Export limit exceeded: 344645 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344645 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34614 | 2026-04-14 | 6.1 Medium | ||
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | ||||
| CVE-2026-39564 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-14 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Retrieve Embedded Sensitive Data.This issue affects Sunshine Photo Cart: from n/a through < 3.6.2. | ||||
| CVE-2026-39544 | 2 Themestek, Wordpress | 2 Labtechco, Wordpress | 2026-04-14 | 7.5 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in themeStek LabtechCO labtechco allows PHP Local File Inclusion.This issue affects LabtechCO: from n/a through <= 8.3. | ||||
| CVE-2026-39542 | 2 Doofinder, Wordpress | 2 Doofinder For Woocommerce, Wordpress | 2026-04-14 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Doofinder Doofinder for WooCommerce doofinder-for-woocommerce allows Retrieve Embedded Sensitive Data.This issue affects Doofinder for WooCommerce: from n/a through <= 2.10.13. | ||||
| CVE-2026-34624 | 2026-04-14 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a crafted webpage. | ||||
| CVE-2026-34623 | 2026-04-14 | 5.4 Medium | ||
| Adobe Experience Manager versions 6.5.24, FP11.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this issue by manipulating the DOM environment to execute malicious JavaScript within the context of the victim's browser. Exploitation of this issue requires user interaction in that a victim must visit a specially crafted web page. | ||||
| CVE-2026-31923 | 1 Apache | 1 Apisix | 2026-04-14 | 7.5 High |
| Cleartext Transmission of Sensitive Information vulnerability in Apache APISIX. This can occur due to `ssl_verify` in openid-connect plugin configuration being set to false by default. This issue affects Apache APISIX: from 0.7 through 3.15.0. Users are recommended to upgrade to version 3.16.0, which fixes the issue. | ||||
| CVE-2026-27664 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Sicore Base System | 2026-04-14 | 7.5 High |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), SICORE Base system (All versions < V26.10.0). The affected application contains an out-of-bounds write vulnerability while parsing specially crafted XML inputs. This could allow an unauthenticated attacker to exploit this issue by sending a malicious XML request, which may cause the service to crash, resulting in a denial-of-service condition. | ||||
| CVE-2026-27663 | 1 Siemens | 2 Cpci85 Central Processing\/communication, Rtum85 rtu Base | 2026-04-14 | 6.5 Medium |
| A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V26.10), RTUM85 RTU Base (All versions < V26.10). The affected application contains denial-of-service (DoS) vulnerability. The remote operation mode is susceptible to a resource exhaustion condition when subjected to a high volume of requests. Sending multiple requests can exhaust resources, preventing parameterization and requiring a reset or reboot to restore functionality. | ||||
| CVE-2026-24069 | 1 Kiuwan | 1 Sast | 2026-04-14 | 5.4 Medium |
| Kiuwan SAST improperly authorizes SSO logins for locally disabled mapped user accounts, allowing disabled users to continue accessing the application. Kiuwan Cloud was affected, and Kiuwan SAST on-premise (KOP) was affected before 2.8.2509.4. | ||||
| CVE-2026-22560 | 1 Rocket.chat | 1 Rocket.chat | 2026-04-14 | 5.3 Medium |
| An open redirect vulnerability in Rocket.Chat versions prior to 8.4.0 allows users to be redirected to arbitrary URLs by manipulating parameters within a SAML endpoint. | ||||
| CVE-2026-33404 | 1 Pi-hole | 2 Web, Web Interface | 2026-04-14 | 3.4 Low |
| Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, client hostnames and IP addresses from the FTL database are rendered into the DOM without escaping in network.js (Network page) and charts.js/index.js (Dashboard chart tooltips). While upstream validation in dnsmasq and FTL blocks HTML characters via normal DHCP/DNS paths, the web UI performs no output escaping — an inconsistency with other fields in the same file that are properly escaped. This vulnerability is fixed in 6.5. | ||||
| CVE-2026-32076 | 1 Microsoft | 6 Windows 11 23h2, Windows 11 24h2, Windows 11 25h2 and 3 more | 2026-04-14 | 7.8 High |
| Out-of-bounds read in Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32080 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-04-14 | 7 High |
| Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32072 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2026-04-14 | 6.2 Medium |
| Improper authentication in Windows Active Directory allows an unauthorized attacker to perform spoofing locally. | ||||
| CVE-2026-32068 | 1 Microsoft | 15 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 12 more | 2026-04-14 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows SSDP Service allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-31053 | 1 Rizin | 1 Rizin | 2026-04-14 | 6.2 Medium |
| A double free vulnerability exists in librz/bin/format/le/le.c in the function le_load_fixup_record(). When processing malformed or circular LE fixup chains, relocation entries may be freed multiple times during error handling. A specially crafted LE binary can trigger heap corruption and cause the application to crash, resulting in a denial-of-service condition. An attacker with a crafted binary could cause a denial of service when the tool is integrated on a service pipeline. | ||||
| CVE-2026-27243 | 2026-04-14 | 9.3 Critical | ||
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. Scope is changed. | ||||
| CVE-2026-34617 | 2026-04-14 | 8.7 High | ||
| Adobe Connect versions 2025.3, 12.10 and earlier are affected by a Cross-Site Scripting (XSS) vulnerability that could result in privilege escalation. A low-privileged attacker could exploit this vulnerability to inject malicious scripts into a web page, potentially gaining elevated access or control over the victim's account or session. Exploitation of this issue requires user interaction in that a victim must visit a maliciously crafted URL or interact with a compromised web page. Scope is changed. | ||||
| CVE-2026-27928 | 1 Microsoft | 5 Windows Server 2016, Windows Server 2019, Windows Server 2022 and 2 more | 2026-04-14 | 8.7 High |
| Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. | ||||