Total
342746 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25696 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the language_tag parameter. Attackers can submit malicious SQL statements in the language_tag parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25698 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_to_delete parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_delete field to extract or modify sensitive database information. | ||||
| CVE-2019-25700 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the sort_direction parameter. Attackers can submit malicious SQL statements in the sort_direction parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25702 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the id_project parameter. Attackers can send crafted requests with malicious SQL statements in the id_project parameter to extract sensitive database information or modify data. | ||||
| CVE-2019-25704 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the filter_user_mail parameter. Attackers can send crafted requests with malicious SQL statements to extract sensitive database information or modify data. | ||||
| CVE-2019-25692 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id_to_modify' parameter. Attackers can send crafted requests with malicious SQL statements in the id_to_modify field to extract sensitive database information or modify data. | ||||
| CVE-2019-25690 | 2 Kados, Marmotech | 2 Kados R10 Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the mng_profile_id parameter. Attackers can send crafted requests with malicious SQL payloads in the mng_profile_id parameter to extract sensitive database information. | ||||
| CVE-2019-25688 | 2 Kados, Marmotech | 2 Kados Greenbee, Kados | 2026-04-07 | 8.2 High |
| Kados R10 GreenBee contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the menu_lev1 parameter. Attackers can send crafted requests with malicious SQL payloads in the menu_lev1 parameter to extract sensitive database information or modify database contents. | ||||
| CVE-2026-2862 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-04-07 | 5.3 Medium |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy. | ||||
| CVE-2026-2475 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-04-07 | 3.1 Low |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially crafted request to redirect a victim to arbitrary Web sites. | ||||
| CVE-2026-1491 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-04-07 | 5.3 Medium |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy. | ||||
| CVE-2026-31842 | 2026-04-07 | 7.5 High | ||
| Tinyproxy through 1.11.3 is vulnerable to HTTP request parsing desynchronization due to a case-sensitive comparison of the Transfer-Encoding header in src/reqs.c. The is_chunked_transfer() function uses strcmp() to compare the header value against "chunked", even though RFC 7230 specifies that transfer-coding names are case-insensitive. By sending a request with Transfer-Encoding: Chunked, an unauthenticated remote attacker can cause Tinyproxy to misinterpret the request as having no body. In this state, Tinyproxy sets content_length.client to -1, skips pull_client_data_chunked(), forwards request headers upstream, and transitions into relay_connection() raw TCP forwarding while unread body data remains buffered. This leads to inconsistent request state between Tinyproxy and backend servers. RFC-compliant backends (e.g., Node.js, Nginx) will continue waiting for chunked body data, causing connections to hang indefinitely. This behavior enables application-level denial of service through backend worker exhaustion. Additionally, in deployments where Tinyproxy is used for request-body inspection, filtering, or security enforcement, the unread body may be forwarded without proper inspection, resulting in potential security control bypass. | ||||
| CVE-2025-14831 | 2 Red Hat, Redhat | 11 Enterprise Linux, Ceph Storage, Enterprise Linux and 8 more | 2026-04-07 | 5.3 Medium |
| A flaw was found in GnuTLS. This vulnerability allows a denial of service (DoS) by excessive CPU (Central Processing Unit) and memory consumption via specially crafted malicious certificates containing a large number of name constraints and subject alternative names (SANs). | ||||
| CVE-2026-28810 | 1 Erlang | 1 Erlang\/otp | 2026-04-07 | N/A |
| Generation of Predictable Numbers or Identifiers vulnerability in Erlang/OTP kernel (inet_res, inet_db modules) allows DNS Cache Poisoning. The built-in DNS resolver (inet_res) uses a sequential, process-global 16-bit transaction ID for UDP queries and does not implement source port randomization. Response validation relies almost entirely on this ID, making DNS cache poisoning practical for an attacker who can observe one query or predict the next ID. This conflicts with RFC 5452 recommendations for mitigating forged DNS answers. inet_res is intended for use in trusted network environments and with trusted recursive resolvers. Earlier documentation did not clearly state this deployment assumption, which could lead users to deploy the resolver in environments where spoofed DNS responses are possible. This vulnerability is associated with program files lib/kernel/src/inet_db.erl and lib/kernel/src/inet_res.erl. This issue affects OTP from OTP 17.0 until OTP 28.4.2, 27.3.4.10 and 26.2.5.19 corresponding to kernel from 3.0 until 10.6.2, 10.2.7.4 and 9.2.4.11. | ||||
| CVE-2026-1345 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-04-07 | 7.3 High |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow an unauthenticated user to execute arbitrary commands as lower user privileges on the system due to improper validation of user supplied input. | ||||
| CVE-2025-13044 | 1 Ibm | 1 Concert | 2026-04-07 | 6.2 Medium |
| IBM Concert 1.0.0 through 2.2.0 creates temporary files with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | ||||
| CVE-2025-14104 | 1 Redhat | 6 Ceph Storage, Enterprise Linux, Hummingbird and 3 more | 2026-04-07 | 6.1 Medium |
| A flaw was found in util-linux. This vulnerability allows a heap buffer overread when processing 256-byte usernames, specifically within the `setpwnam()` function, affecting SUID (Set User ID) login-utils utilities writing to the password database. | ||||
| CVE-2026-1243 | 3 Ibm, Linux, Microsoft | 4 Aix, Content Navigator, Linux Kernel and 1 more | 2026-04-07 | 5.4 Medium |
| IBM Content Navigator 3.0.15, 3.1.0, and 3.2.0 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | ||||
| CVE-2026-33033 | 2026-04-07 | 6.5 Medium | ||
| An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. `MultiPartParser` allows remote attackers to degrade performance by submitting multipart uploads with `Content-Transfer-Encoding: base64` including excessive whitespace. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank Seokchan Yoon for reporting this issue. | ||||
| CVE-2026-32186 | 1 Microsoft | 1 Bing | 2026-04-07 | 10 Critical |
| Server-side request forgery (ssrf) in Microsoft Bing allows an unauthorized attacker to elevate privileges over a network. | ||||