Export limit exceeded: 17437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 343533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15554 | 1 Truesec | 1 Lapswebui | 2026-04-08 | 7.8 High |
| Browser caching of LAPS passwords in Truesec’s LAPSWebUI before version 2.4 allows an attacker with access to a workstation to escalate their privileges via disclosure of local admin passwords. | ||||
| CVE-2026-21991 | 2 Oracle, Oracle Corporation | 2 Linux, Oracle Linux | 2026-04-08 | 5.5 Medium |
| A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. | ||||
| CVE-2026-3237 | 1 Octopus | 1 Octopus Server | 2026-04-08 | 4.3 Medium |
| In affected versions of Octopus Server it was possible for a low privileged user to manipulate an API request to change the signing key expiration and revocation time frames via an API endpoint that had incorrect permission validation. It was not possible to expose the signing keys using this vulnerability. | ||||
| CVE-2026-2991 | 2 Iqonicdesign, Wordpress | 2 Kivicare – Clinic & Patient Management System (ehr), Wordpress | 2026-04-08 | 7.3 High |
| The KiviCare – Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 4.1.2. This is due to the `patientSocialLogin()` function not verifying the social provider access token before authenticating a user. This makes it possible for unauthenticated attackers to log in as any patient registered on the system by providing only their email address and an arbitrary value for the access token, bypassing all credential verification. The attacker gains access to sensitive medical records, appointments, prescriptions, and billing information (PII/PHI breach). Additionally, authentication cookies are set before the role check, meaning the auth cookies for non-patient users (including administrators) are also set in the HTTP response headers, even though a 403 response is returned. | ||||
| CVE-2026-3479 | 1 Python | 1 Cpython | 2026-04-08 | 3.3 Low |
| DISPUTED: The project has clarified that the documentation was incorrect, and that pkgutil.get_data() has the same security model as open(). The documentation has been updated to clarify this point. There is no vulnerability in the function if following the intended security model. pkgutil.get_data() did not validate the resource argument as documented, allowing path traversals. | ||||
| CVE-2026-27043 | 2 Themegoods, Wordpress | 2 Photography, Wordpress | 2026-04-08 | 7.2 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGoods Photography allows Path Traversal.This issue affects Photography: from n/a before 7.7.6. | ||||
| CVE-2025-63261 | 3 Awstats, Debian, Eldy | 3 Awstats, Debian Linux, Awstats | 2026-04-08 | 7.8 High |
| AWStats 8.0 is vulnerable to Command Injection via the open function | ||||
| CVE-2026-4437 | 2 Gnu, The Gnu C Library | 2 Glibc, Glibc | 2026-04-08 | 7.5 High |
| Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the application to treat a non-answer section of the DNS response as a valid answer. | ||||
| CVE-2026-4438 | 2 Gnu, The Gnu C Library | 2 Glibc, Glibc | 2026-04-08 | 5.4 Medium |
| Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | ||||
| CVE-2026-2290 | 2 Jurajsim, Wordpress | 2 Post Affiliate Pro, Wordpress | 2026-04-08 | 3.8 Low |
| The Post Affiliate Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.28.0. This makes it possible for authenticated attackers, with Administrator-level access, to make web requests to initiate arbitrary outbound requests from the application and read the returned response content. Successful exploitation was confirmed by receiving and observing response data from an external Collaborator endpoint. | ||||
| CVE-2026-4127 | 2 Charlycharm, Wordpress | 2 Speedup Optimization, Wordpress | 2026-04-08 | 4.3 Medium |
| The Speedup Optimization plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 1.5.9. The `speedup01_ajax_enabled()` function, which handles the `wp_ajax_speedup01_enabled` AJAX action, does not perform any capability check via `current_user_can()` and also lacks nonce verification. This is in contrast to other AJAX handlers in the same plugin (e.g., `speedup01_ajax_install_iox` and `speedup01_ajax_delete_cache_file`) which properly check for `install_plugins` and `manage_options` capabilities respectively. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enable or disable the site's optimization module by sending a POST request to admin-ajax. | ||||
| CVE-2026-1253 | 2 Atomchat, Wordpress | 2 Group Chat & Video Chat By Atomchat, Wordpress | 2026-04-08 | 4.3 Medium |
| The Group Chat & Video Chat by AtomChat plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'atomchat_update_auth_ajax' and 'atomchat_update_layout_ajax' functions in all versions up to, and including, 1.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options, including critical settings such as API keys, authentication keys, and layout configurations. | ||||
| CVE-2026-4570 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-08 | 6.3 Medium |
| A vulnerability was identified in SourceCodester Sales and Inventory System 1.0. Affected is an unknown function of the file /view_customers.php of the component HTTP POST Request Handler. Such manipulation of the argument searchtxt leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-4779 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-08 | 6.3 Medium |
| A security vulnerability has been detected in SourceCodester Sales and Inventory System 1.0. This issue affects some unknown processing of the file update_customer_details.php of the component HTTP GET Parameter Handler. Such manipulation of the argument sid leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-4780 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-08 | 6.3 Medium |
| A vulnerability was detected in SourceCodester Sales and Inventory System 1.0. Impacted is an unknown function of the file update_out_standing.php of the component HTTP GET Parameter Handler. Performing a manipulation of the argument sid results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. | ||||
| CVE-2026-4781 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-08 | 6.3 Medium |
| A flaw has been found in SourceCodester Sales and Inventory System 1.0. The affected element is an unknown function of the file update_purchase.php of the component HTTP GET Parameter Handler. Executing a manipulation of the argument sid can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-4826 | 2 Ahsanriaz26gmailcom, Sourcecodester | 2 Sales And Inventory System, Sales And Inventory System | 2026-04-08 | 6.3 Medium |
| A vulnerability was determined in SourceCodester Sales and Inventory System 1.0. This vulnerability affects unknown code of the file /update_stock.php of the component HTTP GET Parameter Handler. This manipulation of the argument sid causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-4484 | 2 Masteriyo, Wordpress | 2 Masteriyo Lms – Online Course Builder For Elearning, Lms & Education, Wordpress | 2026-04-08 | 8.8 High |
| The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepare_object_for_database' function. This makes it possible for authenticated attackers, with Student-level access and above, to elevate their privileges to that of an administrator. | ||||
| CVE-2026-33494 | 1 Ory | 1 Oathkeeper | 2026-04-08 | 10 Critical |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to an authorization bypass via HTTP path traversal. An attacker can craft a URL containing path traversal sequences (e.g. `/public/../admin/secrets`) that resolves to a protected path after normalization, but is matched against a permissive rule because the raw, un-normalized path is used during rule evaluation. Version 26.2.0 contains a patch. | ||||
| CVE-2026-33496 | 1 Ory | 1 Oathkeeper | 2026-04-08 | 8.1 High |
| ORY Oathkeeper is an Identity & Access Proxy (IAP) and Access Control Decision API that authorizes HTTP requests based on sets of Access Rules. Versions prior to 26.2.0 are vulnerable to authentication bypass due to cache key confusion. The `oauth2_introspection` authenticator cache does not distinguish tokens that were validated with different introspection URLs. An attacker can therefore legitimately use a token to prime the cache, and subsequently use the same token for rules that use a different introspection server. Ory Oathkeeper has to be configured with multiple `oauth2_introspection` authenticator servers, each accepting different tokens. The authenticators also must be configured to use caching. An attacker has to have a way to gain a valid token for one of the configured introspection servers. Starting in version 26.2.0, Ory Oathkeeper includes the introspection server URL in the cache key, preventing confusion of tokens. Update to the patched version of Ory Oathkeeper. If that is not immediately possible, disable caching for `oauth2_introspection` authenticators. | ||||