Export limit exceeded: 347612 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347612 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7555 | 1 Itsourcecode | 1 Electronic Judging System | 2026-05-01 | 7.3 High |
| A vulnerability was identified in itsourcecode Electronic Judging System 1.0. This affects an unknown part of the file /intrams/login.php. Such manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-36757 | 1 Halo | 1 Halo | 2026-05-01 | 4.3 Medium |
| A Server-Side Request Forgery (SSRF) in the /plugins/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||
| CVE-2026-36756 | 1 Halo | 1 Halo | 2026-05-01 | 5.4 Medium |
| A Server-Side Request Forgery (SSRF) in the /plugins/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||
| CVE-2026-36758 | 1 Halo | 1 Halo | 2026-05-01 | 4.3 Medium |
| A Server-Side Request Forgery (SSRF) in the /themes/-/install-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||
| CVE-2026-36759 | 1 Halo | 1 Halo | 2026-05-01 | 6.5 Medium |
| A Server-Side Request Forgery (SSRF) in the /themes/{name}/upgrade-from-uri endpoint of halo v2.22.14 allows authenticated attackers to scan internal resources via a crafted GET request. | ||||
| CVE-2026-42799 | 1 Asrmicro | 1 Kestrel | 2026-05-01 | 7.4 High |
| Out-of-bounds read vulnerability in ASR Kestrel (nr_fw modules) allows Overflow Buffers. This vulnerability is associated with program files Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. This issue affects Kestrel: before 2026/02/10. | ||||
| CVE-2026-42800 | 1 Asrmicro | 1 Lapwing Linux | 2026-05-01 | 7.4 High |
| NULL pointer dereference vulnerability in ASR1903 in ASR Lapwing_Linux on Linux (ims_client modules) allows Pointer Manipulation. This vulnerability is associated with program files sip/utils/src/sipuri.c. | ||||
| CVE-2026-4670 | 1 Progress | 1 Moveit Automation | 2026-05-01 | 9.8 Critical |
| Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. | ||||
| CVE-2026-33446 | 1 Absolute | 1 Secure Access | 2026-05-01 | N/A |
| CVE-2026-33446 is a buffer overflow in the authentication sub-system of the Secure Access client prior to 14.50. Attackers with control of a modified server can send a special packet that can overwrite a small portion of memory conceivably leading to memory corruption or a denial of service. | ||||
| CVE-2026-28532 | 1 Frrouting | 1 Frrouting | 2026-05-01 | 6.5 Medium |
| FRRouting before 10.5.3 contains an integer overflow vulnerability in seven OSPF Traffic Engineering and Segment Routing TLV parser functions where a uint16_t accumulator variable truncates uint32_t values returned by the TLV_SIZE() macro, causing the loop termination condition to fail while pointer advancement continues unchecked. Attackers with an established OSPF adjacency can send a crafted LS Update packet with a malicious Type 10 or Type 11 Opaque LSA to trigger out-of-bounds memory reads and crash all affected routers in the OSPF area or autonomous system. | ||||
| CVE-2026-7501 | 1 Linkstack | 1 Linkstack | 2026-05-01 | 3.5 Low |
| A weakness has been identified in LinkStackOrg LinkStack up to 4.8.6. Impacted is the function editPage of the file app/Http/Controllers/UserController.php. Executing a manipulation of the argument pageDescription can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks. The project was informed of the problem early through a pull request but has not reacted yet. | ||||
| CVE-2026-7510 | 1 Owasp | 1 Defectdojo | 2026-05-01 | 6.3 Medium |
| A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended. | ||||
| CVE-2026-21422 | 1 Dell | 1 Powerscale Onefs | 2026-05-01 | 3.4 Low |
| Dell PowerScale OneFS, versions 9.10.0.0 through 9.13.1.0, contains an external control of system or configuration setting vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to protection mechanism bypass. | ||||
| CVE-2026-7549 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-05-01 | 7.3 High |
| A flaw has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. This impacts an unknown function of the file /ajax.php?action=delete_customer. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. | ||||
| CVE-2026-7550 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-05-01 | 7.3 High |
| A vulnerability has been found in SourceCodester Pharmacy Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=save_customer. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-25667 | 1 Microsoft | 2 .net, Aspnetcore | 2026-05-01 | 7.5 High |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | ||||
| CVE-2026-7354 | 4 Apple, Google, Linux and 1 more | 4 Macos, Chrome, Linux Kernel and 1 more | 2026-05-01 | 8.8 High |
| Out of bounds read and write in Angle in Google Chrome prior to 147.0.7727.138 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-38992 | 1 Cockpit-hq | 1 Cockpit | 2026-05-01 | 9.8 Critical |
| Cockpit v2.13.5 and earlier is vulnerable to arbitrary code execution via the filter parameter within multiple endpoints. This vulnerability allows an attacker to run system commands on the underlying infrastructure via the MongoLite $func operator. | ||||
| CVE-2026-38991 | 1 Cockpit-hq | 1 Cockpit | 2026-05-01 | 8.8 High |
| Cockpit 2.13.5 and earlier is affected by a misconfiguration within the Bucket component _isFileTypeAllowed function where a specially crafted filename bypasses an extension filter. This allows an authenticated attacker to rename arbitrary files with the .php file extension enabling arbitrary code to be executed on the underlying server. | ||||
| CVE-2026-36761 | 1 Thinkgem | 1 Jeesite | 2026-05-01 | 6.1 Medium |
| A stored cross-site scripting (XSS) vulnerability in the /msg/msgInner/save endpoint of JeeSite v5.15.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted input into the msgContent parameter. | ||||