Export limit exceeded: 348030 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348030 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26143 | 1 Microsoft | 1 Powershell | 2026-04-27 | 7.8 High |
| Improper input validation in Microsoft PowerShell allows an unauthorized attacker to bypass a security feature locally. | ||||
| CVE-2026-32171 | 1 Microsoft | 1 Azure Logic Apps | 2026-04-27 | 8.8 High |
| Insufficiently protected credentials in Azure Logic Apps allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-42036 | 1 Axios | 1 Axios | 2026-04-27 | 5.3 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, when responseType: 'stream' is used, Axios returns the response stream without enforcing maxContentLength. This bypasses configured response-size limits and allows unbounded downstream consumption. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-0539 | 1 Pcvisit | 1 Pcvisit Remote Host Modul | 2026-04-27 | N/A |
| Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all versions after 22.6.22.1329 and was fixed in 25.12.3.1745. | ||||
| CVE-2026-6355 | 1 Augmentt | 1 Augmentt | 2026-04-27 | 6.5 Medium |
| A vulnerability in the web application allows unauthorized users to access and manipulate sensitive data across different tenants by exploiting insecure direct object references. This could lead to unauthorized access to sensitive information and unauthorized changes to the tenant's configuration. | ||||
| CVE-2026-6356 | 1 Augmentt | 1 Augmentt | 2026-04-27 | 9.6 Critical |
| A vulnerability in the web application allows standard users to escalate their privileges to those of a super administrator through parameter manipulation, enabling them to access and modify sensitive information. | ||||
| CVE-2018-25262 | 1 Angryip | 2 Angry Ip Scanner, Angry Ip Scanner For Linux | 2026-04-27 | 6.2 Medium |
| Angry IP Scanner for Linux 3.5.3 contains a denial of service vulnerability that allows local attackers to crash the application by supplying malformed input to the port selection field. Attackers can craft a malicious string containing buffer overflow patterns and paste it into the Preferences Ports tab to trigger an application crash. | ||||
| CVE-2018-25271 | 2 Helios, Textpad | 2 Textpad, Textpad | 2026-04-27 | 6.2 Medium |
| Textpad 8.1.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long buffer string through the Run command interface. Attackers can paste a 5000-byte payload into the Command field via Tools > Run to trigger a buffer overflow that crashes the application. | ||||
| CVE-2018-25272 | 1 Elba | 1 Elba5 | 2026-04-27 | 9.8 Critical |
| ELBA5 5.8.0 contains a remote code execution vulnerability that allows attackers to obtain database credentials and execute arbitrary commands with SYSTEM level permissions. Attackers can connect to the database using default connector credentials, decrypt the DBA password, and execute commands via the xp_cmdshell stored procedure or add backdoor users to the BEDIENER table. | ||||
| CVE-2024-58344 | 1 94cb | 1 Carbon Forum | 2026-04-27 | 6.4 Medium |
| Carbon Forum 5.9.0 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious JavaScript code through the Forum Name field in dashboard settings. Attackers with admin privileges can store JavaScript payloads in the Forum Name field that execute in the browsers of all users visiting the forum, enabling session hijacking and data theft. | ||||
| CVE-2026-32885 | 1 Ddev | 1 Ddev | 2026-04-27 | 6.5 Medium |
| DDEV is an open-source tool for running local web development environments for PHP and Node.js. Versions prior to 1.25.2 have unsanitized extraction in both `Untar()` and `Unzip()` functions in `pkg/archive/archive.go`. Downloads and extracts archives from remote sources without path validation. Version 1.25.2 patches the issue. | ||||
| CVE-2026-41469 | 1 Beghelli | 1 Sicuroweb (sicuro24) | 2026-04-27 | 5.2 Medium |
| Beghelli Sicuro24 SicuroWeb does not enforce a Content Security Policy, allowing unrestricted loading of external JavaScript resources from attacker-controlled origins. When chained with the template injection and sandbox escape vulnerabilities present in the same application, the absence of CSP removes the browser-enforced restriction that would otherwise block external script execution, enabling attackers to load arbitrary remote payloads into operator browser sessions. | ||||
| CVE-2026-41468 | 1 Beghelli | 1 Sicuroweb (sicuro24) | 2026-04-27 | 8.7 High |
| Beghelli Sicuro24 SicuroWeb embeds AngularJS 1.5.2, an end-of-life component containing known sandbox escape primitives. When combined with template injection present in the same application, these primitives allow attackers to escape the AngularJS sandbox and achieve arbitrary JavaScript execution in operator browser sessions, enabling session hijacking, DOM manipulation, and persistent browser compromise. Network-adjacent attackers can deliver the complete injection and escape chain via MITM in plaintext HTTP deployments without active user interaction. | ||||
| CVE-2026-41459 | 1 Thexerteproject | 1 Xerteonlinetoolkits | 2026-04-27 | 5.3 Medium |
| Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated attackers to retrieve the full server-side filesystem path of the application root. Attackers can send a GET request to the /setup page to access the exposed root_path value rendered in the HTML response, which enables exploitation of path-dependent vulnerabilities such as relative path traversal in connector.php. | ||||
| CVE-2026-34414 | 1 Thexerteproject | 1 Xerteonlinetoolkits | 2026-04-27 | 7.1 High |
| Xerte Online Toolkits versions 3.15 and earlier contain a relative path traversal vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where the name parameter in rename commands is not sanitized for path traversal sequences. Attackers can supply a name value containing directory traversal sequences to move files from project media directories to arbitrary locations on the filesystem, potentially overwriting application files, achieving stored cross-site scripting, or combining with other vulnerabilities to achieve unauthenticated remote code execution by moving PHP code files to the application root. | ||||
| CVE-2026-34415 | 1 Thexerteproject | 1 Xerteonlinetoolkits | 2026-04-27 | 9.8 Critical |
| Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails to block PHP-executable extensions .php4 due to an incorrect regex pattern. Unauthenticated attackers can exploit this flaw combined with authentication bypass and path traversal vulnerabilities to upload malicious PHP code, rename it with a .php4 extension, and execute arbitrary operating system commands on the server. | ||||
| CVE-2026-34413 | 1 Thexerteproject | 1 Xerteonlinetoolkits | 2026-04-27 | 8.6 High |
| Xerte Online Toolkits versions 3.15 and earlier contain a missing authentication vulnerability in the elFinder connector endpoint at /editor/elfinder/php/connector.php where an HTTP redirect to unauthenticated callers does not call exit() or die(), allowing PHP execution to continue and process the full request server-side. Unauthenticated attackers can perform file operations on project media directories including creating directories, uploading files, renaming files, duplicating files, overwriting files, and deleting files, which can be chained with path traversal and extension blocklist vulnerabilities to achieve remote code execution and arbitrary file read. | ||||
| CVE-2026-33471 | 1 Nimiq | 2 Nimiq-block, Nimiq Proof-of-stake | 2026-04-27 | 9.6 Critical |
| nimiq-block contains block primitives to be used in Nimiq's Rust implementation. `SkipBlockProof::verify` computes its quorum check using `BitSet.len()`, then iterates `BitSet` indices and casts each `usize` index to `u16` (`slot as u16`) for slot lookup. Prior to version 1.3.0, if an attacker can get a `SkipBlockProof` verified where `MultiSignature.signers` contains out-of-range indices spaced by 65536, these indices inflate `len()` but collide onto the same in-range `u16` slot during aggregation. This makes it possible for a malicious validator with far fewer than `2f+1` real signer slots to pass skip block proof verification by multiplying a single BLS signature by the same factor. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available. | ||||
| CVE-2026-34062 | 1 Nimiq | 2 Network-libp2p, Nimiq Proof-of-stake | 2026-04-27 | 5.3 Medium |
| nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_max_concurrent_streams(1000)`, the node exposes a much larger stalled-slot budget than the library default. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available. | ||||
| CVE-2026-34064 | 1 Nimiq | 2 Nimiq-account, Nimiq Proof-of-stake | 2026-04-27 | 5.3 Medium |
| nimiq-account contains account primitives to be used in Nimiq's Rust implementation. Prior to version 1.3.0, `VestingContract::can_change_balance` returns `AccountError::InsufficientFunds` when `new_balance < min_cap`, but it constructs the error using `balance: self.balance - min_cap`. `Coin::sub` panics on underflow, so if an attacker can reach a state where `min_cap > balance`, the node crashes while trying to return an error. The `min_cap > balance` precondition is attacker-reachable because the vesting contract creation data (32-byte format) allows encoding `total_amount` without validating `total_amount <= transaction.value` (the real contract balance). After creating such a vesting contract, the attacker can broadcast an outgoing transaction to trigger the panic during mempool admission and block processing. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available. | ||||