Export limit exceeded: 346944 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346944 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7128 | 1 Sourcecodester | 1 Pharmacy Sales And Inventory System | 2026-04-28 | 7.3 High |
| A security vulnerability has been detected in SourceCodester Pharmacy Sales and Inventory System 1.0. This issue affects some unknown processing of the file /ajax.php?action=save_type. Such manipulation of the argument ID leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2026-6357 | 1 Pypa | 1 Pip | 2026-04-28 | N/A |
| pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run before wheels are installed to prevent newly-installed modules from being imported shortly after the installation of a wheel package. Users should still review package contents prior to installation. | ||||
| CVE-2026-40514 | 1 Smartertools | 1 Smartermail | 2026-04-28 | 5.9 Medium |
| SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content. | ||||
| CVE-2026-41467 | 1 Projeqtor | 1 Projeqtor | 2026-04-28 | 5.4 Medium |
| ProjeQtor versions 7.0 through 12.4.3 contain a stored cross-site scripting vulnerability in the file upload functionality where the checkValidFileName() function fails to restrict HTML and HTM file uploads. Authenticated attackers can upload HTML files containing arbitrary JavaScript through the image upload or attachment endpoints, and any user accessing the uploaded file URL will execute the embedded JavaScript in their browser. | ||||
| CVE-2026-7143 | 1 1000projects | 1 Portfolio Management System Mca | 2026-04-28 | 6.3 Medium |
| A vulnerability was identified in 1000 Projects Portfolio Management System MCA up to 1.0. This affects an unknown function of the file /admin/block_status.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2026-7146 | 1 Alejandroarciniegas | 1 Mcp-data-vis | 2026-04-28 | 7.3 High |
| A security vulnerability has been detected in AlejandroArciniegas mcp-data-vis up to de5a51525a69822290eaee569a1ab447b490746d. Affected by this vulnerability is the function axios of the file src/servers/web-scraper/server.js of the component HTTP Request Handler. Such manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2026-7148 | 1 Codeastro | 1 Online Classroom | 2026-04-28 | 6.3 Medium |
| A flaw has been found in CodeAstro Online Classroom 1.0. This affects an unknown part of the file /addnewfaculty. Executing a manipulation of the argument fname can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used. | ||||
| CVE-2025-24185 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. Parsing a maliciously crafted file may lead to an unexpected app termination. | ||||
| CVE-2025-24148 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved handling of executable types. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. A malicious JAR file may bypass Gatekeeper checks. | ||||
| CVE-2025-24277 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to gain root privileges. | ||||
| CVE-2025-30465 | 1 Apple | 2 Ipados, Macos | 2026-04-28 | 9.8 Critical |
| A permissions issue was addressed with improved validation. This issue is fixed in iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sequoia 15.7.2, macOS Sonoma 14.7.5, macOS Sonoma 14.8.2, macOS Tahoe 26.1, macOS Ventura 13.7.5. A shortcut may be able to access files that are normally inaccessible to the Shortcuts app. | ||||
| CVE-2025-24164 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24282 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A library injection issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-31184 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 7.8 High |
| This issue was addressed with improved permissions checking. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4. An app may gain unauthorized access to Local Network. | ||||
| CVE-2025-30428 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-28 | 5.4 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6. Photos in the Hidden Photos Album may be viewed without authentication. | ||||
| CVE-2025-24191 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.4. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24095 | 1 Apple | 3 Ipados, Iphone Os, Visionos | 2026-04-28 | 7.6 High |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, visionOS 2.4. An app may be able to bypass Privacy preferences. | ||||
| CVE-2025-24241 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to trick a user into copying sensitive data to the pasteboard. | ||||
| CVE-2025-30464 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2025-24173 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 7.8 High |
| This issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. An app may be able to break out of its sandbox. | ||||