Export limit exceeded: 343272 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343272 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-25687 | 1 Wisdom | 1 Pegasus Cms | 2026-04-07 | 9.8 Critical |
| Pegasus CMS 1.0 contains a remote code execution vulnerability in the extra_fields.php plugin that allows unauthenticated attackers to execute arbitrary commands by exploiting unsafe eval functionality. Attackers can send POST requests to the submit.php endpoint with malicious PHP code in the action parameter to achieve code execution and obtain an interactive shell. | ||||
| CVE-2026-33865 | 2026-04-07 | N/A | ||
| MLflow is vulnerable to Stored Cross-Site Scripting (XSS) caused by unsafe parsing of YAML-based MLmodel artifacts in its web interface. An authenticated attacker can upload a malicious MLmodel file containing a payload that executes when another user views the artifact in the UI. This allows actions such as session hijacking or performing operations on behalf of the victim. This issue affects MLflow version through 3.10.1 | ||||
| CVE-2025-39666 | 1 Checkmk | 1 Checkmk | 2026-04-07 | N/A |
| Local privilege escalation in Checkmk 2.2.0 (EOL), Checkmk 2.3.0 before 2.3.0p46, Checkmk 2.4.0 before 2.4.0p25, and Checkmk 2.5.0 (beta) before 2.5.0b3 allows a site user to escalate their privileges to root, by manipulating files in the site context that are processed when the `omd` administrative command is run by root. | ||||
| CVE-2026-5465 | 2026-04-07 | 8.8 High | ||
| The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.1.3. This is due to the `UpdateProviderCommandHandler` failing to validate changes to the `externalId` field when a Provider (Employee) user updates their own profile. The `externalId` maps directly to a WordPress user ID and is passed to `wp_set_password()` and `wp_update_user()` without authorization checks. This makes it possible for authenticated attackers, with Provider-level (Employee) access and above, to take over any WordPress account — including Administrator — by injecting an arbitrary `externalId` value when updating their own provider profile. | ||||
| CVE-2026-33727 | 1 Pi-hole | 1 Pi-hole | 2026-04-07 | 6.4 Medium |
| Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. Version 6.4 has a local privilege-escalation vulnerability allows code execution as root from the low-privilege pihole account. Important context: the pihole account uses nologin, so this is not a direct interactive-login issue. However, nologin does not prevent code from running as UID pihole if a Pi-hole component is compromised. In that realistic post-compromise scenario, attacker-controlled content in /etc/pihole/versions is sourced by root-run Pi-hole scripts, leading to root code execution. This vulnerability is fixed in 6.4.1. | ||||
| CVE-2025-61166 | 1 Ascertia | 1 Signinghub User | 2026-04-07 | 6.1 Medium |
| An open redirect in Ascertia SigningHub User v10.0 allows attackers to redirect users to a malicious site via a crafted URL. | ||||
| CVE-2026-35166 | 1 Gohugo | 1 Hugo | 2026-04-07 | 4.6 Medium |
| Hugo is a static site generator. From 0.60.0 to before 0.159.2, links and image links in the default markdown to HTML renderer are not properly escaped. Hugo users who trust their Markdown content or have custom render hooks for links and images are not affected. This vulnerability is fixed in 0.159.2. | ||||
| CVE-2026-5668 | 1 Cyber-iii | 1 Student-management-system | 2026-04-07 | 2.4 Low |
| A flaw has been found in Cyber-III Student-Management-System up to 1a938fa61e9f735078e9b291d2e6215b4942af3f. This affects an unknown part of the file /admin/Add%20notice/add%20notice.php. This manipulation of the argument $_SERVER['PHP_SELF'] causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been published and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The project was informed of the problem early through an issue report but has not responded yet. | ||||
| CVE-2025-48651 | 1 Google | 1 Android | 2026-04-07 | N/A |
| StrongBox in Android before security patch level 2026-04-05 has a vulnerability of High Severity, aka A-434039170, A-467765081, A-467765894, and A-467762899. | ||||
| CVE-2026-0049 | 1 Google | 1 Android | 2026-04-07 | 6.2 Medium |
| In onHeaderDecoded of LocalImageResolver.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2026-21382 | 1 Qualcomm | 1 Snapdragon | 2026-04-07 | 7.8 High |
| Memory Corruption when handling power management requests with improperly sized input/output buffers. | ||||
| CVE-2026-33405 | 1 Pi-hole | 1 Web | 2026-04-07 | 3.1 Low |
| Pi-hole Admin Interface is a web interface for managing Pi-hole, a network-level ad and internet tracker blocking application. From 6.0 to before 6.5, the formatInfo() function in queries.js renders data.upstream, data.client.ip, and data.ede.text into HTML without escaping when a user expands a query row in the Query Log, enabling stored HTML injection. JavaScript execution is blocked by the server's CSP (script-src 'self'). The same fields are properly escaped in the table view (rowCallback), confirming the omission was an oversight. This vulnerability is fixed in 6.5. | ||||
| CVE-2026-35037 | 1 Lin-snow | 1 Ech0 | 2026-04-07 | 7.2 High |
| Ech0 is an open-source, self-hosted publishing platform for personal idea sharing. Prior to 4.2.8, the GET /api/website/title endpoint accepts an arbitrary URL via the website_url query parameter and makes a server-side HTTP request to it without any validation of the target host or IP address. The endpoint requires no authentication. An attacker can use this to reach internal network services, cloud metadata endpoints (169.254.169.254), and localhost-bound services, with partial response data exfiltrated via the HTML <title> tag extraction This vulnerability is fixed in 4.2.8. | ||||
| CVE-2026-35044 | 1 Bentoml | 1 Bentoml | 2026-04-07 | 8.8 High |
| BentoML is a Python library for building online serving systems optimized for AI apps and model inference. Prior to 1.4.38, the Dockerfile generation function generate_containerfile() in src/bentoml/_internal/container/generate.py uses an unsandboxed jinja2.Environment with the jinja2.ext.do extension to render user-provided dockerfile_template files. When a victim imports a malicious bento archive and runs bentoml containerize, attacker-controlled Jinja2 template code executes arbitrary Python directly on the host machine, bypassing all container isolation. This vulnerability is fixed in 1.4.38. | ||||
| CVE-2026-5692 | 1 Totolink | 2 A7100ru, A7100ru Firmware | 2026-04-07 | 7.3 High |
| A vulnerability was found in Totolink A7100RU 7.4cu.2313_b20191024. This impacts the function setGameSpeedCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument enable results in os command injection. The attack may be performed from remote. The exploit has been made public and could be used. | ||||
| CVE-2026-34903 | 2026-04-07 | 5.4 Medium | ||
| Missing Authorization vulnerability in OceanWP Ocean Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ocean Extra: from n/a through 2.5.3. | ||||
| CVE-2026-34899 | 2 Eniture Technology, Wordpress | 2 Ltl Freight Quotes – Worldwide Express Edition, Wordpress | 2026-04-07 | 5.3 Medium |
| Missing Authorization vulnerability in Eniture technology LTL Freight Quotes – Worldwide Express Edition allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LTL Freight Quotes – Worldwide Express Edition: from n/a through 5.2.1. | ||||
| CVE-2026-3177 | 2 Smub, Wordpress | 2 Charitable – Donation Plugin For Wordpress – Fundraising With Recurring Donations & More, Wordpress | 2026-04-07 | 5.3 Medium |
| The Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 1.8.9.7. This is due to missing cryptographic verification of incoming Stripe webhook events. This makes it possible for unauthenticated attackers to forge payment_intent.succeeded webhook payloads and mark pending donations as completed without a real payment. | ||||
| CVE-2026-33752 | 1 Lexiforest | 1 Curl Cffi | 2026-04-07 | 8.6 High |
| curl_cffi is the a Python binding for curl. Prior to 0.15.0, curl_cffi does not restrict requests to internal IP ranges, and follows redirects automatically via the underlying libcurl. Because of this, an attacker-controlled URL can redirect requests to internal services such as cloud metadata endpoints. In addition, curl_cffi’s TLS impersonation feature can make these requests appear as legitimate browser traffic, which may bypass certain network controls. This vulnerability is fixed in 0.15.0. | ||||
| CVE-2026-33866 | 2026-04-07 | N/A | ||
| MLflow is vulnerable to an authorization bypass affecting the AJAX endpoint used to download saved model artifacts. Due to missing access‑control validation, a user without permissions to a given experiment can directly query this endpoint and retrieve model artifacts they are not authorized to access. This issue affects MLflow version through 3.10.1 | ||||