Export limit exceeded: 346085 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346085 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2016-2386 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-21 | 9.8 Critical |
| SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079. | ||||
| CVE-2016-2388 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-21 | 5.3 Medium |
| The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846. | ||||
| CVE-2016-3643 | 1 Solarwinds | 1 Virtualization Manager | 2026-04-21 | 7.8 High |
| SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd." | ||||
| CVE-2016-3976 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-21 | 7.5 High |
| Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971. | ||||
| CVE-2016-9563 | 1 Sap | 1 Netweaver Application Server Java | 2026-04-21 | 6.5 Medium |
| BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the sap.com~tc~bpem~him~uwlconn~provider~web/bpemuwlconn URI, aka SAP Security Note 2296909. | ||||
| CVE-2016-6277 | 1 Netgear | 22 D6220, D6220 Firmware, D6400 and 19 more | 2026-04-21 | 8.8 High |
| NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/. | ||||
| CVE-2016-4655 | 1 Apple | 1 Iphone Os | 2026-04-21 | 5.5 Medium |
| The kernel in Apple iOS before 9.3.5 allows attackers to obtain sensitive information from memory via a crafted app. | ||||
| CVE-2016-4656 | 1 Apple | 1 Iphone Os | 2026-04-21 | 7.8 High |
| The kernel in Apple iOS before 9.3.5 allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. | ||||
| CVE-2016-4657 | 1 Apple | 1 Iphone Os | 2026-04-21 | 8.8 High |
| WebKit in Apple iOS before 9.3.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site. | ||||
| CVE-2014-4404 | 1 Apple | 3 Iphone Os, Mac Os X, Tvos | 2026-04-21 | 7.8 High |
| Heap-based buffer overflow in IOHIDFamily in Apple iOS before 8 and Apple TV before 7 allows attackers to execute arbitrary code in a privileged context via an application that provides crafted key-mapping properties. | ||||
| CVE-2015-1130 | 1 Apple | 1 Mac Os X | 2026-04-21 | 7.8 High |
| The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges via unspecified vectors. | ||||
| CVE-2026-39946 | 1 Openbao | 1 Openbao | 2026-04-21 | 4.9 Medium |
| OpenBao is an open source identity-based secrets management system. Prior to version 2.5.3, when OpenBao revoked privileges on a role in the PostgreSQL database secrets engine, OpenBao failed to use proper database quoting on schema names provided by PostgreSQL. This could lead to role revocation failures, or more rarely, SQL injection as the management user. This vulnerability was original from HashiCorp Vault. The vulnerability is addressed in v2.5.3. As a workaround, audit table schemas and ensure database users cannot create new schemas and grant privileges on them. | ||||
| CVE-2026-40496 | 1 Freescout Helpdesk | 1 Freescout | 2026-04-21 | N/A |
| FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, attachment download tokens are generated using a weak and predictable formula: `md5(APP_KEY + attachment_id + size)`. Since attachment_id is sequential and size can be brute-forced in a small range, an unauthenticated attacker can forge valid tokens and download any private attachment without credentials. Version 1.8.213 fixes the issue. | ||||
| CVE-2026-41294 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 8.6 High |
| OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing environment variable injection. Attackers can place a malicious .env file in a repository or workspace to override runtime configuration and security-sensitive environment settings during OpenClaw startup. | ||||
| CVE-2026-41295 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 7.8 High |
| OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to execute during built-in channel setup and login. Attackers can clone a workspace with a malicious plugin claiming a bundled channel id to achieve unintended in-process code execution before the plugin is explicitly trusted. | ||||
| CVE-2026-41299 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 7.1 High |
| OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only provenance fields are gated by self-declared client metadata from WebSocket handshake rather than verified authorization state. Authenticated operator clients can spoof ACP identity labels and inject reserved provenance fields intended only for the ACP bridge by manipulating client metadata during connection. | ||||
| CVE-2026-41301 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 5.3 Medium |
| OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress path that allows pairing challenges to be issued before event signature validation. An unauthenticated remote attacker can send forged direct messages to create pending pairing entries and trigger pairing-reply attempts, consuming shared pairing capacity and triggering bounded relay and logging work on the Nostr channel. | ||||
| CVE-2026-41303 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 8.8 High |
| OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-approvers to resolve pending exec approvals. Attackers can send Discord text commands to bypass the channels.discord.execApprovals.approvers allowlist and approve pending host execution requests. | ||||
| CVE-2026-41330 | 1 Openclaw | 1 Openclaw | 2026-04-21 | 4.4 Medium |
| OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly enforce proxy, TLS, Docker, and Git TLS controls. Attackers can bypass security controls by overriding environment variables to circumvent proxy settings, TLS verification, Docker restrictions, and Git TLS enforcement. | ||||
| CVE-2026-39378 | 1 Jupyter | 1 Nbconvert | 2026-04-21 | 6.5 Medium |
| The nbconvert tool, jupyter nbconvert, converts Jupyter notebooks to various other formats via Jinja templates. In versions 6.5 through 7.17.0, when `HTMLExporter.embed_images=True`, nbconvert's markdown renderer allows arbitrary file read via path traversal in image references. A malicious notebook can exfiltrate sensitive files from the conversion host by embedding them as base64 data URIs in the output HTML. nbconvert 7.17.1 contains a fix. As a workaround, do not enable `HTMLExporter.embed_images`; it is not enabled by default. | ||||