Export limit exceeded: 345344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34451 | 2 Anthropic, Anthropics | 2 Claude Sdk For Typescript, Anthropic-sdk-typescript | 2026-04-20 | 5.4 Medium |
| Claude SDK for TypeScript provides access to the Claude API from server-side TypeScript or JavaScript applications. From version 0.79.0 to before version 0.81.0, the local filesystem memory tool in the Anthropic TypeScript SDK validated model-supplied paths using a string prefix check that did not append a trailing path separator. A model steered by prompt injection could supply a crafted path that resolved to a sibling directory sharing the memory root's name as a prefix, allowing reads and writes outside the sandboxed memory directory. This issue has been patched in version 0.81.0. | ||||
| CVE-2026-41282 | 1 Projectdiscovery | 1 Nuclei | 2026-04-20 | 4 Medium |
| ProjectDiscovery Nuclei 3 before 3.8.0 allows DSL expression injection. This affects use of -env-vars for multi-step templates against untrusted targets (not the default configuration). | ||||
| CVE-2026-21719 | 1 Cubecart | 1 Cubecart | 2026-04-20 | N/A |
| An OS command injection vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to execute an arbitrary OS command. | ||||
| CVE-2026-2986 | 2 Ajaydsouza, Wordpress | 2 Contextual Related Posts, Wordpress | 2026-04-20 | 6.4 Medium |
| The Contextual Related Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'other_attributes' parameter in versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2026-41242 | 1 Protobuf | 1 Protobuf | 2026-04-20 | N/A |
| protobufjs compiles protobuf definitions into JavaScript (JS) functions. In versions prior to 8.0.1 and 7.5.5, attackers can inject arbitrary code in the "type" fields of protobuf definitions, which will then execute during object decoding using that definition. Versions 8.0.1 and 7.5.5 patch the issue. | ||||
| CVE-2026-6591 | 1 Comfy | 1 Comfyui | 2026-04-20 | 4.3 Medium |
| A flaw has been found in ComfyUI up to 0.13.0. Affected is the function folder_paths.get_annotated_filepath of the file folder_paths.py of the component LoadImage Node. This manipulation of the argument Name causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6592 | 1 Comfy | 1 Comfyui | 2026-04-20 | 3.5 Low |
| A vulnerability has been found in ComfyUI up to 0.13.0. Affected by this vulnerability is the function getuserdata of the file app/user_manager.py of the component userdata Endpoint. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6597 | 1 Langflow | 1 Langflow | 2026-04-20 | 2.7 Low |
| A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file src/backend/base/langflow/api/utils/core.py of the component Flow Using API. This manipulation causes unprotected storage of credentials. The attack can be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-6598 | 1 Langflow | 1 Langflow | 2026-04-20 | 4.3 Medium |
| A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of the file src/backend/base/Langflow/api/v1/projects.py of the component Project Creation Endpoint. Such manipulation of the argument auth_settings leads to cleartext storage in a file or on disk. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-34018 | 1 Cubecart | 1 Cubecart | 2026-04-20 | 9.8 Critical |
| An SQL injection vulnerability exists in CubeCart prior to 6.6.0, which may allow an attacker to execute an arbitrary SQL statement on the product. | ||||
| CVE-2026-32214 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-20 | 5.5 Medium |
| Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-35496 | 1 Cubecart | 1 Cubecart | 2026-04-20 | N/A |
| A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible. | ||||
| CVE-2026-40458 | 1 Pac4j | 1 Pac4j | 2026-04-20 | 6.5 Medium |
| PAC4J is vulnerable to Cross-Site Request Forgery (CSRF). A malicious attacker can craft a specially designed website which, when visited by a user, will automatically submit a forged cross-site request with a token whose hash collides with the victim's legitimate CSRF token. Importantly, the attacker does not need to know the victim’s CSRF token or its hash prior to the attack. Collisions in the deterministic String.hashCode() function can be computed directly, reducing the effective token's security space to 32 bits. This bypasses CSRF protection, allowing profile updates, password changes, account linking, and any other state-changing operations to be performed without the victim's consent. This issue was fixed in PAC4J versions 5.7.10 and 6.4.1 | ||||
| CVE-2026-39862 | 1 Shopify | 1 Tophat | 2026-04-20 | 8.8 High |
| Tophat is a mobile applications testing harness. Prior to 2.5.1, Tophat is affected by remote code execution via crafted tophat:// or http://localhost:29070 URLs. The arguments query parameter flows unsanitized from URL parsing through to /bin/bash -c execution, allowing an attacker to execute arbitrary commands on a developer's macOS workstation. Any developer with Tophat installed is vulnerable. For previously trusted build hosts, no confirmation dialog appears. Attacker commands run with the user's permissions. This vulnerability is fixed in 2.5.1. | ||||
| CVE-2026-34556 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-20 | 6.2 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a heap-buffer-overflow (HBO) in icAnsiToUtf8() in the XML conversion path. The issue is triggered by a crafted ICC profile which causes icAnsiToUtf8(std::string&, char const*) to treat an input buffer as a C-string and call operations that rely on strlen()/null-termination. AddressSanitizer reports an out-of-bounds READ of size 115 past a 114-byte heap allocation, with the failure observed while running the iccToXml tool. This issue has been patched in version 2.3.1.6. | ||||
| CVE-2026-34555 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-20 | 6.2 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a stack-buffer-overflow (SBO) in CIccTagFixedNum<>::GetValues() and a related bug chain. The primary crash is an AddressSanitizer-reported WRITE of size 4 that overflows a 4-byte stack variable (rv) via the call chain CIccTagFixedNum::GetValues() -> CIccTagStruct::GetElemNumberValue(). This issue has been patched in version 2.3.1.6. | ||||
| CVE-2026-40459 | 1 Pac4j | 1 Pac4j | 2026-04-20 | 8.8 High |
| PAC4J is vulnerable to LDAP Injection in multiple methods. A low-privileged remote attacker can inject crafted LDAP syntax into ID-based search parameters, potentially resulting in unauthorized LDAP queries and arbitrary directory operations. This issue was fixed in PAC4J versions 4.5.10, 5.7.10 and 6.4.1 | ||||
| CVE-2026-34554 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-20 | 6.2 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, a heap-buffer-overflow (HBO) in CIccApplyCmmSearch::costFunc() can be triggered via malformed JSON configuration input to the iccApplySearch tool. AddressSanitizer reports an out-of-bounds READ of size 8 originating from CIccApplyCmmSearch::costFunc(CIccSearchVec&) at IccProfLib/IccCmmSearch.cpp:112:5. This issue has been patched in version 2.3.1.6. | ||||
| CVE-2026-34553 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-20 | 4 Medium |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. Prior to version 2.3.1.6, there is a defect in LUT dump/iteration logic affecting CIccCLUT::Iterate() and output produced by CIccMBB::Describe() (via CLUT dumping). This issue has been patched in version 2.3.1.6. | ||||
| CVE-2026-32215 | 1 Microsoft | 22 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 19 more | 2026-04-20 | 5.5 Medium |
| Insertion of sensitive information into log file in Windows Kernel allows an authorized attacker to disclose information locally. | ||||