Export limit exceeded: 342055 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342055 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1180 | 1 Redhat | 4 Build Keycloak, Jboss Enterprise Application Platform, Jbosseapxp and 1 more | 2026-04-02 | 5.8 Medium |
| A flaw was identified in Keycloak’s OpenID Connect Dynamic Client Registration feature when clients authenticate using private_key_jwt. The issue allows a client to specify an arbitrary jwks_uri, which Keycloak then retrieves without validating the destination. This enables attackers to coerce the Keycloak server into making HTTP requests to internal or restricted network resources. As a result, attackers can probe internal services and cloud metadata endpoints, creating an information disclosure and reconnaissance risk. | ||||
| CVE-2026-3121 | 2 Keycloak, Redhat | 8 Keycloak, Build Keycloak, Build Of Keycloak and 5 more | 2026-04-02 | 6.5 Medium |
| A flaw was found in Keycloak. An administrator with `manage-clients` permission can exploit a misconfiguration where this permission is equivalent to `manage-permissions`. This allows the administrator to escalate privileges and gain control over roles, users, or other administrative functions within the realm. This privilege escalation can occur when admin permissions are enabled at the realm level. | ||||
| CVE-2025-14777 | 1 Redhat | 1 Build Keycloak | 2026-04-02 | 6 Medium |
| A flaw was found in Keycloak. An IDOR (Broken Access Control) vulnerability exists in the admin API endpoints for authorization resource management, specifically in ResourceSetService and PermissionTicketService. The system checks authorization against the resourceServer (client) ID provided in the API request, but the backend database lookup and modification operations (findById, delete) only use the resourceId. This mismatch allows an authenticated attacker with fine-grained admin permissions for one client (e.g., Client A) to delete or update resources belonging to another client (Client B) within the same realm by supplying a valid resource ID. | ||||
| CVE-2026-5351 | 1 Trendnet | 1 Tew-657brm Firmware | 2026-04-02 | 6.3 Medium |
| A weakness has been identified in Trendnet TEW-657BRM 1.00.1. This affects the function add_wps_client of the file /setup.cgi. This manipulation of the argument wl_enrolee_pin causes os command injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks. The vendor confirms, that "[t]he product in question (...) has been discontinued and end of life since June 23, 2011, that is more than 14 years ago. We no longer provide support for this product, so we are not able to confirm the vulnerabilities. We will make an announcement on our website's product support page and notify customers who registered their products with us." This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-34235 | 1 Pjsip | 1 Pjproject | 2026-04-02 | 9.1 Critical |
| PJSIP is a free and open source multimedia communication library written in C. Prior to version 2.17, a heap out-of-bounds read vulnerability exists in PJSIP's VP9 RTP unpacketizer that occurs when parsing crafted VP9 Scalability Structure (SS) data. Insufficient bounds checking on the payload descriptor length may cause reads beyond the allocated RTP payload buffer. This issue has been patched in version 2.17. A workaround for this issue involves disabling VP9 codec if not needed. | ||||
| CVE-2026-34224 | 2 Parse Community, Parseplatform | 2 Parse Server, Parse-server | 2026-04-02 | 4.4 Medium |
| Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 8.6.64 and 9.7.0-alpha.8, an attacker who possesses a valid authentication provider token and a single MFA recovery code or SMS one-time password can create multiple authenticated sessions by sending concurrent login requests via the authData login endpoint. This defeats the single-use guarantee of MFA recovery codes and SMS one-time passwords, allowing session persistence even after the legitimate user revokes detected sessions. This issue has been patched in versions 8.6.64 and 9.7.0-alpha.8. | ||||
| CVE-2026-34220 | 1 Mikro-orm | 1 Mikro-orm | 2026-04-02 | 9.8 Critical |
| MikroORM is a TypeScript ORM for Node.js based on Data Mapper, Unit of Work and Identity Map patterns. Prior to versions 6.6.10 and 7.0.6, there is a SQL injection vulnerability when specially crafted objects are interpreted as raw SQL query fragments. This issue has been patched in versions 6.6.10 and 7.0.6. | ||||
| CVE-2026-34218 | 1 Craigjbass | 1 Clearancekit | 2026-04-02 | 5.5 Medium |
| ClearanceKit intercepts file-system access events on macOS and enforces per-process access policies. Prior to version 4.2.14, two related startup defects created a window during which only the single compile-time baseline rule was enforced by opfilter. All managed (MDM-delivered) and user-defined file-access rules were not applied until the user interacted with policies through the GUI, triggering a policy mutation over XPC. This issue has been patched in version 4.2.14. | ||||
| CVE-2026-21725 | 1 Grafana | 1 Grafana | 2026-04-02 | 2.6 Low |
| A time-of-create-to-time-of-use (TOCTOU) vulnerability lets recently deleted-then-recreated data sources be re-deleted without permission to do so. This requires several very stringent conditions to be met: - The attacker must have admin access to the specific datasource prior to its first deletion. - Upon deletion, all steps within the attack must happen within the next 30 seconds and on the same pod of Grafana. - The attacker must delete the datasource, then someone must recreate it. - The new datasource must not have the attacker as an admin. - The new datasource must have the same UID as the prior datasource. These are randomised by default. - The datasource can now be re-deleted by the attacker. - Once 30 seconds are up, the attack is spent and cannot be repeated. - No datasource with any other UID can be attacked. | ||||
| CVE-2026-21724 | 1 Grafana | 1 Grafana | 2026-04-02 | 5.4 Medium |
| A vulnerability has been discovered in Grafana OSS where an authorization bypass in the provisioning contact points API allows users with Editor role to modify protected webhook URLs without the required alert.notifications.receivers.protected:write permission. | ||||
| CVE-2026-27879 | 1 Grafana | 1 Grafana | 2026-04-02 | 6.5 Medium |
| A resample query can be used to trigger out-of-memory crashes in Grafana. | ||||
| CVE-2026-28377 | 1 Grafana | 1 Tempo | 2026-04-02 | 7.5 High |
| A vulnerability in Grafana Tempo exposes the S3 SSE-C encryption key in plaintext through the /status/config endpoint, potentially allowing unauthorized users to obtain the key used to encrypt trace data stored in S3. Thanks to william_goodfellow for reporting this vulnerability. | ||||
| CVE-2026-21721 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-04-02 | 8.1 High |
| The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions:* action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege escalation. | ||||
| CVE-2026-27877 | 1 Grafana | 1 Grafana | 2026-04-02 | 6.5 Medium |
| When using public dashboards and direct data-sources, all direct data-sources' passwords are exposed despite not being used in dashboards. No passwords of proxied data-sources are exposed. We encourage all direct data-sources to be converted to proxied data-sources as far as possible to improve your deployments' security. | ||||
| CVE-2026-27880 | 1 Grafana | 1 Grafana | 2026-04-02 | 7.5 High |
| The OpenFeature feature toggle evaluation endpoint reads unbounded values into memory, which can cause out-of-memory crashes. | ||||
| CVE-2026-33375 | 1 Grafana | 1 Grafana | 2026-04-02 | 6.5 Medium |
| The Grafana MSSQL data source plugin contains a logic flaw that allows a low-privileged user (Viewer) to bypass API restrictions and trigger a catastrophic Out-Of-Memory (OOM) memory exhaustion, crashing the host container. | ||||
| CVE-2026-21720 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-04-02 | 7.5 High |
| Every uncached /avatar/:hash request spawns a goroutine that refreshes the Gravatar image. If the refresh sits in the 10-slot worker queue longer than three seconds, the handler times out and stops listening for the result, so that goroutine blocks forever trying to send on an unbuffered channel. Sustained traffic with random hashes keeps tripping this timeout, so goroutine count grows linearly, eventually exhausting memory and causing Grafana to crash on some systems. | ||||
| CVE-2026-21722 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-04-02 | 5.3 Medium |
| Public dashboards with annotations enabled did not limit their annotation timerange to the locked timerange of the public dashboard. This means one could read the entire history of annotations visible on the specific dashboard, even those outside the locked timerange. This did not leak any annotations that would not otherwise be visible on the public dashboard. | ||||
| CVE-2026-28375 | 1 Grafana | 1 Grafana | 2026-04-02 | 6.5 Medium |
| A testdata data-source can be used to trigger out-of-memory crashes in Grafana. | ||||
| CVE-2025-41117 | 1 Grafana | 2 Grafana, Grafana Enterprise | 2026-04-02 | 6.8 Medium |
| Stack traces in Grafana's Explore Traces view can be rendered as raw HTML, and thus inject malicious JavaScript in the browser. This would require malicious JavaScript to be entered into the stack trace field. Only datasources with the Jaeger HTTP API appear to be affected; Jaeger gRPC and Tempo do not appear affected whatsoever. | ||||