Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343482 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343482 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30075 | 2026-04-08 | N/A | ||
| OpenAirInterface Version 2.2.0 has a Buffer Overflow vulnerability in processing UplinkNASTransport containing Authentication Response containing a NAS PDU with oversize response (For example 100 byte). The response is decoded by AMF and passed to the AUSF component for verification. AUSF crashes on receiving this oversize response. This can prohibit users from further registration and verification and can cause Denial of Services (DoS). | ||||
| CVE-2026-39888 | 2026-04-08 | 10 Critical | ||
| PraisonAI is a multi-agent teams system. Prior to 1.5.115, execute_code() in praisonaiagents.tools.python_tools defaults to sandbox_mode="sandbox", which runs user code in a subprocess wrapped with a restricted __builtins__ dict and an AST-based blocklist. The AST blocklist embedded inside the subprocess wrapper (blocked_attrs of python_tools.py) contains only 11 attribute names — a strict subset of the 30+ names blocked in the direct-execution path. The four attributes that form a frame-traversal chain out of the sandbox are all absent from the subprocess list (__traceback__, tb_frame, f_back, and f_builtins). Chaining these attributes through a caught exception exposes the real Python builtins dict of the subprocess wrapper frame, from which exec can be retrieved and called under a non-blocked variable name — bypassing every remaining security layer. This vulnerability is fixed in 1.5.115. | ||||
| CVE-2026-39889 | 2026-04-08 | 7.5 High | ||
| PraisonAI is a multi-agent teams system. Prior to 4.5.115, the A2U (Agent-to-User) event stream server in PraisonAI exposes all agent activity without authentication. The create_a2u_routes() function registers the following endpoints with NO authentication checks: /a2u/info, /a2u/subscribe, /a2u/events/{stream_name}, /a2u/events/sub/{id}, and /a2u/health. This vulnerability is fixed in 4.5.115. | ||||
| CVE-2026-39890 | 2026-04-08 | 9.8 Critical | ||
| PraisonAI is a multi-agent teams system. Prior to 4.5.115, the AgentService.loadAgentFromFile method uses the js-yaml library to parse YAML files without disabling dangerous tags (such as !!js/function and !!js/undefined). This allows an attacker to craft a malicious YAML file that, when parsed, executes arbitrary JavaScript code. An attacker can exploit this vulnerability by uploading a malicious agent definition file via the API endpoint, leading to remote code execution (RCE) on the server. This vulnerability is fixed in 4.5.115. | ||||
| CVE-2026-39891 | 2026-04-08 | 8.8 High | ||
| PraisonAI is a multi-agent teams system. Prior to 4.5.115, the create_agent_centric_tools() function returns tools (like acp_create_file) that process file content using template rendering. When user input from agent.start() is passed directly into these tools without escaping, template expressions in the input are executed rather than treated as literal text. This vulnerability is fixed in 4.5.115. | ||||
| CVE-2026-25044 | 1 Budibase | 1 Budibase | 2026-04-08 | 8.8 High |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, the bash automation step executes user-provided commands using execSync without proper sanitization or validation. User input is processed through processStringSync which allows template interpolation, potentially allowing arbitrary command execution. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-31818 | 1 Budibase | 1 Budibase | 2026-04-08 | 9.6 Critical |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the BLACKLIST_IPS environment variable is not set by default in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns false, allowing all requests through without restriction. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35214 | 1 Budibase | 1 Budibase | 2026-04-08 | 8.7 High |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, the plugin file upload endpoint (POST /api/plugin/upload) passes the user-supplied filename directly to createTempFolder() without sanitizing path traversal sequences. An attacker with Global Builder privileges can craft a multipart upload with a filename containing ../ to delete arbitrary directories via rmSync and write arbitrary files via tarball extraction to any filesystem path the Node.js process can access. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35216 | 1 Budibase | 1 Budibase | 2026-04-08 | 9.1 Critical |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35218 | 1 Budibase | 1 Budibase | 2026-04-08 | 8.7 High |
| Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive without any sanitization. An authenticated user with Builder access can create a table, automation, view, or query whose name contains an HTML payload (e.g. <img src=x onerror=alert(document.domain)>). When any Builder-role user in the same workspace opens the Command Palette (Ctrl+K), the payload executes in their browser, stealing their session cookie and enabling full account takeover. This issue has been patched in version 3.32.5. | ||||
| CVE-2025-47392 | 1 Qualcomm | 309 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 306 more | 2026-04-08 | 8.8 High |
| Memory corruption when decoding corrupted satellite data files with invalid signature offsets. | ||||
| CVE-2025-47391 | 1 Qualcomm | 203 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 200 more | 2026-04-08 | 7.8 High |
| Memory corruption while processing a frame request from user. | ||||
| CVE-2025-47390 | 1 Qualcomm | 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more | 2026-04-08 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||
| CVE-2025-47389 | 1 Qualcomm | 363 Ar8035, Ar8035 Firmware, Cologne and 360 more | 2026-04-08 | 7.8 High |
| Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||||
| CVE-2025-47374 | 1 Qualcomm | 61 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 58 more | 2026-04-08 | 6.5 Medium |
| Memory Corruption when accessing freed memory due to concurrent fence deregistration and signal handling. | ||||
| CVE-2026-21374 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-08 | 7.8 High |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21373 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-08 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21372 | 1 Qualcomm | 57 Cologne, Cologne Firmware, Fastconnect 6700 and 54 more | 2026-04-08 | 7.8 High |
| Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | ||||
| CVE-2026-21371 | 1 Qualcomm | 105 Aqt1000, Aqt1000 Firmware, Cologne and 102 more | 2026-04-08 | 7.8 High |
| Memory Corruption when retrieving output buffer with insufficient size validation. | ||||
| CVE-2026-21367 | 1 Qualcomm | 301 Ar8035, Ar8035 Firmware, Cologne and 298 more | 2026-04-08 | 7.6 High |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | ||||