Total
345774 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29013 | 1 Libcoap | 1 Libcoap | 2026-04-20 | N/A |
| libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation. | ||||
| CVE-2025-13480 | 1 Fudo Security | 1 Fudo Enterprise | 2026-04-20 | N/A |
| Fudo Enterprise in versions from 5.5.0 through 5.6.2 allows low privileged users to access certain administrator-only resources via improperly protected API endpoints. This includes sensitive information such as system logs and parts of system configuration settings. This vulnerability has been fixed in version 5.6.3 | ||||
| CVE-2025-66335 | 1 Apache | 1 Doris Mcp Server | 2026-04-20 | 5.3 Medium |
| Apache Doris MCP Server versions earlier than 0.6.1 are affected by an improper neutralization flaw in query context handling that may allow execution of unintended SQL statements and bypass of intended query validation and access restrictions through the MCP query execution interface. Version 0.6.1 and later are not affected. | ||||
| CVE-2026-32956 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 9.8 Critical |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | ||||
| CVE-2026-5963 | 1 Digiwin | 1 Easyflow .net | 2026-04-20 | 9.8 Critical |
| EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-6369 | 2026-04-20 | N/A | ||
| An improper access control vulnerability in the canonical-livepatch snap client prior to version 10.15.0 allows a local unprivileged user to obtain a sensitive, root-level authentication token by sending an unauthenticated request to the livepatchd.sock Unix domain socket. This vulnerability is exploitable on systems where an administrator has already enabled the Livepatch client with a valid Ubuntu Pro subscription. This token allows an attacker to access Livepatch services using the victim's credentials, as well as potentially cause issues to the Livepatch server. | ||||
| CVE-2026-32650 | 1 Anviz | 1 Anviz Crosschex Standard | 2026-04-20 | 7.5 High |
| Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. | ||||
| CVE-2026-32957 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue on firmware maintenance. Arbitrary file may be uploaded on the device without authentication. | ||||
| CVE-2026-33557 | 1 Apache | 1 Kafka | 2026-04-20 | 9.1 Critical |
| A possible security vulnerability has been identified in Apache Kafka. By default, the broker property `sasl.oauthbearer.jwt.validator.class` is set to `org.apache.kafka.common.security.oauthbearer.DefaultJwtValidator`. It accepts any JWT token without validating its signature, issuer, or audience. An attacker can generate a JWT token from any issuer with the `preferred_username` set to any user, and the broker will accept it. We advise the Kafka users using kafka v4.1.0 or v4.1.1 to set the config `sasl.oauthbearer.jwt.validator.class` to `org.apache.kafka.common.security.oauthbearer.BrokerJwtValidator` explicitly to avoid this vulnerability. Since Kafka v4.1.2 and v4.2.0 and later, the issue is fixed and will correctly validate the JWT token. | ||||
| CVE-2026-35682 | 1 Anviz | 1 Anviz Cx2 Lite Firmware | 2026-04-20 | 8.8 High |
| Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | ||||
| CVE-2026-5720 | 1 Miniupnp Project | 1 Miniupnpd | 2026-04-20 | N/A |
| miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer. | ||||
| CVE-2026-32955 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 8.8 High |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a stack-based buffer overflow vulnerability in processing the redirect URLs. Arbitrary code may be executed on the device. | ||||
| CVE-2026-32958 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 6.5 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. use a hard-coded cryptographic key. An administrative user may be directed to apply a fake firmware update. | ||||
| CVE-2026-32959 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.9 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain an issue with a use of a broken or risky cryptographic algorithm. Information in the traffic may be retrieved via man-in-the-middle attack. | ||||
| CVE-2026-32961 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a heap-based buffer overflow vulnerability in packet data processing of sx_smpd. Processing a crafted packet may cause a temporary denial-of-service (DoS) condition. | ||||
| CVE-2026-32962 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | 5.3 Medium |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a missing authentication for critical function issue. The device configuration may be altered without authentication. | ||||
| CVE-2026-32963 | 1 Silextechnology | 2 Amc Manager, Sd-330ac | 2026-04-20 | N/A |
| SD-330AC and AMC Manager provided by silex technology, Inc. contain a reflected cross-site scripting vulnerability. When a user logs in to the affected device and access some crafted web page, arbitrary script may be executed on the user's browser. | ||||
| CVE-2026-33093 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 5.3 Medium |
| Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | ||||
| CVE-2026-35546 | 1 Anviz | 2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware | 2026-04-20 | 9.8 Critical |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. | ||||
| CVE-2026-39454 | 1 Skygroup | 2 Skymec It Manager, Skysea Client View | 2026-04-20 | N/A |
| SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege. | ||||