Export limit exceeded: 349338 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80113 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80113 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30995 | 1 Slah Cms | 1 Slah Cms | 2026-04-17 | 8.6 High |
| Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint. | ||||
| CVE-2026-30994 | 1 Slah Cms | 1 Slah Cms | 2026-04-17 | 7.5 High |
| Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials. | ||||
| CVE-2026-1462 | 1 Keras | 1 Keras | 2026-04-17 | 7.8 High |
| A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method. | ||||
| CVE-2026-38528 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 7.1 High |
| Krayin CRM v2.2.x was discovered to contain a SQL injection vulnerability via the rotten_lead parameter at /Lead/LeadDataGrid.php. | ||||
| CVE-2026-38527 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 8.5 High |
| A Server-Side Request Forgery (SSRF) in the /settings/webhooks/create component of Webkul Krayin CRM v2.2.x allows attackers to scan internal resources via supplying a crafted POST request. | ||||
| CVE-2025-51414 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-17 | 8.8 High |
| In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. | ||||
| CVE-2026-27627 | 2 Karakeep, Localhostlabs | 2 Karakeep, Karakeep | 2026-04-17 | 8.2 High |
| Karakeep is a elf-hostable bookmark-everything app. In version 0.30.0, when the Reddit metascraper plugin returns `readableContentHtml`, the HTML parsing subprocess uses it directly without running it through DOMPurify. Every other content source in the crawler goes through Readability + DOMPurify, but the Reddit path skips both. Since this content ends up in `dangerouslySetInnerHTML` in the reader view, any malicious HTML in the Reddit response gets executed in the user's browser. Version 0.31.0 contains a patch for this issue. | ||||
| CVE-2026-3148 | 2 Haben-cs9, Sourcecodester | 2 Simple And Nice Shopping Cart Script, Simple And Nice Shopping Cart Script | 2026-04-17 | 7.3 High |
| A vulnerability was determined in SourceCodester Simple and Nice Shopping Cart Script 1.0. This impacts an unknown function of the file /signup.php. This manipulation of the argument Username causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-27624 | 2 Coturn, Coturn Project | 2 Coturn, Coturn | 2026-04-17 | 7.2 High |
| Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using "denied-peer-ip" and/or default loopback restrictions. CVE-2020-26262 addressed bypasses involving "0.0.0.0", "[::1]" and "[::]", but IPv4-mapped IPv6 is not covered. When sending a "CreatePermission" or "ChannelBind" request with the "XOR-PEER-ADDRESS" value of "::ffff:127.0.0.1", a successful response is received, even though "127.0.0.0/8" is blocked via "denied-peer-ip". The root cause is that, prior to the updated fix implemented in version 4.9.0, three functions in "src/client/ns_turn_ioaddr.c" do not check "IN6_IS_ADDR_V4MAPPED". "ioa_addr_is_loopback()" checks "127.x.x.x" (AF_INET) and "::1" (AF_INET6), but not "::ffff:127.0.0.1." "ioa_addr_is_zero()" checks "0.0.0.0" and "::", but not "::ffff:0.0.0.0." "addr_less_eq()" used by "ioa_addr_in_range()" for "denied-peer-ip" matching: when the range is AF_INET and the peer is AF_INET6, the comparison returns 0 without extracting the embedded IPv4. Version 4.9.0 contains an updated fix to address the bypass of the fix for CVE-2020-26262. | ||||
| CVE-2026-27696 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-04-17 | 8.6 High |
| changedetection.io is a free open source web page change detection tool. In versions prior to 0.54.1, changedetection.io is vulnerable to Server-Side Request Forgery (SSRF) because the URL validation function `is_safe_valid_url()` does not validate the resolved IP address of watch URLs against private, loopback, or link-local address ranges. An authenticated user (or any user when no password is configured, which is the default) can add a watch for internal network URLs. The application fetches these URLs server-side, stores the response content, and makes it viewable through the web UI — enabling full data exfiltration from internal services. Version 0.54.1 contains a fix for the issue. | ||||
| CVE-2026-3151 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-17 | 7.3 High |
| A vulnerability was detected in itsourcecode College Management System 1.0. This vulnerability affects unknown code of the file /login/login.php. The manipulation of the argument email results in sql injection. The attack may be performed from remote. The exploit is now public and may be used. | ||||
| CVE-2026-3152 | 2 Angeljudesuarez, Itsourcecode | 2 College Management System, College Management System | 2026-04-17 | 7.3 High |
| A flaw has been found in itsourcecode College Management System 1.0. This issue affects some unknown processing of the file /admin/teacher-salary.php. This manipulation of the argument teacher_id causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used. | ||||
| CVE-2026-3153 | 2 Admerc, Itsourcecode | 2 Document Management System, Document Management System | 2026-04-17 | 7.3 High |
| A vulnerability has been found in itsourcecode Document Management System 1.0. Impacted is an unknown function of the file /register.php. Such manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-3179 | 1 Asustor | 2 Adm, Data Master | 2026-04-17 | 8.1 High |
| The FTP Backup on the ADM does not properly sanitize filenames received from the FTP server when parsing directory listings. A malicious server or MITM attacker can craft filenames containing path traversal sequences, causing the client to write files outside the intended backup directory. A path traversal vulnerability may allow an attacker to overwrite arbitrary files on the system and potentially achieve privilege escalation or remote code execution. Affected products and versions include: from ADM 4.1.0 through ADM 4.3.3.ROF1 as well as from ADM 5.0.0 through ADM 5.1.2.RE51. | ||||
| CVE-2026-3165 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-17 | 8.8 High |
| A vulnerability was determined in Tenda F453 1.0.0.3. Impacted is the function fromSetWifiGusetBasic of the file /goform/AdvSetWrlsafeset of the component httpd. This manipulation of the argument mit_ssid causes buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-3166 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-17 | 8.8 High |
| A vulnerability was identified in Tenda F453 1.0.0.3. The affected element is the function fromRouteStatic of the file /goform/RouteStatic of the component httpd. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-3167 | 1 Tenda | 2 F453, F453 Firmware | 2026-04-17 | 8.8 High |
| A security flaw has been discovered in Tenda F453 1.0.0.3. The impacted element is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component httpd. Performing a manipulation of the argument webSiteId results in buffer overflow. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-28193 | 1 Jetbrains | 1 Youtrack | 2026-04-17 | 8.8 High |
| In JetBrains YouTrack before 2025.3.121962 apps were able to send requests to the app permissions endpoint | ||||
| CVE-2026-27692 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-17 | 7.1 High |
| iccDEV provides a set of libraries and tools for working with ICC color management profiles. In versions up to and including 2.3.1.4, heap-buffer-overflow read occurs during CIccTagTextDescription::Release() when strlen() reads past a heap buffer while parsing ICC profile XML text description tags, causing a crash. Commit 29d088840b962a7cdd35993dfabc2cb35a049847 fixes the issue. No known workarounds are available. | ||||
| CVE-2026-40038 | 1 Pachno | 1 Pachno | 2026-04-17 | 7.2 High |
| Pachno 1.0.6 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads into POST parameters. Attackers can inject scripts through the value, comment_body, article_content, description, and message parameters across multiple controllers, which are stored in the database and executed in users' browser sessions due to improper sanitization via Request::getRawParameter() or Request::getParameter() calls. | ||||