Export limit exceeded: 345243 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0598 | 1 Redhat | 1 Ansible Automation Platform | 2026-04-17 | 4.2 Medium |
| A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the authenticated user making the request. As a result, an attacker with valid credentials could access or influence conversations owned by other users. This exposes sensitive conversation data and allows unauthorized manipulation of AI-generated outputs. | ||||
| CVE-2026-2010 | 2 Publiccms, Sanluan | 2 Publiccms, Publiccms | 2026-04-17 | 4.2 Medium |
| A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.java of the component Trade Payment Handler. The manipulation of the argument paymentId leads to improper authorization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The identifier of the patch is 7329437e1288540336b1c66c114ed3363adcba02. It is recommended to apply a patch to fix this issue. | ||||
| CVE-2026-24925 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 7.3 High |
| Heap-based buffer overflow vulnerability in the image module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24926 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 8.4 High |
| Out-of-bounds write vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24914 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 4 Medium |
| Type confusion vulnerability in the camera module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24915 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.2 Medium |
| Out-of-bounds read issue in the media subsystem. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-24921 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 4.8 Medium |
| Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-2011 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-24922 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.9 Medium |
| Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24923 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.3 Medium |
| Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24929 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24930 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 8.4 High |
| UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24931 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24916 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24919 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 6 Medium |
| Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-2012 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-24924 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.1 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24927 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 5.5 Medium |
| Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-2014 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-2015 | 1 Portabilis | 1 I-educar | 2026-04-17 | 6.3 Medium |
| A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||