Export limit exceeded: 343793 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343793 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-39983 | 2026-04-09 | 8.6 High | ||
| basic-ftp is an FTP client for Node.js. Prior to 5.2.1, basic-ftp allows FTP command injection via CRLF sequences (\r\n) in file path parameters passed to high-level path APIs such as cd(), remove(), rename(), uploadFrom(), downloadTo(), list(), and removeDir(). The library's protectWhitespace() helper only handles leading spaces and returns other paths unchanged, while FtpContext.send() writes the resulting command string directly to the control socket with \r\n appended. This lets attacker-controlled path strings split one intended FTP command into multiple commands. This vulnerability is fixed in 5.2.1. | ||||
| CVE-2026-35577 | 2026-04-09 | 6.8 Medium | ||
| Apollo MCP Server is a Model Context Protocol server that exposes GraphQL operations as MCP tools. Prior to version 1.7.0, the Apollo MCP Server did not validate the Host header on incoming HTTP requests when using StreamableHTTP transport. In configurations where an HTTP-based MCP server is run on localhost without additional authentication or network-level controls, this could potentially allow a malicious website—visited by a user running the server locally—to use DNS rebinding techniques to bypass same-origin policy restrictions and issue requests to the local MCP server. If successfully exploited, this could allow an attacker to invoke tools or access resources exposed by the MCP server on behalf of the local user. This issue is limited to HTTP-based transport modes (StreamableHTTP). It does not affect servers using stdio transport. The practical risk is further reduced in deployments that use authentication, network-level access controls, or are not bound to localhost. This vulnerability is fixed in 1.7.0. | ||||
| CVE-2026-35063 | 2026-04-09 | N/A | ||
| OpenPLC_V3 REST API endpoint checks for JWT presence but never verifies the caller's role. Any authenticated user with role=user can delete any other user, including administrators, by specifying their user ID or they can create new accounts with role=admin, escalating to full administrator access. | ||||
| CVE-2026-34734 | 2026-04-09 | 7.8 High | ||
| HDF5 is software for managing data. In 1.14.1-2 and earlier, a heap-use-after-free was found in the h5dump helper utility. An attacker who can supply a malicious h5 file can trigger a heap use-after-free. The freed object is referenced in a memmove call from H5T__conv_struct. The original object was allocated by H5D__typeinfo_init_phase3 and freed by H5D__typeinfo_term. | ||||
| CVE-2026-34486 | 2026-04-09 | N/A | ||
| Missing Encryption of Sensitive Data vulnerability in Apache Tomcat due to the fix for CVE-2026-29146 allowing the bypass of the EncryptInterceptor. This issue affects Apache Tomcat: 11.0.20, 10.1.53, 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | ||||
| CVE-2026-32990 | 2026-04-09 | N/A | ||
| Improper Input Validation vulnerability in Apache Tomcat due to an incomplete fix of CVE-2025-66614. This issue affects Apache Tomcat: from 11.0.15 through 11.0.19, from 10.1.50 through 10.1.52, from 9.0.113 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. | ||||
| CVE-2026-29923 | 2026-04-09 | N/A | ||
| The pstrip64.sys driver in EnTech Taiwan PowerStrip <=3.90.736 allows local users to escalate privileges to SYSTEM via a crafted IOCTL request enabling unprivileged users to map arbitrary physical memory into their address space and modify critical kernel structures. | ||||
| CVE-2025-13926 | 2026-04-09 | 9.8 Critical | ||
| An attacker could use data obtained by sniffing the network traffic to forge packets in order to make arbitrary requests to Contemporary Controls BASC 20T. | ||||
| CVE-2026-5890 | 1 Google | 1 Chrome | 2026-04-09 | N/A |
| Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-21629 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 7.3 High |
| The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers. | ||||
| CVE-2026-21630 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 8.8 High |
| Improperly built order clauses lead to a SQL injection vulnerability in the articles webservice endpoint. | ||||
| CVE-2026-21632 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 5.4 Medium |
| Lack of output escaping for article titles leads to XSS vectors in various locations. | ||||
| CVE-2026-23899 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 8.8 High |
| An improper access check allows unauthorized access to webservice endpoints. | ||||
| CVE-2026-23898 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 7.2 High |
| Lack of input validation leads to an arbitrary file deletion vulnerability in the autoupdate server mechanism. | ||||
| CVE-2026-21631 | 1 Joomla | 2 Joomla!, Joomla\! | 2026-04-09 | 5.4 Medium |
| Lack of output escaping leads to a XSS vector in the multilingual associations component. | ||||
| CVE-2026-39892 | 1 Pyca | 1 Cryptography | 2026-04-09 | 5.3 Medium |
| cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7. | ||||
| CVE-2026-4079 | 3 Guaven, Sql Chart Builder, Wordpress | 3 Sql Chart Builder, Sql Chart Builder, Wordpress | 2026-04-09 | 6.5 Medium |
| The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality. | ||||
| CVE-2025-9920 | 1 Campcodes | 1 Online Recruitment Management System | 2026-04-09 | 4.7 Medium |
| A security flaw has been discovered in Campcodes Recruitment Management System 1.0. This impacts the function include of the file /admin/index.php. The manipulation of the argument page results in file inclusion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exploited. | ||||
| CVE-2025-3783 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2026-04-09 | 6.3 Medium |
| A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /add-product.php. The manipulation of the argument Avatar leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-56018 | 2 Senior-walter, Sourcecodester | 2 Web-based Pharmacy Product Management System, Web-based Pharmacy Product Management System | 2026-04-09 | 6.1 Medium |
| SourceCodester Web-based Pharmacy Product Management System V1.0 is vulnerable to Cross Site Scripting (XSS) in Category Management via the category name field. | ||||