Export limit exceeded: 10201 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20902 | 1 Copeland | 9 Copeland Xweb 300d Pro, Copeland Xweb 500b Pro, Copeland Xweb 500d Pro and 6 more | 2026-04-18 | 8 High |
| An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route. | ||||
| CVE-2026-21659 | 1 Johnsoncontrols | 2 Frick Controls Quantum Hd, Frick Controls Quantum Hd Firmware | 2026-04-18 | 9.8 Critical |
| Unauthenticated Remote Code Execution and Information Disclosure due to Local File Inclusion (LFI) vulnerability in Johnson Controls Frick Controls Quantum HD allow an unauthenticated attacker to execute arbitrary code on the affected device, leading to full system compromise. This issue affects Frick Controls Quantum HD: Frick Controls Quantum HD version 10.22 and prior. | ||||
| CVE-2026-21450 | 1 Webkul | 1 Bagisto | 2026-04-18 | 9.8 Critical |
| Bagisto is an open source laravel eCommerce platform. Versions prior to 2.3.10 are vulnerable to server-side template injection via type parameter, which can lead to remote code execution or another exploitation. Version 2.3.10 fixes the issue. | ||||
| CVE-2026-22187 | 1 Openmicroscopy | 1 Bio-formats | 2026-04-18 | 7.8 High |
| Bio-Formats versions up to and including 8.3.0 perform unsafe Java deserialization of attacker-controlled memoization cache files (.bfmemo) during image processing. The loci.formats.Memoizer class automatically loads and deserializes memo files associated with images without validation, integrity checks, or trust enforcement. An attacker who can supply a crafted .bfmemo file alongside an image can trigger deserialization of untrusted data, which may result in denial of service, logic manipulation, or potentially remote code execution in environments where suitable gadget chains are present on the classpath. | ||||
| CVE-2026-21869 | 1 Ggml | 1 Llama.cpp | 2026-04-18 | 8.8 High |
| llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.cpp server's completion endpoints without validation to ensure it's non-negative. When a negative value is supplied and the context fills up, llama_memory_seq_rm/add receives a reversed range and negative offset, causing out-of-bounds memory writes in the token evaluation loop. This deterministic memory corruption can crash the process or enable remote code execution (RCE). There is no fix at the time of publication. | ||||
| CVE-2026-22241 | 1 Openeclass | 1 Openeclass | 2026-04-18 | 7.2 High |
| The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system. The main cause of the issue is that no validation or sanitization of the file's present inside the zip archive. This leads to remote code execution on the web server. Version 4.2 patches the issue. | ||||
| CVE-2026-22244 | 1 Open-metadata | 1 Openmetadata | 2026-04-18 | 7.2 High |
| OpenMetadata is a unified metadata platform. Versions prior to 1.11.4 are vulnerable to remote code execution via Server-Side Template Injection (SSTI) in FreeMarker email templates. An attacker must have administrative privileges to exploit the vulnerability. Version 1.11.4 contains a patch. | ||||
| CVE-2026-21638 | 2 Ubiquiti, Ui | 12 Ubb, Ubb-xg, Udb-pro and 9 more | 2026-04-18 | 8.8 High |
| A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: UBB-XG (Version 1.2.2 and earlier) UDB-Pro/UDB-Pro-Sector (Version 1.4.1 and earlier) UBB (Version 3.1.5 and earlier) Mitigation: Update your UBB-XG to Version 1.2.3 or later. Update your UDB-Pro/UDB-Pro-Sector to Version 1.4.2 or later. Update your UBB to Version 3.1.7 or later. | ||||
| CVE-2026-21639 | 2 Ubiquiti, Ui | 12 Airfiber Af60, Airfiber Af60 Xg, Airmax Ac and 9 more | 2026-04-18 | 5.4 Medium |
| A malicious actor in Wi-Fi range of the affected product could leverage a vulnerability in the airMAX Wireless Protocol to achieve a remote code execution (RCE) within the affected product. Affected Products: airMAX AC (Version 8.7.20 and earlier) airMAX M (Version 6.3.22 and earlier) airFiber AF60-XG (Version 1.2.2 and earlier) airFiber AF60 (Version 2.6.7 and earlier) Mitigation: Update your airMAX AC to Version 8.7.21 or later. Update your airMAX M to Version 6.3.24 or later. Update your airFiber AF60-XG to Version 1.2.3 or later. Update your airFiber AF60 to Version 2.6.8 or later. | ||||
| CVE-2026-22789 | 1 Wem-project | 1 Wem | 2026-04-18 | 5.4 Medium |
| WebErpMesv2 is a Resource Management and Manufacturing execution system Web for industry. Prior to 1.19, WebErpMesv2 contains a file upload validation bypass vulnerability in multiple controllers that allows authenticated users to upload arbitrary files, including PHP scripts, leading to Remote Code Execution (RCE). This vulnerability is identical in nature to CVE-2025-52130 but exists in different code locations that were not addressed by the original fix. This vulnerability is fixed in 1.19. | ||||
| CVE-2026-22799 | 1 Emlog | 1 Emlog | 2026-04-18 | 8.8 High |
| Emlog is an open source website building system. emlog v2.6.1 and earlier exposes a REST API endpoint (/index.php?rest-api=upload) for media file uploads. The endpoint fails to implement proper validation of file types, extensions, and content, allowing authenticated attackers (with a valid API key or admin session cookie) to upload arbitrary files (including malicious PHP scripts) to the server. An attacker can obtain the API key either by gaining administrator access to enable the REST API setting, or via information disclosure vulnerabilities in the application. Once uploaded, the malicious PHP file can be executed to gain remote code execution (RCE) on the target server, leading to full server compromise. | ||||
| CVE-2026-22871 | 1 Datadoghq | 1 Guarddog | 2026-04-18 | 9.8 Critical |
| GuardDog is a CLI tool to identify malicious PyPI packages. Prior to 2.7.1, there is a path traversal vulnerability exists in GuardDog's safe_extract() function that allows malicious PyPI packages to write arbitrary files outside the intended extraction directory, leading to Arbitrary File Overwrite and Remote Code Execution on systems running GuardDog. This vulnerability is fixed in 2.7.1. | ||||
| CVE-2026-23733 | 1 Lobehub | 1 Lobe Chat | 2026-04-18 | 6.4 Medium |
| LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution (RCE) by leveraging the exposed `electronAPI` IPC bridge, allowing attackers to run arbitrary system commands on the victim's machine. Version 2.0.0-next.180 patches the issue. | ||||
| CVE-2026-23852 | 2 B3log, Siyuan | 2 Siyuan, Siyuan | 2026-04-18 | 9.6 Critical |
| SiYuan is a personal knowledge management system. Versions prior to 3.5.4 have a stored Cross-Site Scripting (XSS) vulnerability that allows an attacker to inject arbitrary HTML attributes into the `icon` attribute of a block via the `/api/attr/setBlockAttrs` API. The payload is later rendered in the dynamic icon feature in an unsanitized context, leading to stored XSS and, in the desktop environment, potential remote code execution (RCE). This issue bypasses the previous fix for issue `#15970` (XSS → RCE via dynamic icons). Version 3.5.4 contains an updated fix. | ||||
| CVE-2026-22793 | 2 5ire, Nanbingxyz | 2 5ire, 5ire | 2026-04-18 | 9.7 Critical |
| 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue. | ||||
| CVE-2026-23524 | 1 Laravel | 1 Reverb | 2026-04-18 | 9.8 Critical |
| Laravel Reverb provides a real-time WebSocket communication backend for Laravel applications. In versions 1.6.3 and below, Reverb passes data from the Redis channel directly into PHP’s unserialize() function without restricting which classes can be instantiated, which leaves users vulnerable to Remote Code Execution. The exploitability of this vulnerability is increased because Redis servers are commonly deployed without authentication, but only affects Laravel Reverb when horizontal scaling is enabled (REVERB_SCALING_ENABLED=true). This issue has been fixed in version 1.7.0. As a workaround, require a strong password for Redis access and ensure the service is only accessible via a private network or local loopback, and/or set REVERB_SCALING_ENABLED=false to bypass the vulnerable logic entirely (if the environment uses only one Reverb node). | ||||
| CVE-2026-23946 | 1 Tendenci | 1 Tendenci | 2026-04-18 | 6.8 Medium |
| Tendenci is an open source content management system built for non-profits, associations and cause-based sites. Versions 15.3.11 and below include a critical deserialization vulnerability in the Helpdesk module (which is not enabled by default). This vulnerability allows Remote Code Execution (RCE) by an authenticated user with staff security level due to using Python's pickle module in helpdesk /reports/. The original CVE-2020-14942 was incompletely patched. While ticket_list() was fixed to use safe JSON deserialization, the run_report() function still uses unsafe pickle.loads(). The impact is limited to the permissions of the user running the application, typically www-data, which generally lacks write (except for upload directories) and execute permissions. This issue has been fixed in version 15.3.12. | ||||
| CVE-2026-24009 | 2 Docling, Docling-project | 2 Docling-core, Docling-core | 2026-04-18 | 8.1 High |
| Docling Core (or docling-core) is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution (RCE) vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version 2.48.4, specifically only if the application uses pyyaml prior to version 5.4 and invokes `docling_core.types.doc.DoclingDocument.load_from_yaml()` passing it untrusted YAML data. The vulnerability has been patched in docling-core version 2.48.4. The fix mitigates the issue by switching `PyYAML` deserialization from `yaml.FullLoader` to `yaml.SafeLoader`, ensuring that untrusted data cannot trigger code execution. Users who cannot immediately upgrade docling-core can alternatively ensure that the installed version of PyYAML is 5.4 or greater. | ||||
| CVE-2026-0779 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-04-18 | 8.8 High |
| ALGO 8180 IP Audio Alerter Ping Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-25568. | ||||
| CVE-2026-0780 | 2 Algo, Algosolutions | 3 8180 Ip Audio Alerter, 8180 Ip Audio Alerter, 8180 Ip Audio Alerter Firmware | 2026-04-18 | 8.8 High |
| ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the web-based user interface. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-28289. | ||||