Export limit exceeded: 348916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46507 | 2026-05-08 | N/A | ||
| A SSTI (server side template injection) vulnerability in the custom template export function in yeti-platform yeti before 2.1.12 allows attackers to execute code on the application server. | ||||
| CVE-2024-53326 | 2026-05-08 | N/A | ||
| LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution. | ||||
| CVE-2022-26522 | 2026-05-08 | N/A | ||
| The socket connection handler in aswArPot.sys in the Avast and AVG Windows Anti Rootkit driver before 22.1 allows local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) due to a double fetch vulnerability at aswArPot+0xc4a3. | ||||
| CVE-2023-42343 | 1 Alkacon | 1 Opencms | 2026-05-08 | N/A |
| A Cross Site Scripting vulnerability in Alkacon OpenCms before 10.5.1 exists via cmis-online/type. | ||||
| CVE-2023-42344 | 2026-05-08 | N/A | ||
| Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet. | ||||
| CVE-2023-42345 | 1 Alkacon | 1 Opencms | 2026-05-08 | N/A |
| A Cross Site Scripting vulnerability in Alkacon OpenCms before 16 exists via updateModelGroups.jsp. | ||||
| CVE-2026-8148 | 2026-05-08 | N/A | ||
| NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks. | ||||
| CVE-2026-8149 | 2026-05-08 | N/A | ||
| A vulnerability in Legion of the Bouncy Castle Inc. BC-FJA BC-FIPS on Linux, X86_64, AVX, AVX-512f. This vulnerability is associated with program files gcm128w, gcm512w. This issue affects BC-FJA: from 2.1.0 through 2.1.2. | ||||
| CVE-2026-42274 | 1 Dadrus | 1 Heimdall | 2026-05-08 | N/A |
| Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall performs rule matching on the raw (non-normalized) request path, while downstream components may normalize dot-segments according to RFC 3986, Section 6.2.2.3. This discrepancy can result in heimdall authorizing a request for one path (e.g., /user/../admin, or URL-encoded variants such as /user/%2e%2e/admin or /user/%2e%2e%2fadmin. The latter would require the allow_encoded_slashes option to be set to on or no_decode.) while the downstream ultimately processes a different, normalized path (/admin). This issue has been patched in version 0.17.14. | ||||
| CVE-2026-44298 | 1 Kimai | 1 Kimai | 2026-05-08 | 4.1 Medium |
| Kimai is an open-source time tracking application. From version 2.32.0 to before version 2.56.0, users with the role System-Admin (ROLE_SYSTE_ADMIN) and the permission upload_invoice_template can upload PDF invoice templates, which can call pdfContext.setOption('associated_files', ...) inside the sandboxed Twig render. This is forwarded to mPDF's SetAssociatedFiles(), whose writer calls file_get_contents($entry['path']) during PDF output and embeds the bytes as a FlateDecode stream in the PDF. Any file readable by the PHP worker is returned to the attacker inside the rendered invoice. This issue has been patched in version 2.56.0. | ||||
| CVE-2026-8069 | 2026-05-08 | N/A | ||
| PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation (LPE) vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with NT AUTHORITY\SYSTEM privileges and to delete arbitrary files with SYSTEM privileges. By leveraging this, an attacker can execute arbitrary code on the target system with elevated privileges. | ||||
| CVE-2026-41645 | 1 Projectdiscovery | 1 Nuclei | 2026-05-08 | 5.3 Medium |
| Nuclei is a vulnerability scanner built on a simple YAML-based DSL. From version 3.0.0 to before version 3.8.0, a vulnerability in Nuclei's expression evaluation engine makes it possible for a malicious target server to inject and execute supported DSL expressions. This happens when HTTP response data containing helper/function syntax gets reused by multi-step templates. If the -env-vars / -ev option is explicitly enabled, this can expose host environment variables. That option is off by default, so standard configurations are not affected by the information disclosure risk. This issue has been patched in version 3.8.0. | ||||
| CVE-2026-42264 | 1 Axios | 1 Axios | 2026-05-08 | 7.4 High |
| Axios is a promise based HTTP client for the browser and Node.js. From version 1.0.0 to before version 1.15.2, fFive config properties (auth, baseURL, socketPath, beforeRedirect, and insecureHTTPParser) in the HTTP adapter are read via direct property access without hasOwnProperty guards, making them exploitable as prototype pollution gadgets. When Object.prototype is polluted by another dependency in the same process, axios silently picks up these polluted values on every outbound HTTP request. This issue has been patched in version 1.15.2. | ||||
| CVE-2026-42267 | 1 Kimai | 1 Kimai | 2026-05-08 | N/A |
| Kimai is an open-source time tracking application. From version 2.27.0 to before version 2.54.0, any ROLE_USER can create a tag with a formula string as its name (e.g. =SUM(54+51)) via POST /api/tags and assign it to a timesheet. When an admin exports timesheets to XLSX, ArrayFormatter.formatValue() joins tag names with implode() and returns the result unchanged. OpenSpout promotes any =-prefixed string to a FormulaCell, writing <f>SUM(54+51)</f> into the XLSX archive. Excel evaluates the formula when the file is opened. This issue has been patched in version 2.54.0. | ||||
| CVE-2026-42271 | 1 Berriai | 1 Litellm | 2026-05-08 | N/A |
| LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to preview an MCP server before saving it — POST /mcp-rest/test/connection and POST /mcp-rest/test/tools/list — accepted a full server configuration in the request body, including the command, args, and env fields used by the stdio transport. When called with a stdio configuration, the endpoints attempted to connect, which spawned the supplied command as a subprocess on the proxy host with the privileges of the proxy process. The endpoints were gated only by a valid proxy API key, with no role check. Any authenticated user — including holders of low-privilege internal-user keys — could therefore run arbitrary commands on the host. This issue has been patched in version 1.83.7. | ||||
| CVE-2026-42203 | 1 Berriai | 1 Litellm | 2026-05-08 | N/A |
| LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test endpoint accepted user-supplied prompt templates and rendered them without sandboxing. A crafted template could run arbitrary code inside the LiteLLM Proxy process. The endpoint only checks that the caller presents a valid proxy API key, so any authenticated user could reach it. Depending on how the proxy is deployed, this could expose secrets in the process environment (such as provider API keys or database credentials) and allow commands to be run on the host. This issue has been patched in version 1.83.7. | ||||
| CVE-2026-42272 | 1 Dadrus | 1 Heimdall | 2026-05-08 | N/A |
| Heimdall is a cloud native Identity Aware Proxy and Access Control Decision service. Prior to version 0.17.14, Heimdall handles URL-encoded slashes (%2F) in a case-sensitive manner, while percent-encoding is defined to be case-insensitive. As a result, the lowercase equivalent (%2f) is not recognized and therefore not processed as expected when allow_encoded_slashes is set to off (the default setting). This discrepancy can lead to differences in how request paths are interpreted by heimdall and upstream components, which may result in authorization bypass. This issue has been patched in version 0.17.14. | ||||
| CVE-2026-8136 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-05-08 | 2.4 Low |
| A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This affects an unknown part of the file /index.php?page=users. Executing a manipulation of the argument Name can lead to cross site scripting. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-41498 | 1 Kimai | 1 Kimai | 2026-05-08 | 3.3 Low |
| Kimai is an open-source time tracking application. Prior to version 2.54.0, the Team API endpoints use #[IsGranted('edit_team')] instead of #[IsGranted('edit', 'team')], causing Symfony TeamVoter to abstain from voting. This removes entity-level ownership checks on team operations, allowing any user with the edit_team permission to modify any team, not just teams they are authorized to manage. This issue has been patched in version 2.54.0. | ||||
| CVE-2026-42275 | 1 Openziti | 1 Zrok | 2026-05-08 | 8.7 High |
| zrok is software for sharing web services, files, and network resources. Prior to version 2.0.2, the zrok WebDAV drive backend (davServer.Dir) restricts path traversal through lexical normalization but does not prevent symlink following. When a symbolic link inside the shared DriveRoot points to a location outside that root, remote WebDAV consumers can read files and—on shares without OS-level permission restrictions—write or overwrite files anywhere on the host filesystem accessible to the zrok process. This issue has been patched in version 2.0.2. | ||||