Export limit exceeded: 343523 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343523 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50653 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /time_group.asp endpoint. | ||||
| CVE-2025-50655 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /thd_group.asp endpoint. | ||||
| CVE-2025-50660 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /url_member.asp endpoint. | ||||
| CVE-2025-50661 | 1 D-link | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of multiple parameters in the /url_rule.asp endpoint. An attacker can exploit this vulnerability by sending a crafted HTTP GET request with parameters name, en, ips, u, time, act, rpri, and log. | ||||
| CVE-2025-50663 | 1 Dlink | 1 Di-8003 | 2026-04-09 | N/A |
| A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name parameter in the /usb_paswd.asp endpoint. | ||||
| CVE-2026-32289 | 1 Go Standard Library | 1 Html/template | 2026-04-09 | 5.4 Medium |
| Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities. | ||||
| CVE-2026-27144 | 1 Gotoolchain | 1 Cmd/compile | 2026-04-09 | 8.1 High |
| The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime. | ||||
| CVE-2026-27143 | 1 Gotoolchain | 1 Cmd/compile | 2026-04-09 | 8.1 High |
| Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption. | ||||
| CVE-2026-32288 | 1 Go Standard Library | 1 Archive/tar | 2026-04-09 | 4.3 Medium |
| tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. | ||||
| CVE-2026-32281 | 1 Go Standard Library | 1 Crypto/x509 | 2026-04-09 | 5.9 Medium |
| Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool. | ||||
| CVE-2026-32280 | 1 Go Standard Library | 1 Crypto/x509 | 2026-04-09 | 7.5 High |
| During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. | ||||
| CVE-2026-39666 | 2 Telepathy, Wordpress | 2 Hello Bar Popup Builder, Wordpress | 2026-04-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in telepathy Hello Bar Popup Builder hellobar allows DOM-Based XSS.This issue affects Hello Bar Popup Builder: from n/a through <= 1.5.1. | ||||
| CVE-2026-39668 | 2 G5theme, Wordpress | 2 Book Previewer For Woocommerce, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in g5theme Book Previewer for Woocommerce book-previewer-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Book Previewer for Woocommerce: from n/a through <= 1.0.6. | ||||
| CVE-2026-39672 | 2 Shiptime, Wordpress | 2 Shiptime: Discounted Shipping Rates, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in shiptime ShipTime: Discounted Shipping Rates shiptime-discount-shipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShipTime: Discounted Shipping Rates: from n/a through <= 1.1.1. | ||||
| CVE-2026-39674 | 2 Manoj Kumar, Wordpress | 2 Mk Google Directions, Wordpress | 2026-04-09 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manoj Kumar MK Google Directions google-distance-calculator allows DOM-Based XSS.This issue affects MK Google Directions: from n/a through <= 3.1.1. | ||||
| CVE-2026-39676 | 2 Shahjada, Wordpress | 2 Download Manager, Wordpress | 2026-04-09 | 5.3 Medium |
| Missing Authorization vulnerability in Shahjada Download Manager download-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through <= 3.3.52. | ||||
| CVE-2026-31411 | 1 Linux | 1 Linux Kernel | 2026-04-09 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: net: atm: fix crash due to unvalidated vcc pointer in sigd_send() Reproducer available at [1]. The ATM send path (sendmsg -> vcc_sendmsg -> sigd_send) reads the vcc pointer from msg->vcc and uses it directly without any validation. This pointer comes from userspace via sendmsg() and can be arbitrarily forged: int fd = socket(AF_ATMSVC, SOCK_DGRAM, 0); ioctl(fd, ATMSIGD_CTRL); // become ATM signaling daemon struct msghdr msg = { .msg_iov = &iov, ... }; *(unsigned long *)(buf + 4) = 0xdeadbeef; // fake vcc pointer sendmsg(fd, &msg, 0); // kernel dereferences 0xdeadbeef In normal operation, the kernel sends the vcc pointer to the signaling daemon via sigd_enq() when processing operations like connect(), bind(), or listen(). The daemon is expected to return the same pointer when responding. However, a malicious daemon can send arbitrary pointer values. Fix this by introducing find_get_vcc() which validates the pointer by searching through vcc_hash (similar to how sigd_close() iterates over all VCCs), and acquires a reference via sock_hold() if found. Since struct atm_vcc embeds struct sock as its first member, they share the same lifetime. Therefore using sock_hold/sock_put is sufficient to keep the vcc alive while it is being used. Note that there may be a race with sigd_close() which could mark the vcc with various flags (e.g., ATM_VF_RELEASED) after find_get_vcc() returns. However, sock_hold() guarantees the memory remains valid, so this race only affects the logical state, not memory safety. [1]: https://gist.github.com/mrpre/1ba5949c45529c511152e2f4c755b0f3 | ||||
| CVE-2026-39865 | 1 Axios | 1 Axios | 2026-04-09 | 5.9 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2. | ||||
| CVE-2026-35407 | 1 Saleor | 1 Saleor | 2026-04-09 | N/A |
| Saleor is an e-commerce platform. From 2.10.0 to before 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118, a business-logic and authorization flaw was found in the account email change workflow, the confirmation flow did not verify that the email change confirmation token was issued for the given authenticated user. As a result, a valid email-change token generated for one account can be replayed while authenticated as a different account. The second account’s email address is then updated to the token's new_email, even though that token was never issued for that account. This vulnerability is fixed in 3.23.0a3, 3.22.47, 3.21.54, and 3.20.118. | ||||
| CVE-2026-2942 | 2 Prosolution, Wordpress | 2 Prosolution Wp Client, Wordpress | 2026-04-09 | 9.8 Critical |
| The ProSolution WP Client plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'proSol_fileUploadProcess' function in all versions up to, and including, 1.9.9. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||