Export limit exceeded: 343363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39412 | 2026-04-08 | 5.3 Medium | ||
| LiquidJS is a Shopify / GitHub Pages compatible template engine in pure JavaScript. Prior to 10.25.4, the sort_natural filter bypasses the ownPropertyOnly security option, allowing template authors to extract values of prototype-inherited properties through a sorting side-channel attack. Applications relying on ownPropertyOnly: true as a security boundary (e.g., multi-tenant template systems) are exposed to information disclosure of sensitive prototype properties such as API keys and tokens. This vulnerability is fixed in 10.25.4. | ||||
| CVE-2026-39411 | 2026-04-08 | 5 Medium | ||
| LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui. This vulnerability is fixed in 2.1.48. | ||||
| CVE-2017-20227 | 1 Varaneckas | 1 Jad Java Decompiler | 2026-04-08 | 9.8 Critical |
| JAD Java Decompiler 1.5.8e-1kali1 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying overly long input that exceeds buffer boundaries. Attackers can craft malicious input passed to the jad command to overflow the stack and execute a return-oriented programming chain that spawns a shell. | ||||
| CVE-2018-25225 | 2 Sipp, Sipp Project | 2 Sipp, Sipp | 2026-04-08 | 8.4 High |
| SIPP 3.3 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious input in the configuration file. Attackers can craft a configuration file with oversized values that overflow a stack buffer, overwriting the return address and executing arbitrary code through return-oriented programming gadgets. | ||||
| CVE-2026-24147 | 1 Nvidia | 1 Triton Inference Server | 2026-04-08 | 4.8 Medium |
| NVIDIA Triton Inference Server contains a vulnerability in triton server where an attacker may cause an information disclosure by uploading a model configuration. A successful exploit of this vulnerability may lead to information disclosure or denial of service. | ||||
| CVE-2026-24173 | 1 Nvidia | 1 Triton Inference Server | 2026-04-08 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24174 | 1 Nvidia | 1 Triton Inference Server | 2026-04-08 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request to the server. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-24175 | 1 Nvidia | 1 Triton Inference Server | 2026-04-08 | 7.5 High |
| NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a server crash by sending a malformed request header to the server. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2026-39321 | 1 Parse Community | 1 Parse Server | 2026-04-08 | N/A |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.8.0-alpha.6 and 8.6.74, he login endpoint response time differs measurably depending on whether the submitted username or email exists in the database. When a user is not found, the server responds immediately. When a user exists but the password is wrong, a bcrypt comparison runs first, adding significant latency. This timing difference allows an unauthenticated attacker to enumerate valid usernames. This vulnerability is fixed in 9.8.0-alpha.6 and 8.6.74. | ||||
| CVE-2026-39324 | 1 Rack | 1 Rack-session | 2026-04-08 | N/A |
| Rack::Session is a session management implementation for Rack. From 2.0.0 to before 2.1.2, Rack::Session::Cookie incorrectly handles decryption failures when configured with secrets:. If cookie decryption fails, the implementation falls back to a default decoder instead of rejecting the cookie. This allows an unauthenticated attacker to supply a crafted session cookie that is accepted as valid session data without knowledge of any configured secret. Because this mechanism is used to load session state, an attacker can manipulate session contents and potentially gain unauthorized access. This vulnerability is fixed in 2.1.2. | ||||
| CVE-2026-39345 | 1 Orangehrm | 1 Orangehrm | 2026-04-08 | N/A |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source fails to restrict email template file resolution to the intended plugins directory, allowing an authenticated actor who can influence the template path to read arbitrary local files. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-39346 | 1 Orangehrm | 1 Orangehrm | 2026-04-08 | N/A |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source allowed authenticated users to bypass disabled-module access controls via URL-encoded request paths and access functionality of modules disabled by an administrator. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-39347 | 1 Orangehrm | 1 Orangehrm | 2026-04-08 | N/A |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source accepts changes to self-appraisal submissions for administrator users after those submissions have been marked completed, breaking integrity of finalized appraisal records. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-39348 | 1 Orangehrm | 1 Orangehrm | 2026-04-08 | N/A |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source omits authorization on job specification and vacancy attachment download handlers, allowing authenticated low-privilege users to read attachments via direct reference to attachment identifiers. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-39349 | 1 Orangehrm | 1 Orangehrm | 2026-04-08 | N/A |
| OrangeHRM is a comprehensive human resource management (HRM) system. From 5.0 to 5.8, OrangeHRM Open Source encrypts certain sensitive fields with AES in ECB mode, which preserves block-aligned plaintext patterns in ciphertext and enables pattern disclosure against stored data. This vulnerability is fixed in 5.8.1. | ||||
| CVE-2026-5736 | 1 Powerjob | 1 Powerjob | 2026-04-08 | 7.3 High |
| A vulnerability was identified in PowerJob 5.1.0/5.1.1/5.1.2. Impacted is an unknown function of the file powerjob-server/powerjob-server-starter/src/main/java/tech/powerjob/server/web/controller/InstanceController.java of the component detailPlus Endpoint. The manipulation of the argument customQuery leads to sql injection. Remote exploitation of the attack is possible. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-39351 | 1 Frappe | 1 Frappe | 2026-04-08 | N/A |
| Frappe is a full-stack web application framework. Prior to 16.14.0 and 15.104.0, Frappe allows unrestricted Doctype access via API exploit. | ||||
| CVE-2026-39354 | 1 Erudika | 1 Scoold | 2026-04-08 | 6.5 Medium |
| Scoold is a Q&A and a knowledge sharing platform for teams. Prior to 1.66.2, an authenticated authorization flaw in Scoold allows any logged-in, low-privilege user to overwrite another user's existing question by supplying that question's public ID as the postId parameter to POST /questions/ask. Because question IDs are exposed in normal question URLs, a low-privilege attacker can take a victim question ID from a public page and cause attacker-controlled content to be stored under that existing question object. This causes direct integrity loss of user-generated content and corrupts the integrity of the existing discussion thread. This vulnerability is fixed in 1.66.2. | ||||
| CVE-2026-39355 | 1 Mgeurts | 1 Genealogy | 2026-04-08 | 10 Critical |
| Genealogy is a family tree PHP application. Prior to 5.9.1, a critical broken access control vulnerability in the genealogy application allows any authenticated user to transfer ownership of arbitrary non-personal teams to themselves. This enables complete takeover of other users’ team workspaces and unrestricted access to all genealogy data associated with the compromised team. This vulnerability is fixed in 5.9.1. | ||||
| CVE-2026-39360 | 1 Rustfs | 1 Rustfs | 2026-04-08 | N/A |
| RustFS is a distributed object storage system built in Rust. Prior to alpha.90, RustFS contains a missing authorization check in the multipart copy path (UploadPartCopy). A low-privileged user who cannot read objects from a victim bucket can still exfiltrate victim objects by copying them into an attacker-controlled multipart upload and completing the upload. This breaks tenant isolation in multi-user / multi-tenant deployments. This vulnerability is fixed in alpha.90. | ||||