Export limit exceeded: 347739 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347739 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7320 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-01 | 7.5 High |
| Information disclosure due to incorrect boundary conditions in the Audio/Video component. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. | ||||
| CVE-2026-7322 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-05-01 | 7.3 High |
| Memory safety bugs present in Thunderbird ESR 140.10.0 and Thunderbird 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, Firefox ESR 115.35.1, Thunderbird 150.0.1, and Thunderbird 140.10.1. | ||||
| CVE-2026-40230 | 2 Helpy.io, Helpyio | 2 Helpy, Helpy | 2026-05-01 | 5.4 Medium |
| Helpy contains a stored cross-site scripting vulnerability in the knowledge base Doc rendering logic. An authenticated attacker with admin or agent editor privileges can persist arbitrary HTML or JavaScript in the body field of a knowledge base Doc.This issue affects helpy: 2.8.0. | ||||
| CVE-2026-40229 | 2 Helpy.io, Helpyio | 2 Helpy, Helpy | 2026-05-01 | 5.4 Medium |
| Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML notification emails sent to other users.This issue affects helpy: 2.8.0. | ||||
| CVE-2026-22751 | 2 Spring, Vmware | 2 Spring Security, Spring Security | 2026-05-01 | 4.8 Medium |
| Vulnerability in Spring Spring Security. Applications that explicitly configure One-Time Token login with JdbcOneTimeTokenService are vulnerable to a Time-of-check Time-of-use (TOCTOU) race condition. This issue affects Spring Security: from 6.4.0 through 6.4.15, from 6.5.0 through 6.5.9, from 7.0.0 through 7.0.4. | ||||
| CVE-2026-7579 | 1 Astrbot | 1 Astrbot | 2026-05-01 | 7.3 High |
| A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-13030 | 1 Pylixm | 1 Django-mdeditor | 2026-05-01 | 7.1 High |
| All versions of the package django-mdeditor are vulnerable to Missing Authentication for Critical Function in the image upload endpoint. An attacker can upload malicious files and achieve arbitrary code execution since this endpoint lacks authentication protection and proper sanitisation of file names. | ||||
| CVE-2026-41226 | 1 Ricoh | 1 Multiple Laser Printers And Mfps Which Implement Web Image Monitor | 2026-05-01 | N/A |
| Open redirect vulnerability exists in Multiple laser printers and MFPs which implement Ricoh Web Image Monitor. When accessing a specially crafted URL, the user may be redirected to an arbitrary website. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2026-22070 | 1 Oppo | 1 Coloros Assistant | 2026-05-01 | 7.1 High |
| ColorOS Assistant has an unauthenticated start-download channel, leading to file path traversal. | ||||
| CVE-2026-6498 | 2 Rustaurius, Wordpress | 2 Five Star Restaurant Reservations – Wordpress Booking Plugin, Wordpress | 2026-05-01 | 5.3 Medium |
| The Five Star Restaurant Reservations plugin for WordPress is vulnerable to a payment bypass via PHP type juggling in versions up to, and including, 2.7.16 This is due to the valid_payment() function using a PHP loose comparison (==) between the attacker-controlled payment_id POST parameter and the booking's stripe_payment_intent_id property. When an unauthenticated attacker submits a request to the nopriv AJAX handler rtb_stripe_pmt_succeed before the Stripe payment intent has been created for a booking (i.e., before the JavaScript-triggered create_stripe_pmtIntnt() call has stored an intent ID in post meta), the stripe_payment_intent_id property on the booking object remains null. The comparison sanitize_text_field('') == null evaluates to TRUE in PHP loose comparison, causing the payment verification check to pass with zero actual payment. This makes it possible for unauthenticated attackers to mark any existing payment_pending booking as paid without completing a Stripe payment by submitting an empty payment_id parameter. | ||||
| CVE-2026-1493 | 1 Wolters Kluwer Polska | 1 Lex Baza Dokumentów | 2026-05-01 | N/A |
| LEX Baza Dokumentów is vulnerable to DOM-based XSS in "em" cookie parameter. The application unsafely processes the parameter on the client side, allowing an attacker to execute arbitrary JavaScript in the context of the victim's browser. An attacker with ability to set a cookie can perform a more severe attack, so we evaluate the impact and risk of exploitation as minimal. However, the vendor considered this a vulnerability and released a security patch. This issue was fixed in version 1.3.4. | ||||
| CVE-2026-5080 | 1 Bigpresh | 1 Dancer::session::abstract | 2026-05-01 | 5.9 Medium |
| Dancer::Session::Abstract versions through 1.3522 for Perl generates session ids insecurely. The session id is generated from summing the character codepoints of the absolute pathname with the process id, the epoch time and calls to the built-in rand() function to return a number between 0 and 999-billion, and concatenating that result three times. The path name might be known or guessed by an attacker, especially for applications known to be written using Dancer with standard installation locations. The epoch time can be guessed by an attacker, and may be leaked in the HTTP header. The process id comes from a small set of numbers, and workers may have sequential process ids. The built-in rand() function is seeded with 32-bits and is considered unsuitable for security applications. Predictable session ids could allow an attacker to gain access to systems. | ||||
| CVE-2024-13971 | 2 Lobster, Lobster Gmbh | 2 Lobster Pro, Lobster Pro | 2026-05-01 | N/A |
| Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobster_pro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. | ||||
| CVE-2026-7382 | 1 Meware Software Development | 1 Pdks | 2026-05-01 | 6.5 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor, Exposure of private personal information to an unauthorized actor vulnerability in MeWare Software Development Inc. PDKS allows Excavation. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||||
| CVE-2026-7399 | 1 Meware Software Development | 1 Pdks | 2026-05-01 | 8.1 High |
| Authorization bypass through User-Controlled key vulnerability in MeWare Software Development Inc. PDKS allows Privilege Abuse. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||||
| CVE-2026-7402 | 1 Meware Software Development | 1 Pdks | 2026-05-01 | 8.1 High |
| Improper Control of Interaction Frequency vulnerability in MeWare Software Development Inc. PDKS allows Flooding. This issue affects PDKS: from V16.20200313 before VMYR_3.5.2025117. | ||||
| CVE-2026-7246 | 2 Pallets Click, Palletsprojects | 2 Click, Click | 2026-05-01 | 7.2 High |
| Pallets Click, versions 8.3.2 and below, contain a command injection vulnerability in the click.edit() function, allowing attackers to pass arbitrary OS commands from an unprivileged account. | ||||
| CVE-2025-71284 | 1 Synway | 1 Smg Gateway Management Software | 2026-05-01 | 9.8 Critical |
| Synway SMG Gateway Management Software contains an OS command injection vulnerability in the RADIUS configuration endpoint at /en/9-2radius.php where the radius_address POST parameter is split and interpolated directly into a sed command without sanitization. An unauthenticated remote attacker can inject arbitrary shell commands by submitting a POST request with crafted radius_address, radius_address2, shared_secret2, source_ip, timeout, or retry parameters along with save=1 and enable_radius=1 to achieve remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-11 (UTC). | ||||
| CVE-2022-50993 | 1 Weaver | 1 E-office | 2026-05-01 | 9.8 Critical |
| Weaver (Fanwei) E-office versions prior to 10.0_20221201 contain an unauthenticated arbitrary file upload vulnerability in the OfficeServer.php endpoint that allows remote attackers to upload malicious files by sending multipart POST requests with arbitrary filenames and disguised content types. Attackers can upload PHP webshells to the Document directory and execute them via HTTP GET requests to achieve remote code execution as the web server user. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-10-10 (UTC). | ||||
| CVE-2022-50992 | 1 Weaver | 1 E-cology | 2026-05-01 | 7.5 High |
| Weaver (Fanwei) E-cology 9.5 versions prior to 10.52 contain an arbitrary file read vulnerability in the XmlRpcServlet interface at the XML-RPC endpoint that allows unauthenticated remote attackers to read arbitrary files by supplying file paths to the WorkflowService.getAttachment and WorkflowService.LoadTemplateProp methods. Attackers can exploit these methods without authentication to retrieve sensitive files including system configuration files and database credentials from the server. Exploitation evidence was first observed by the Shadowserver Foundation on 2022-12-14 (UTC). | ||||