Export limit exceeded: 346236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346236 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-25775 | 2026-04-24 | 9.8 Critical | ||
| A vulnerability in SenseLive X3050’s remote management service allows firmware retrieval and update operations to be performed without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, integrity of uploaded images, or the authenticity of provided firmware. | ||||
| CVE-2026-25720 | 2026-04-24 | 5.4 Medium | ||
| A vulnerability exists in SenseLive X3050’s web management interface due to improper session lifetime enforcement, allowing authenticated sessions to remain active for extended periods without requiring re-authentication. An attacker with access to a previously authenticated session could continue interacting with administrative functions long after legitimate user activity has ceased. | ||||
| CVE-2026-1789 | 2026-04-24 | 4.9 Medium | ||
| A vulnerability in the browser-based remote management interface may allow an administrator to access sensitive information on the device via crafted requests, affecting certain production printers and office/small office multifunction printers. | ||||
| CVE-2025-24934 | 1 Freebsd | 1 Freebsd | 2026-04-24 | 5.4 Medium |
| Software which sets SO_REUSEPORT_LB on a socket and then connects it to a host will not directly observe any problems. However, due to its membership in a load-balancing group, that socket will receive packets originating from any host. This breaks the contract of the connect(2) and implied connect via sendto(2), and may leave the application vulnerable to spoofing attacks. The kernel failed to check the connection state of sockets when adding them to load-balancing groups. Furthermore, when looking up the destination socket for an incoming packet, the kernel will match a socket belonging to a load-balancing group even if it is connected, in violation of the contract that connected sockets are only supposed to receive packets originating from the connected host. | ||||
| CVE-2026-6732 | 1 Redhat | 3 Enterprise Linux, Jboss Core Services, Openshift | 2026-04-23 | 6.5 Medium |
| A flaw was found in libxml2. This vulnerability occurs when the library processes a specially crafted XML Schema Definition (XSD) validated document that includes an internal entity reference. An attacker could exploit this by providing a malicious document, leading to a type confusion error that causes the application to crash. This results in a denial of service (DoS), making the affected system or application unavailable. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2026-04-23 | 6.6 Medium |
| A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | ||||
| CVE-2026-2708 | 2 Libsoup, Redhat | 2 Libsoup, Enterprise Linux | 2026-04-23 | 3.7 Low |
| A request smuggling vulnerability exists in libsoup's HTTP/1 header parsing logic. The soup_message_headers_append_common() function in libsoup/soup-message-headers.c unconditionally appends each header value without validating for duplicate or conflicting Content-Length fields. This allows an attacker to send HTTP requests containing multiple Content-Length headers with differing values. | ||||
| CVE-2026-24303 | 1 Microsoft | 1 Partner Center | 2026-04-23 | 9.6 Critical |
| Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26150 | 1 Microsoft | 1 Office Purview Ediscovery | 2026-04-23 | 8.6 High |
| Server-side request forgery (ssrf) in Microsoft Purview allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-26171 | 1 Microsoft | 2 .net, Powershell | 2026-04-23 | 7.5 High |
| Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-27930 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 5.5 Medium |
| Out-of-bounds read in Windows GDI allows an unauthorized attacker to disclose information locally. | ||||
| CVE-2026-27928 | 1 Microsoft | 10 Windows Server 2016, Windows Server 2016 (server Core Installation), Windows Server 2019 and 7 more | 2026-04-23 | 8.7 High |
| Improper input validation in Windows Hello allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-27925 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 6.5 Medium |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an unauthorized attacker to disclose information over an adjacent network. | ||||
| CVE-2026-27923 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 7.8 High |
| Use after free in Desktop Window Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27922 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27920 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 7.8 High |
| Untrusted pointer dereference in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27916 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 7.8 High |
| Use after free in Windows Universal Plug and Play (UPnP) Device Host allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27914 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-23 | 7.8 High |
| Improper access control in Microsoft Management Console allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-27913 | 1 Microsoft | 13 Windows Server 2012, Windows Server 2012 (server Core Installation), Windows Server 2012 R2 and 10 more | 2026-04-23 | 7.7 High |
| Improper input validation in Windows BitLocker allows an unauthorized attacker to bypass a security feature locally. | ||||