Export limit exceeded: 345233 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345233 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-2703 | 1 Xlnt-community | 1 Xlnt | 2026-04-17 | 3.3 Low |
| A weakness has been identified in xlnt-community xlnt up to 1.6.1. Impacted is the function xlnt::detail::decode_base64 of the file source/detail/cryptography/base64.cpp of the component Encrypted XLSX File Parser. Executing a manipulation can lead to off-by-one. The attack requires local access. The exploit has been made available to the public and could be used for attacks. This patch is called f2d7bf494e5c52706843cf7eb9892821bffb0734. Applying a patch is advised to resolve this issue. | ||||
| CVE-2026-2706 | 1 Code-projects | 1 Patient Record Management System | 2026-04-17 | 6.3 Medium |
| A flaw has been found in code-projects Patient Record Management System 1.0. This affects an unknown function of the file /fecalysis_not.php. This manipulation of the argument comp_id causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2026-33783 | 2 Juniper, Juniper Networks | 9 Junos Os Evolved, Ptx10001-36mr, Ptx10002-36qdd and 6 more | 2026-04-17 | 6.5 Medium |
| A Function Call With Incorrect Argument Type vulnerability in the sensor interface of Juniper Networks Junos OS Evolved on PTX Series allows a network-based, authenticated attacker with low privileges to cause a complete Denial of Service (DoS). If colored SRTE policy tunnels are provisioned via PCEP, and gRPC is used to monitor traffic in these tunnels, evo-aftmand crashes and doesn't restart which leads to a complete and persistent service impact. The system has to be manually restarted to recover. The issue is seen only when the Originator ASN field in PCEP contains a value larger than 65,535 (32-bit ASN). The issue is not reproducible when SRTE policy tunnels are statically configured. This issue affects Junos OS Evolved on PTX Series: * all versions before 22.4R3-S9-EVO, * 23.2 versions before 23.2R2-S6-EVO, * 23.4 versions before 23.4R2-S7-EVO, * 24.2 versions before 24.2R2-S4-EVO, * 24.4 versions before 24.4R2-S2-EVO, * 25.2 versions before 25.2R1-S2-EVO, 25.2R2-EVO. | ||||
| CVE-2026-40117 | 2 Mervinpraison, Praison | 2 Praisonaiagents, Praisonaiagents | 2026-04-17 | 6.2 Medium |
| PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, read_skill_file() in skill_tools.py allows reading arbitrary files from the filesystem by accepting an unrestricted skill_path parameter. Unlike file_tools.read_file which enforces workspace boundary confinement, and unlike run_skill_script which requires critical-level approval, read_skill_file has neither protection. An agent influenced by prompt injection can exfiltrate sensitive files without triggering any approval prompt. This vulnerability is fixed in 1.5.128. | ||||
| CVE-2026-33104 | 1 Microsoft | 30 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 27 more | 2026-04-17 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33721 | 2 Mapserver, Osgeo | 2 Mapserver, Mapserver | 2026-04-17 | 5.3 Medium |
| MapServer is a system for developing web-based GIS applications. Starting in version 4.2 and prior to version 8.6.1, a heap-buffer-overflow write in MapServer’s SLD (Styled Layer Descriptor) parser lets a remote, unauthenticated attacker crash the MapServer process by sending a crafted SLD with more than 100 Threshold elements inside a ColorMap/Categorize structure (commonly reachable via WMS GetMap with SLD_BODY). Version 8.6.1 patches the issue. | ||||
| CVE-2026-2731 | 1 Dynamicweb | 1 Dynamicweb | 2026-04-17 | N/A |
| Path traversal and content injection in JobRunnerBackground.aspx in DynamicWeb 8 (all) and 9 (<9.19.7 and <9.20.3) allows unauthenticated attackers to execute code via simple web requests | ||||
| CVE-2026-26361 | 1 Dell | 2 Powermax Os, Unisphere For Powermax | 2026-04-17 | 6.5 Medium |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2026-26362 | 1 Dell | 2 Powermax Os, Unisphere For Powermax | 2026-04-17 | 8.1 High |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) a Relative Path Traversal vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to unauthorized modification of critical system files. | ||||
| CVE-2026-23543 | 2 Wordpress, Wpdeveloper | 2 Wordpress, Essential Addons For Elementor | 2026-04-17 | 5.3 Medium |
| Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-for-elementor-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Addons for Elementor: from n/a through <= 6.5.5. | ||||
| CVE-2026-23548 | 2 Designinvento, Wordpress | 2 Directorypress, Wordpress | 2026-04-17 | 5.3 Medium |
| Missing Authorization vulnerability in Designinvento DirectoryPress directorypress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through <= 3.6.25. | ||||
| CVE-2026-25305 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-17 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 8theme XStore xstore allows DOM-Based XSS.This issue affects XStore: from n/a through <= 9.6.4. | ||||
| CVE-2026-25325 | 2 Rtcamp, Wordpress | 2 Rtmedia For Wordpress, Buddypress And Bbpress, Wordpress | 2026-04-17 | 5.3 Medium |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress buddypress-media allows Retrieve Embedded Sensitive Data.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through <= 4.7.8. | ||||
| CVE-2026-25333 | 2 Peregrinethemes, Wordpress | 2 Shopwell, Wordpress | 2026-04-17 | 5.3 Medium |
| Missing Authorization vulnerability in peregrinethemes Shopwell shopwell allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shopwell: from n/a through <= 1.0.11. | ||||
| CVE-2026-25393 | 2 Sparklewpthemes, Wordpress | 2 Hello Fse, Wordpress | 2026-04-17 | 4.3 Medium |
| Missing Authorization vulnerability in sparklewpthemes Hello FSE hello-fse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hello FSE: from n/a through <= 1.0.6. | ||||
| CVE-2026-26359 | 1 Dell | 2 Powermax Os, Unisphere For Powermax | 2026-04-17 | 8.8 High |
| Dell Unisphere for PowerMax, version(s) 10.2, contain(s) an External Control of File Name or Path vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files. | ||||
| CVE-2026-2736 | 1 Alkacon | 1 Opencms | 2026-04-17 | 6.1 Medium |
| Reflected Cross-site Scripting (XSS) in Alkacon's OpenCms v18.0, which allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL containing the ‘q’ parameter in ‘/search/index.html’. This vulnerability can be exploited to steal sensitive user information such as session cookies, or to perform actions while impersonating the user. | ||||
| CVE-2026-22268 | 1 Dell | 1 Powerprotect Data Manager | 2026-04-17 | 6.3 Medium |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to denial of service of a Dell Enterprise Support connection. | ||||
| CVE-2026-22267 | 1 Dell | 1 Powerprotect Data Manager | 2026-04-17 | 8.1 High |
| Dell PowerProtect Data Manager, version(s) prior to 19.22, contain(s) an Incorrect Privilege Assignment vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Elevation of privileges. | ||||
| CVE-2026-1219 | 2 Sonaar, Wordpress | 2 Mp3 Audio Player – Music Player, Podcast Player & Radio By Sonaar, Wordpress | 2026-04-17 | 5.3 Medium |
| The MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 4.0 to 5.10 via the 'load_track_note_ajax' due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to view the contents of private posts. | ||||