Export limit exceeded: 342962 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342962 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20677 | 1 Apple | 5 Ios And Ipados, Ipados, Iphone Os and 2 more | 2026-04-07 | 9 Critical |
| A race condition was addressed with improved handling of symbolic links. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A shortcut may be able to bypass sandbox restrictions. | ||||
| CVE-2025-46304 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-07 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2026-20606 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-07 | 7.1 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2026-0651 | 1 Tp-link | 3 Tapo C260, Tapo C260 Firmware, Tapo C260 V1 | 2026-04-07 | 7.8 High |
| A path traversal vulnerability was identified TP-Link Tapo C260 v1, D235 v1 and C520WS v2.6 within the HTTP server’s handling of GET requests. The server performs path normalization before fully decoding URL encoded input and falls back to using the raw path when normalization fails. An attacker can exploit this logic flaw by supplying crafted, URL encoded traversal sequences that bypass directory restrictions and allow access to files outside the intended web root. Successful exploitation may allow authenticated attackers to get disclosure of sensitive system files and credentials, while unauthenticated attackers may gain access to non-sensitive static assets. | ||||
| CVE-2026-35050 | 1 Oobabooga | 1 Text-generation-webui | 2026-04-07 | 9.1 Critical |
| text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.1.1, users can save extention settings in "py" format and in the app root directory. This allows to overwrite python files, for instance the "download-model.py" file could be overwritten. Then, this python file can be triggered to get executed from "Model" menu when requesting to download a new model. This vulnerability is fixed in 4.1.1. | ||||
| CVE-2026-35045 | 1 Tandoorrecipes | 1 Recipes | 2026-04-07 | 8.1 High |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the PUT /api/recipe/batch_update/ endpoint in Tandoor Recipes allows any authenticated user within a Space to modify any recipe in that Space, including recipes marked as private by other users. This bypasses all object-level authorization checks enforced on standard single-recipe endpoints (PUT /api/recipe/{id}/), enabling forced exposure of private recipes, unauthorized self-grant of access via the shared list, and metadata tampering. This vulnerability is fixed in 2.6.4. | ||||
| CVE-2026-34808 | 1 Endian | 2 Firewall, Firewall Community | 2026-04-07 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/outgoingfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34809 | 1 Endian | 2 Firewall, Firewall Community | 2026-04-07 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/zonefw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34810 | 1 Endian | 2 Firewall, Firewall Community | 2026-04-07 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/vpnfw.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-35039 | 1 Nearform | 1 Fast-jwt | 2026-04-07 | 9.1 Critical |
| fast-jwt provides fast JSON Web Token (JWT) implementation. From 0.0.1 to before 6.1.0, setting up a custom cacheKeyBuilder method which does not properly create unique keys for different tokens can lead to cache collisions. This could cause tokens to be mis-identified during the verification process leading to valid tokens returning claims from different valid tokens and users being mis-identified as other users based on the wrong token. | ||||
| CVE-2026-35559 | 1 Amazon | 1 Amazon Athena Odbc Driver | 2026-04-07 | 6.5 Medium |
| Out-of-bounds write in the query processing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to crash the driver by using specially crafted data that is processed by the driver during query operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-32646 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 7.5 High |
| A specific administrative endpoint is accessible without proper authentication, exposing device management functions. | ||||
| CVE-2026-28767 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 5.3 Medium |
| A specific administrative endpoint notifications is accessible without proper authentication. | ||||
| CVE-2026-5670 | 1 Cyber-iii | 1 Student-management-system | 2026-04-07 | 6.3 Medium |
| A vulnerability was found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This issue affects the function move_uploaded_file of the file /AssignmentSection/submission/upload.php. Performing a manipulation of the argument File results in unrestricted upload. The attack can be initiated remotely. The exploit has been made public and could be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-28766 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.3 Critical |
| A specific endpoint exposes all user account information for registered Gardyn users without requiring authentication. | ||||
| CVE-2026-34811 | 1 Endian | 2 Firewall, Firewall Community | 2026-04-07 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /cgi-bin/xtaccess.cgi. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34986 | 1 Go-jose | 1 Go-jose | 2026-04-07 | 7.5 High |
| Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5. | ||||
| CVE-2026-34818 | 1 Endian | 2 Firewall, Firewall Community | 2026-04-07 | 6.4 Medium |
| Endian Firewall version 3.3.25 and prior allow stored cross-site scripting (XSS) via the remark parameter to /manage/dnsmasq/localdomains/. An authenticated attacker can inject arbitrary JavaScript that is stored and executed when other users view the affected page. | ||||
| CVE-2026-34975 | 1 Useplunk | 1 Plunk | 2026-04-07 | 8.5 High |
| Plunk is an open-source email platform built on top of AWS SES. Prior to 0.8.0, a CRLF header injection vulnerability was discovered in SESService.ts, where user-supplied values for from.name, subject, custom header keys/values, and attachment filenames were interpolated directly into raw MIME messages without sanitization. An authenticated API user could inject arbitrary email headers (e.g. Bcc, Reply-To) by embedding carriage return/line feed characters in these fields, enabling silent email forwarding, reply redirection, or sender spoofing. The fix adds input validation at the schema level to reject any of these fields containing \r or \n characters, consistent with the existing validation already applied to the contentId field. This vulnerability is fixed in 0.8.0. | ||||
| CVE-2026-25197 | 1 Gardyn | 1 Cloud Api | 2026-04-07 | 9.1 Critical |
| A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call. | ||||