Export limit exceeded: 342110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342110 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34389 | 1 Fleetdm | 1 Fleet | 2026-04-03 | 6.5 Medium |
| Fleet is open source device management software. Prior to 4.81.0, Fleet contained an issue in the user invitation flow where the email address provided during invite acceptance was not validated against the email address associated with the invite. An attacker who obtained a valid invite token could create an account under an arbitrary email address while inheriting the role granted by the invite, including global admin. Version 4.81.0 patches the issue. | ||||
| CVE-2026-34391 | 1 Fleetdm | 1 Fleet | 2026-04-03 | 7.5 High |
| Fleet is open source device management software. Prior to 4.81.1, a vulnerability in Fleet's Windows MDM command processing allows a malicious enrolled device to access MDM commands intended for other devices, potentially exposing sensitive configuration data such as WiFi credentials, VPN secrets, and certificate payloads across the entire Windows fleet. Version 4.81.1 patches the issue. | ||||
| CVE-2017-20229 | 2 Invisible-island, Mawk | 2 Mawk, Mawk | 2026-04-03 | 9.8 Critical |
| MAWK 1.3.3-17 and prior contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by exploiting inadequate boundary checks on user-supplied input. Attackers can craft malicious input that overflows the stack buffer and execute a return-oriented programming chain to spawn a shell with application privileges. | ||||
| CVE-2018-25220 | 2 Bochs, Bochs Project | 2 Bochs, Bochs | 2026-04-03 | 9.8 Critical |
| Bochs 2.6-5 contains a stack-based buffer overflow vulnerability that allows attackers to execute arbitrary code by supplying an oversized input string to the application. Attackers can craft a malicious payload with 1200 bytes of padding followed by a return-oriented programming chain to overwrite the instruction pointer and execute shell commands with application privileges. | ||||
| CVE-2018-25221 | 1 Echatserver | 2 Easy Chat Server, Echat Server | 2026-04-03 | 9.8 Critical |
| EChat Server 3.1 contains a buffer overflow vulnerability in the chat.ghp endpoint that allows remote attackers to execute arbitrary code by supplying an oversized username parameter. Attackers can send a GET request to chat.ghp with a malicious username value containing shellcode and ROP gadgets to achieve code execution in the application context. | ||||
| CVE-2018-25223 | 2 Crashmail, Ftnapps | 2 Crashmail, Crashmail Ii | 2026-04-03 | 9.8 Critical |
| Crashmail 1.6 contains a stack-based buffer overflow vulnerability that allows remote attackers to execute arbitrary code by sending malicious input to the application. Attackers can craft payloads with ROP chains to achieve code execution in the application context, with failed attempts potentially causing denial of service. | ||||
| CVE-2018-25224 | 2 Kimtore, Pms | 2 Practical Music Search, Pms | 2026-04-03 | 8.4 High |
| PMS 0.42 contains a stack-based buffer overflow vulnerability that allows local unauthenticated attackers to execute arbitrary code by supplying malicious values in the configuration file. Attackers can craft configuration files with oversized input that overflows the stack buffer and execute shell commands via return-oriented programming gadgets. | ||||
| CVE-2017-20228 | 1 Flatassembler | 1 Flat Assembler | 2026-04-03 | 8.4 High |
| Flat Assembler 1.71.21 contains a stack-based buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying oversized input to the application. Attackers can craft malicious assembly input exceeding 5895 bytes to overwrite the instruction pointer and execute return-oriented programming chains for shell command execution. | ||||
| CVE-2026-5017 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-03 | 7.3 High |
| A security flaw has been discovered in code-projects Simple Food Order System 1.0. This impacts an unknown function of the file /all-tickets.php of the component Parameter Handler. Performing a manipulation of the argument Status results in sql injection. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-5018 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-03 | 7.3 High |
| A weakness has been identified in code-projects Simple Food Order System 1.0. Affected is an unknown function of the file register-router.php of the component Parameter Handler. Executing a manipulation of the argument Name can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-5019 | 2 Carmelo, Code-projects | 2 Simple Food Order System, Simple Food Order System | 2026-04-03 | 7.3 High |
| A security vulnerability has been detected in code-projects Simple Food Order System 1.0. Affected by this vulnerability is an unknown functionality of the file all-orders.php of the component Parameter Handler. The manipulation of the argument Status leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-29909 | 1 Mrcms | 1 Mrcms | 2026-04-03 | 5.3 Medium |
| MRCMS V3.1.2 contains an unauthenticated directory enumeration vulnerability in the file management module. The /admin/file/list.do endpoint lacks authentication controls and proper input validation, allowing remote attackers to enumerate directory contents on the server without any credentials. | ||||
| CVE-2026-29953 | 1 Schemahero | 1 Schemahero | 2026-04-03 | 7.4 High |
| SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go. | ||||
| CVE-2026-33643 | 1 Schemahero | 1 Schemahero | 2026-04-03 | 7.4 High |
| SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the mysqlColumnAsInsert function in file plugins/mysql/lib/column.go. | ||||
| CVE-2026-29925 | 1 Invoiceninja | 1 Invoice Ninja | 2026-04-03 | 7.7 High |
| Invoice Ninja v5.12.46 and v5.12.48 is vulnerable to Server-Side Request Forgery (SSRF) in CheckDatabaseRequest.php. | ||||
| CVE-2026-30305 | 1 Syntx | 1 Command Auto Approval Module | 2026-04-03 | 9.8 Critical |
| Syntx's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution syntax (specifically $(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction. | ||||
| CVE-2026-30307 | 1 Roocode | 1 Command Auto Approval Module | 2026-04-03 | 9.8 Critical |
| Roo Code's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on fragile regular expressions to parse command structures; while it attempts to intercept dangerous operations, it fails to account for standard Shell command substitution Roo Code (specifically$(...)and backticks ...). An attacker can construct a command such as git log --grep="$(malicious_command)", forcing Syntx to misidentify it as a safe git operation and automatically approve it. The underlying Shell prioritizes the execution of the malicious code injected within the arguments, resulting in Remote Code Execution without any user interaction. | ||||
| CVE-2026-30308 | 1 Presidio-oss | 1 Hai Build | 2026-04-03 | 9.8 Critical |
| In its design for automatic terminal command execution, HAI Build Code Generator offers two options: Execute safe commands and Execute all commands. The description for the former states that commands determined by the model to be safe will be automatically executed, whereas if the model judges a command to be potentially destructive, it still requires user approval. However, this design is highly susceptible to prompt injection attacks. An attacker can employ a generic template to wrap any malicious command and mislead the model into misclassifying it as a 'safe' command, thereby bypassing the user approval requirement and resulting in arbitrary command execution. | ||||
| CVE-2026-30313 | 1 Necboy | 1 Cline-dsai | 2026-04-03 | 9.8 Critical |
| DSAI-Cline's command auto-approval module contains a critical OS command injection vulnerability that renders its whitelist security mechanism completely ineffective. The system relies on string-based parsing to validate commands; while it intercepts dangerous operators such as ;, &&, ||, |, and command substitution patterns, it fails to account for raw newline characters embedded within the input. An attacker can construct a payload by embedding a literal newline between a whitelisted command and malicious code (e.g., git log malicious_command), forcing DSAI-Cline to misidentify it as a safe operation and automatically approve it. The underlying PowerShell interpreter treats the newline as a command separator, executing both commands sequentially, resulting in Remote Code Execution without any user interaction. | ||||
| CVE-2026-21712 | 1 Nodejs | 1 Nodejs | 2026-04-03 | 6.5 Medium |
| A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process. | ||||