Export limit exceeded: 344321 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344321 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-31427 | 1 Linux | 1 Linux Kernel | 2026-04-13 | 5.8 Medium |
| In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp process_sdp() declares union nf_inet_addr rtp_addr on the stack and passes it to the nf_nat_sip sdp_session hook after walking the SDP media descriptions. However rtp_addr is only initialized inside the media loop when a recognized media type with a non-zero port is found. If the SDP body contains no m= lines, only inactive media sections (m=audio 0 ...) or only unrecognized media types, rtp_addr is never assigned. Despite that, the function still calls hooks->sdp_session() with &rtp_addr, causing nf_nat_sdp_session() to format the stale stack value as an IP address and rewrite the SDP session owner and connection lines with it. With CONFIG_INIT_STACK_ALL_ZERO (default on most distributions) this results in the session-level o= and c= addresses being rewritten to 0.0.0.0 for inactive SDP sessions. Without stack auto-init the rewritten address is whatever happened to be on the stack. Fix this by pre-initializing rtp_addr from the session-level connection address (caddr) when available, and tracking via a have_rtp_addr flag whether any valid address was established. Skip the sdp_session hook entirely when no valid address exists. | ||||
| CVE-2026-34849 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 2.5 Low |
| UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34854 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 5.7 Medium |
| UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-34858 | 1 Huawei | 1 Harmonyos | 2026-04-13 | 4.1 Medium |
| UAF vulnerability in the communication module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-34859 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-13 | 5.9 Medium |
| UAF vulnerability in the kernel module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-32860 | 1 Ni | 1 Labview | 2026-04-13 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVLIB file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvlib file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-5119 | 2 Gnome, Redhat | 2 Libsoup, Enterprise Linux | 2026-04-13 | 5.9 Medium |
| A flaw was found in libsoup. When establishing HTTPS tunnels through a configured HTTP proxy, sensitive session cookies are transmitted in cleartext within the initial HTTP CONNECT request. A network-positioned attacker or a malicious HTTP proxy can intercept these cookies, leading to potential session hijacking or user impersonation. | ||||
| CVE-2026-32861 | 1 Ni | 1 Labview | 2026-04-13 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write when loading a corrupted LVCLASS file in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .lvclass file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-32862 | 1 Ni | 1 Labview | 2026-04-13 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds write in ResFileFactory::InitResourceMgr() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-32863 | 1 Ni | 1 Labview | 2026-04-13 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds read in sentry_transaction_context_set_operation() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-32864 | 1 Ni | 1 Labview | 2026-04-13 | 7.8 High |
| There is a memory corruption vulnerability due to an out-of-bounds read in mgcore_SH_25_3!aligned_free() in NI LabVIEW. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted VI file. This vulnerability affects NI LabVIEW 2026 Q1 (26.1.0) and prior versions. | ||||
| CVE-2026-30856 | 1 Tencent | 1 Weknora | 2026-04-13 | 5.9 Medium |
| WeKnora is an LLM-powered framework designed for deep document understanding and semantic retrieval. Prior to version 0.3.0, a vulnerability involving tool name collision and indirect prompt injection allows a malicious remote MCP server to hijack tool execution. By exploiting an ambiguous naming convention in the MCP client (mcp_{service}_{tool}), an attacker can register a malicious tool that overwrites a legitimate one (e.g., tavily_extract). This enables the attacker to redirect LLM execution flow, exfiltrate system prompts, context, and potentially execute other tools with the user's privileges. This issue has been patched in version 0.3.0. | ||||
| CVE-2026-32775 | 2 Libexif, Libexif Project | 2 Libexif, Libexif | 2026-04-13 | 7.4 High |
| libexif through 0.6.25 has a flaw in decoding MakerNotes. If the exif_mnote_data_get_value function gets passed in a 0 size, the passed in-buffer would be overwritten due to an integer underflow. | ||||
| CVE-2026-29521 | 2 Hereta, Shenzhen Hereta Technology | 3 Eth-imc408m, Eth-imc408m Firmware, Hereta Eth-imc408m | 2026-04-13 | 4.3 Medium |
| Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a cross-site request forgery vulnerability that allows attackers to modify device configuration by exploiting missing CSRF protections in setup.cgi. Attackers can host malicious pages that submit forged requests using automatically-included HTTP Basic Authentication credentials to add RADIUS accounts, alter network settings, or trigger diagnostics. | ||||
| CVE-2026-29520 | 2 Hereta, Shenzhen Hereta Technology | 3 Eth-imc408m, Eth-imc408m Firmware, Hereta Eth-imc408m | 2026-04-13 | 6.1 Medium |
| Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a reflected cross-site scripting vulnerability in the Network Diagnosis ping function that allows attackers to execute arbitrary JavaScript. Attackers can craft malicious links with injected script payloads in the ping_ipaddr parameter to compromise authenticated administrator sessions when the links are visited. | ||||
| CVE-2026-29513 | 2 Hereta, Shenzhen Hereta Technology | 3 Eth-imc408m, Eth-imc408m Firmware, Hereta Eth-imc408m | 2026-04-13 | 5.4 Medium |
| Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Location field. Attackers can inject malicious scripts through the System Status interface that execute in browsers of users viewing the status page without input sanitation. | ||||
| CVE-2026-29510 | 2 Hereta, Shenzhen Hereta Technology | 3 Eth-imc408m, Eth-imc408m Firmware, Hereta Eth-imc408m | 2026-04-13 | 5.4 Medium |
| Hereta ETH-IMC408M firmware version 1.0.15 and prior contain a stored cross-site scripting vulnerability that allows authenticated attackers to inject arbitrary JavaScript by manipulating the Device Name field. Attackers can inject malicious scripts through the System Status interface that execute in browsers of users viewing the status page without input sanitation. | ||||
| CVE-2026-4147 | 1 Mongodb | 2 Mongodb, Mongodb Server | 2026-04-13 | 6.5 Medium |
| An authenticated user with the read role may read limited amounts of uninitialized stack memory via specially-crafted issuances of the filemd5 command. | ||||
| CVE-2026-4148 | 1 Mongodb | 2 Mongodb, Mongodb Server | 2026-04-13 | 8.8 High |
| A use-after-free vulnerability can be triggered in sharded clusters by an authenticated user with the read role who issues a specially crafted $lookup or $graphLookup aggregation pipeline. | ||||
| CVE-2026-22895 | 2 Qnap, Qnap Systems | 2 Quftp, Quftp Service | 2026-04-13 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect QuFTP Service. If a remote attacker gains an administrator account, they can then exploit the vulnerability to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuFTP Service 1.4.3 and later QuFTP Service 1.5.2 and later QuFTP Service 1.6.2 and later | ||||