Export limit exceeded: 344712 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344712 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5890 | 1 Google | 1 Chrome | 2026-04-13 | 6.5 Medium |
| Race in WebCodecs in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2025-62188 | 1 Apache | 1 Dolphinscheduler | 2026-04-13 | 7.5 High |
| An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.*. Users are recommended to upgrade to: * version ≥ 3.2.0 if using 3.1.x As a temporary workaround, users who cannot upgrade immediately may restrict the exposed management endpoints by setting the following environment variable: ``` MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE=health,metrics,prometheus ``` Alternatively, add the following configuration to the application.yaml file: ``` management: endpoints: web: exposure: include: health,metrics,prometheus ``` This issue has been reported as CVE-2023-48796: https://cveprocess.apache.org/cve5/CVE-2023-48796 | ||||
| CVE-2026-34177 | 1 Canonical | 1 Lxd | 2026-04-13 | 9.1 Critical |
| Canonical LXD versions 4.12 through 6.7 contain an incomplete denylist in isVMLowLevelOptionForbidden (lxd/project/limits/permissions.go), which omits raw.apparmor and raw.qemu.conf from the set of keys blocked under the restricted.virtual-machines.lowlevel=block project restriction. A remote attacker with can_edit permission on a VM instance in a restricted project can inject an AppArmor rule and a QEMU chardev configuration that bridges the LXD Unix socket into the guest VM, enabling privilege escalation to LXD cluster administrator and subsequently to host root. | ||||
| CVE-2026-34179 | 1 Canonical | 1 Lxd | 2026-04-13 | 9.1 Critical |
| In Canonical LXD versions 4.12 through 6.7, the doCertificateUpdate function in lxd/certificates.go does not validate the Type field when handling PUT/PATCH requests to /1.0/certificates/{fingerprint} for restricted TLS certificate users, allowing a remote authenticated attacker to escalate privileges to cluster admin. | ||||
| CVE-2026-33005 | 1 Apache | 1 Openmeetings | 2026-04-13 | 4.3 Medium |
| Improper Handling of Insufficient Privileges vulnerability in Apache OpenMeetings. Any registered user can query web service with their credentials and get files/sub-folders of any folder by ID (metadata only NOT contents). Metadata includes id, type, name and some other field. Full list of fields get be checked at FileItemDTO object. This issue affects Apache OpenMeetings: from 3.10 before 9.0.0. Users are recommended to upgrade to version 9.0.0, which fixes the issue. | ||||
| CVE-2026-4878 | 1 Redhat | 5 Enterprise Linux, Hardened Images, Hummingbird and 2 more | 2026-04-13 | 6.7 Medium |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. | ||||
| CVE-2026-4901 | 1 Hydrosystem | 1 Control System | 2026-04-13 | N/A |
| Hydrosystem Control System saves sensitive information into a log file. Critically, user credentials are logged allowing the attacker to obtain further authorized access into the system. Combined with vulnerability CVE-2026-34184, these sensitive information could be accessed by an unauthorized user.This issue was fixed in Hydrosystem Control System version 9.8.5 | ||||
| CVE-2025-45806 | 1 Rrweb-io | 1 Rrweb | 2026-04-13 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in rrweb-snapshot before v2.0.0-alpha.18 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-57735 | 1 Apache | 1 Airflow | 2026-04-13 | 9.1 Critical |
| When user logged out, the JWT token the user had authtenticated with was not invalidated, which could lead to reuse of that token in case it was intercepted. In Airflow 3.2 we implemented the mechanism that implements token invalidation at logout. Users who are concerned about the logout scenario and possibility of intercepting the tokens, should upgrade to Airflow 3.2+ Users are recommended to upgrade to version 3.2.0, which fixes this issue. | ||||
| CVE-2026-5883 | 1 Google | 1 Chrome | 2026-04-13 | 8.8 High |
| Use after free in Media in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2026-4336 | 2 Rustaurius, Wordpress | 2 Ultimate Faq Accordion Plugin, Wordpress | 2026-04-13 | 6.4 Medium |
| The Ultimate FAQ Accordion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via FAQ content in all versions up to, and including, 2.4.7. This is due to the plugin calling html_entity_decode() on post_content during rendering in the set_display_variables() function (View.FAQ.class.php, line 746), which converts HTML entity-encoded payloads back into executable HTML, combined with insufficient output escaping in the faq-answer.php template where the decoded content is echoed without wp_kses_post() or any other sanitization. The ufaq custom post type is registered with 'show_in_rest' => true and defaults to 'post' capability_type, allowing Author-level users to create and publish FAQs via the REST API. An Author can submit entity-encoded malicious HTML (e.g., <img src=x onerror=alert()>) which bypasses WordPress's kses sanitization at save time (since kses sees entities as plain text, not tags), but is then decoded back into executable HTML by html_entity_decode() at render time. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in FAQ pages that will execute whenever a user accesses an injected FAQ, either directly or via the [ultimate-faqs] shortcode. | ||||
| CVE-2026-4112 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper neutralization of special elements used in an SQL command (“SQL Injection”) in SonicWall SMA1000 series appliances allows a remote authenticated attacker with read-only administrator privileges to escalate privileges to primary administrator. | ||||
| CVE-2026-4114 | 1 Sonicwall | 1 Sma1000 | 2026-04-13 | N/A |
| Improper handling of Unicode encoding in SonicWall SMA1000 series appliances allows a remote authenticated SSLVPN admin to bypass AMC TOTP authentication. | ||||
| CVE-2026-4660 | 1 Hashicorp | 1 Tooling | 2026-04-13 | 7.5 High |
| HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and package. | ||||
| CVE-2025-70365 | 1 Kiamo | 1 Kiamo | 2026-04-13 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in Kiamo before 8.4 due to improper output encoding of user-supplied input in administrative interfaces. An authenticated administrative user can inject arbitrary JavaScript code that is executed in the browser of users viewing the affected pages. | ||||
| CVE-2024-1490 | 1 Wago | 13 Cc100 (0751-9x01), Edge Controller (0752-8303-8000-0002), Pfc100 G1 (0750-810-xxxx-xxxx) and 10 more | 2026-04-13 | 7.2 High |
| An authenticated remote attacker with high privileges can exploit the OpenVPN configuration via the web-based management interface of a WAGO PLC. If user-defined scripts are permitted, OpenVPN may allow the execution of arbitrary shell commands enabling the attacker to run arbitrary commands on the device. | ||||
| CVE-2025-14551 | 1 Canonical | 1 Ubuntu | 2026-04-13 | N/A |
| In Ubuntu, Subiquity version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, Subiquity could include certain user credentials, such as the user's plaintext Wi-Fi password, in the attached logs. | ||||
| CVE-2025-15480 | 1 Canonical | 1 Ubuntu | 2026-04-13 | N/A |
| In Ubuntu, ubuntu-desktop-provision version 24.04.4 could leak sensitive user credentials during crash reporting. Upon installation failure, if a user submitted a bug report to Launchpad, ubuntu-desktop-provision could include the user's password hash in the attached logs. | ||||
| CVE-2026-1830 | 2 Davidfcarr, Wordpress | 2 Quick Playground, Wordpress | 2026-04-13 | 9.8 Critical |
| The Quick Playground plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.1. This is due to insufficient authorization checks on REST API endpoints that expose a sync code and allow arbitrary file uploads. This makes it possible for unauthenticated attackers to retrieve the sync code, upload PHP files with path traversal, and achieve remote code execution on the server. | ||||
| CVE-2026-21388 | 1 Mattermost | 1 Mattermost | 2026-04-13 | 3.7 Low |
| Mattermost Plugins versions <=2.3.1 fail to limit the request body size on the {{/lifecycle}} webhook endpoint which allows an authenticated attacker to cause memory exhaustion and denial of service via sending an oversized JSON payload. Mattermost Advisory ID: MMSA-2026-00610 | ||||