Export limit exceeded: 340979 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 340979 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (340979 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-28503 | 1 Tandoorrecipes | 1 Recipes | 2026-03-27 | N/A |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. In versions prior to 2.6.0, the `SyncViewSet.query_synced_folder()` action in `cookbook/views/api.py` (line 903) fetches a Sync object using `get_object_or_404(Sync, pk=pk)` without including `space=request.space` in the filter. This allows an admin user in Space A to trigger sync operations (Dropbox/Nextcloud/Local import) on Sync configurations belonging to Space B, and view the resulting sync logs. Version 2.6.0 patches the issue. | ||||
| CVE-2026-4923 | 1 Path-to-regexp | 1 Path-to-regexp | 2026-03-27 | 5.9 Medium |
| Impact: When using multiple wildcards, combined with at least one parameter, a regular expression can be generated that is vulnerable to ReDoS. This backtracking vulnerability requires the second wildcard to be somewhere other than the end of the path. Unsafe examples: /*foo-*bar-:baz /*a-:b-*c-:d /x/*a-:b/*c/y Safe examples: /*foo-:bar /*foo-:bar-*baz Patches: Upgrade to version 8.4.0. Workarounds: If you are using multiple wildcard parameters, you can check the regex output with a tool such as https://makenowjust-labs.github.io/recheck/playground/ to confirm whether a path is vulnerable. | ||||
| CVE-2026-3190 | 2 Keycloak, Redhat | 2 Keycloak, Build Keycloak | 2026-03-27 | 4.3 Medium |
| A flaw was found in Keycloak. The User-Managed Access (UMA) 2.0 Protection API endpoint for permission tickets fails to enforce the `uma_protection` role check. This allows any authenticated user with a token issued for a resource server client, even without the `uma_protection` role, to enumerate all permission tickets in the system. This vulnerability partial leads to information disclosure. | ||||
| CVE-2026-33536 | 1 Imagemagick | 1 Imagemagick | 2026-03-27 | 5.1 Medium |
| ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to 7.1.2-18 and 6.9.13-43, due to an incorrect return value on certain platforms a pointer is incremented past the end of a buffer that is on the stack and that could result in an out of bounds write. Versions 7.1.2-18 and 6.9.13-43 patch the issue. | ||||
| CVE-2026-3203 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||||
| CVE-2026-3202 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 4.7 Medium |
| NTS-KE protocol dissector crash in Wireshark 4.6.0 to 4.6.3 allows denial of service | ||||
| CVE-2026-3201 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 4.7 Medium |
| USB HID protocol dissector memory exhaustion in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denial of service | ||||
| CVE-2026-0962 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.3 Medium |
| SOME/IP-SD protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service | ||||
| CVE-2026-0961 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| BLF file parser crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service | ||||
| CVE-2026-0960 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 4.7 Medium |
| HTTP3 protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.2 allows denial of service | ||||
| CVE-2026-0959 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.3 Medium |
| IEEE 802.11 protocol dissector crash in Wireshark 4.6.0 to 4.6.2 and 4.4.0 to 4.4.12 allows denial of service | ||||
| CVE-2025-9817 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| SSH dissector crash in Wireshark 4.4.0 to 4.4.8 allows denial of service | ||||
| CVE-2025-5601 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| Column handling crashes in Wireshark 4.4.0 to 4.4.6 and 4.2.0 to 4.2.12 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2025-1492 | 2 Redhat, Wireshark | 2 Enterprise Linux, Wireshark | 2026-03-27 | 7.8 High |
| Bundle Protocol and CBOR dissector crashes in Wireshark 4.4.0 to 4.4.3 and 4.2.0 to 4.2.10 allows denial of service via packet injection or crafted capture file | ||||
| CVE-2025-13946 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| MEGACO dissector infinite loop in Wireshark 4.6.0 to 4.6.1 and 4.4.0 to 4.4.11 allows denial of service | ||||
| CVE-2025-13945 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| HTTP3 dissector crash in Wireshark 4.6.0 and 4.6.1 allows denial of service | ||||
| CVE-2025-13674 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| BPv7 dissector crash in Wireshark 4.6.0 allows denial of service | ||||
| CVE-2025-13499 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| Kafka dissector crash in Wireshark 4.6.0 and 4.4.0 to 4.4.10 allows denial of service | ||||
| CVE-2025-11626 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 5.5 Medium |
| MONGO dissector infinite loop in Wireshark 4.4.0 to 4.4.9 and 4.2.0 to 4.2.13 allows denial of service | ||||
| CVE-2024-9781 | 1 Wireshark | 1 Wireshark | 2026-03-27 | 7.8 High |
| AppleTalk and RELOAD Framing dissector crash in Wireshark 4.4.0 and 4.2.0 to 4.2.7 allows denial of service via packet injection or crafted capture file | ||||