Export limit exceeded: 344234 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344234 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30460 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-13 | 8.8 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | ||||
| CVE-2026-20431 | 2 Mediatek, Mediatek, Inc. | 39 Mt6813, Mt6813 Firmware, Mt6815 and 36 more | 2026-04-13 | 6.5 Medium |
| In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01106496; Issue ID: MSV-4467. | ||||
| CVE-2026-20432 | 2 Mediatek, Mediatek, Inc. | 117 Mt2735, Mt2735 Firmware, Mt2737 and 114 more | 2026-04-13 | 8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01406170; Issue ID: MSV-4461. | ||||
| CVE-2026-20433 | 1 Mediatek | 125 Mediatek Chipset, Mt2735, Mt2735 Firmware and 122 more | 2026-04-13 | 8.8 High |
| In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: MOLY01088681; Issue ID: MSV-4460. | ||||
| CVE-2025-15611 | 3 Ays-pro, Popup Box, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-04-13 | 5.4 Medium |
| The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend. | ||||
| CVE-2026-20884 | 1 Libraw | 1 Libraw | 2026-04-13 | 8.1 High |
| An integer overflow vulnerability exists in the deflate_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-24450 | 1 Libraw | 1 Libraw | 2026-04-13 | 8.1 High |
| An integer overflow vulnerability exists in the uncompressed_fp_dng_load_raw functionality of LibRaw Commit 8dc68e2. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-24660 | 1 Libraw | 1 Libraw | 2026-04-13 | 8.1 High |
| A heap-based buffer overflow vulnerability exists in the x3f_load_huffman functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-20889 | 1 Libraw | 1 Libraw | 2026-04-13 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the x3f_thumb_loader functionality of LibRaw Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-31789 | 1 Openssl | 1 Openssl | 2026-04-13 | 5.8 Medium |
| Issue summary: Converting an excessively large OCTET STRING value to a hexadecimal string leads to a heap buffer overflow on 32 bit platforms. Impact summary: A heap buffer overflow may lead to a crash or possibly an attacker controlled code execution or other undefined behavior. If an attacker can supply a crafted X.509 certificate with an excessively large OCTET STRING value in extensions such as the Subject Key Identifier (SKID) or Authority Key Identifier (AKID) which are being converted to hex, the size of the buffer needed for the result is calculated as multiplication of the input length by 3. On 32 bit platforms, this multiplication may overflow resulting in the allocation of a smaller buffer and a heap buffer overflow. Applications and services that print or log contents of untrusted X.509 certificates are vulnerable to this issue. As the certificates would have to have sizes of over 1 Gigabyte, printing or logging such certificates is a fairly unlikely operation and only 32 bit platforms are affected, this issue was assigned Low severity. The FIPS modules in 3.6, 3.5, 3.4, 3.3 and 3.0 are not affected by this issue, as the affected code is outside the OpenSSL FIPS module boundary. | ||||
| CVE-2026-27140 | 1 Gotoolchain | 1 Cmd/go | 2026-04-13 | 8.8 High |
| SWIG file names containing 'cgo' and well-crafted payloads could lead to code smuggling and arbitrary code execution at build time due to trust layer bypass. | ||||
| CVE-2026-21413 | 1 Libraw | 1 Libraw | 2026-04-13 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the lossless_jpeg_load_raw functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-20911 | 1 Libraw | 1 Libraw | 2026-04-13 | 9.8 Critical |
| A heap-based buffer overflow vulnerability exists in the HuffTable::initval functionality of LibRaw Commit 0b56545 and Commit d20315b. A specially crafted malicious file can lead to a heap buffer overflow. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-35534 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 7.6 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, a stored cross-site scripting vulnerability exists in PersonView.php due to incorrect use of sanitizeText() as an output sanitizer for HTML attribute context. The function only strips HTML tags, it does not escape quote characters allowing an attacker to break out of the href attribute and inject arbitrary JavaScript event handlers. Any authenticated user with the EditRecords role can store the payload in a person's Facebook field. The XSS fires against any user who views that person's profile page, including administrators, enabling session hijacking and full account takeover. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-4631 | 1 Redhat | 3 Enterprise Linux, Enterprise Linux Eus, Rhel Eus | 2026-04-13 | 9.8 Critical |
| Cockpit's remote login feature passes user-supplied hostnames and usernames from the web interface to the SSH client without validation or sanitization. An attacker with network access to the Cockpit web service can craft a single HTTP request to the login endpoint that injects malicious SSH options or shell commands, achieving code execution on the Cockpit host without valid credentials. The injection occurs during the authentication flow before any credential verification takes place, meaning no login is required to exploit the vulnerability. | ||||
| CVE-2026-35573 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 9.1 Critical |
| ChurchCRM is an open-source church management system. Prior to 6.5.3, a path traversal vulnerability in ChurchCRM's backup restore functionality allows authenticated administrators to upload arbitrary files and achieve remote code execution by overwriting Apache .htaccess configuration files. The vulnerability exists in src/ChurchCRM/Backup/RestoreJob.php. The $rawUploadedFile['name'] parameter is user-controlled and allows uploading files with arbitrary names to /var/www/html/tmp_attach/ChurchCRMBackups/. This vulnerability is fixed in 6.5.3. | ||||
| CVE-2026-35572 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 6.0 Medium |
| ChurchCRM is an open-source church management system. Prior to 6.5.3, it is possible to trigger server-side HTTP/HTTPS requests to arbitrary hosts (SSRF) by supplying a crafted URL in the Referer request header. The server subsequently makes an outbound request to the attacker-controlled domain, confirmed via OAST. This vulnerability is fixed in 6.5.3. | ||||
| CVE-2026-39325 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 7.2 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /SettingsUser.php in ChurchCRM 7.0.5. Authenticated administrative users can inject arbitrary SQL statements through the type array parameter via the index and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-39326 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 8.8 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /PropertyTypeEditor.php in ChurchCRM. Authenticated users with the role isMenuOptionsEnabled can inject arbitrary SQL statements through the Name and Description parameters and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. | ||||
| CVE-2026-39327 | 1 Churchcrm | 1 Churchcrm | 2026-04-13 | 8.8 High |
| ChurchCRM is an open-source church management system. Prior to 7.1.0, an SQL injection vulnerability was found in the endpoint /MemberRoleChange.php in ChurchCRM 7.0.5. Authenticated users with the role Manage Groups & Roles (ManageGroups) can inject arbitrary SQL statements through the NewRole parameter and thus extract and modify information from the database. This vulnerability is fixed in 7.1.0. | ||||