Export limit exceeded: 346718 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346718 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-7083 | 2 Email Encoder, Wordpress | 2 Email Encoder, Wordpress | 2026-04-20 | 3.5 Low |
| The Email Encoder WordPress plugin before 2.3.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2026-40434 | 1 Anviz | 1 Anviz Crosschex Standard | 2026-04-20 | 8.1 High |
| Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | ||||
| CVE-2026-39454 | 1 Skygroup | 2 Skymec It Manager, Skysea Client View | 2026-04-20 | N/A |
| SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result, arbitrary code may be executed with the administrative privilege. | ||||
| CVE-2026-32324 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 7.7 High |
| Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale. | ||||
| CVE-2026-32650 | 1 Anviz | 1 Anviz Crosschex Standard | 2026-04-20 | 7.5 High |
| Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. | ||||
| CVE-2026-29013 | 1 Libcoap | 1 Libcoap | 2026-04-20 | N/A |
| libcoap contains out-of-bounds read vulnerabilities in OSCORE Appendix B.2 CBOR unwrap handling where get_byte_inc() in src/oscore/oscore_cbor.c relies solely on assert() for bounds checking, which is removed in release builds compiled with NDEBUG. Attackers can send crafted CoAP requests with malformed OSCORE options or responses during OSCORE negotiation to trigger out-of-bounds reads during CBOR parsing and potentially cause heap buffer overflow writes through integer wraparound in allocation size computation. | ||||
| CVE-2026-35061 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 5.3 Medium |
| Anviz CX7 Firmware is vulnerable to the most recently captured test photo that can be retrieved without authentication, revealing sensitive operational imagery. | ||||
| CVE-2026-35682 | 1 Anviz | 1 Anviz Cx2 Lite Firmware | 2026-04-20 | 8.8 High |
| Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | ||||
| CVE-2026-40527 | 1 Radare | 1 Radare2 | 2026-04-20 | 7.8 High |
| radare2 prior to commit bc5a890 contains a command injection vulnerability in the afsv/afsvj command path where crafted ELF binaries can embed malicious r2 command sequences as DWARF DW_TAG_formal_parameter names. Attackers can craft a binary with shell commands in DWARF parameter names that execute when radare2 analyzes the binary with aaa and subsequently runs afsvj, allowing arbitrary shell command execution through the unsanitized parameter interpolation in the pfq command string. | ||||
| CVE-2026-5720 | 1 Miniupnp Project | 1 Miniupnpd | 2026-04-20 | N/A |
| miniupnpd contains an integer underflow vulnerability in SOAPAction header parsing that allows remote attackers to cause a denial of service or information disclosure by sending a malformed SOAPAction header with a single quote. Attackers can trigger an out-of-bounds memory read by exploiting improper length validation in ParseHttpHeaders(), where the parsed length underflows to a large unsigned value when passed to memchr(), causing the process to scan memory far beyond the allocated HTTP request buffer. | ||||
| CVE-2026-6437 | 1 Amazon | 1 Aws Efs Csi Driver | 2026-04-20 | 6.5 Medium |
| Improper neutralization of argument delimiters in the volume handling component in AWS EFS CSI Driver (aws-efs-csi-driver) before v3.0.1 allows remote authenticated users with PersistentVolume creation permissions to inject arbitrary mount options via comma injection. To remediate this issue, users should upgrade to version v3.0.1 | ||||
| CVE-2026-31927 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 4.9 Medium |
| Anviz CX7 Firmware is vulnerable to an authenticated CSV upload which allows path traversal to overwrite arbitrary files (e.g., /etc/shadow), enabling unauthorized SSH access when combined with debug‑setting changes | ||||
| CVE-2026-35546 | 1 Anviz | 2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware | 2026-04-20 | 9.8 Critical |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated firmware uploads. This causes crafted archives to be accepted, enabling attackers to plant and execute code and obtain a reverse shell. | ||||
| CVE-2026-40066 | 1 Anviz | 2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware | 2026-04-20 | 8.8 High |
| Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | ||||
| CVE-2026-40461 | 1 Anviz | 2 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware | 2026-04-20 | 7.5 High |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise. | ||||
| CVE-2026-41253 | 1 Iterm2 | 1 Iterm2 | 2026-04-20 | 6.9 Medium |
| In iTerm2 through 3.6.9, displaying a .txt file can cause code execution via DCS 2000p and OSC 135 data, if the working directory contains a malicious file whose name is valid output from the conductor encoding path, such as a pathname with an initial ace/c+ substring, aka "hypothetical in-band signaling abuse." This occurs because iTerm2 accepts the SSH conductor protocol from terminal output that does not originate from a legitimate conductor session. | ||||
| CVE-2026-5964 | 1 Digiwin | 1 Easyflow .net | 2026-04-20 | 9.8 Critical |
| EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2026-33093 | 1 Anviz | 1 Anviz Cx7 Firmware | 2026-04-20 | 5.3 Medium |
| Anviz CX7 Firmware is vulnerable to an unauthenticated POST to the device that captures a photo with the front facing camera, exposing visual information about the deployment environment. | ||||
| CVE-2026-40479 | 1 Kimai | 1 Kimai | 2026-04-20 | 5.4 Medium |
| Kimai is an open-source time tracking application. In versions 1.16.3 through 2.52.0, the escapeForHtml() function in KimaiEscape.js does not escape double quote or single quote characters. When a user's profile alias is inserted into an HTML attribute context via the team member form prototype and rendered through innerHTML, this incomplete escaping allows HTML attribute injection. An authenticated user with ROLE_USER privileges can store a malicious alias that executes JavaScript in the browser of any administrator viewing the team form, resulting in stored XSS with privilege escalation. This issue has been fixed in version 2.53.0. | ||||
| CVE-2026-40346 | 1 Nocobase | 1 Nocobase | 2026-04-20 | N/A |
| NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.37, NocoBase's workflow HTTP request plugin and custom request action plugin make server-side HTTP requests to user-provided URLs without any SSRF protection. An authenticated user can access internal network services, cloud metadata endpoints, and localhost. Version 2.0.37 contains a patch. | ||||