time-of-Use (TOCTOU) race condition vulnerability in Balena Etcher for Windows prior to v2.1.4 allows attackers to escalate privileges and execute arbitrary code via replacing a legitimate script with a crafted payload during the flashing process. | ||||
| CVE-2026-28728 | 1 Acronis | 1 True Image | 2026-04-03 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis True Image (Windows) before build 42902. | ||||
| CVE-2026-35507 | 1 Milesmcc | 1 Shynet | 2026-04-03 | 6.4 Medium |
| Shynet before 0.14.0 allows Host header injection in the password reset flow. | ||||
| CVE-2026-35508 | 1 Milesmcc | 1 Shynet | 2026-04-03 | 5.4 Medium |
| Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters, | ||||
| CVE-2026-35387 | 1 Openbsd | 1 Openssh | 2026-04-03 | 3.1 Low |
| OpenSSH before 10.3 can use unintended ECDSA algorithms. Listing of any ECDSA algorithm in PubkeyAcceptedAlgorithms or HostbasedAcceptedAlgorithms is misinterpreted to mean all ECDSA algorithms. | ||||
| CVE-2026-35538 | 1 Roundcube | 1 Webmail | 2026-04-03 | 3.1 Low |
| An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF bypass during mail search. | ||||
| CVE-2026-35539 | 1 Roundcube | 1 Webmail | 2026-04-03 | 6.1 Medium |
| An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mode. A victim must preview a text/html attachment. | ||||
| CVE-2026-35388 | 1 Openbsd | 1 Openssh | 2026-04-03 | 2.5 Low |
| OpenSSH before 10.3 omits connection multiplexing confirmation for proxy-mode multiplexing sessions. | ||||
| CVE-2026-35536 | 1 Tornadoweb | 1 Tornado | 2026-04-03 | 7.2 High |
| In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were not checked for crafted characters. | ||||
| CVE-2026-34817 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the ADDRESS BCC parameter to /cgi-bin/smtprouting.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34821 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/vpnauthentication/user/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34974 | 1 Thorsten | 1 Phpmyfaq | 2026-04-03 | 5.4 Medium |
| phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ (SvgSanitizer.php) can be bypassed using HTML entity encoding in javascript: URLs within SVG <a href> attributes. Any user with edit_faq permission can upload a malicious SVG that executes arbitrary JavaScript when viewed, enabling privilege escalation from editor to full admin takeover. This issue has been patched in version 4.1.1. | ||||
| CVE-2026-34823 | 1 Endian | 1 Firewall | 2026-04-03 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/password/web/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-5346 | 1 Huimeicloud | 1 Hm Editor | 2026-04-03 | 7.3 High |
| A vulnerability was determined in huimeicloud hm_editor up to 2.2.3. Impacted is the function client.get of the file src/mcp-server.js of the component image-to-base64 Endpoint. Executing a manipulation of the argument url can lead to server-side request forgery. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5350 | 1 Trendnet | 2 Tew-657brm, Tew-657brm Firmware | 2026-04-03 | 8.8 High |
| A security flaw has been discovered in Trendnet TEW-657BRM 1.00.1. The impacted element is the function update_pcdb of the file /setup.cgi. The manipulation of the argument mac_pc_dba results in stack-based buffer overflow. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-34762 | 1 Ellanetworks | 1 Core | 2026-04-03 | 2.7 Low |
| Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from both the URL path and the JSON request body but never verifies they match. This allows an authenticated NetworkManager to modify any subscriber's policy while the audit trail records a fabricated or unrelated subscriber IMSI. This issue has been patched in version 1.8.0. | ||||