Export limit exceeded: 347351 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347351 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33999 | 1 Redhat | 1 Enterprise Linux | 2026-04-29 | 7.8 High |
| A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts. | ||||
| CVE-2026-5367 | 1 Redhat | 4 Enterprise Linux, Fast Datapath, Openshift and 1 more | 2026-04-29 | 8.6 High |
| A flaw was found in OVN (Open Virtual Network). A remote attacker, by sending crafted DHCPv6 (Dynamic Host Configuration Protocol for IPv6) SOLICIT packets with an inflated Client ID length, could cause the ovn-controller to read beyond the bounds of a packet. This out-of-bounds read can lead to the disclosure of sensitive information stored in heap memory, which is then returned to the attacker's virtual machine port. | ||||
| CVE-2026-31847 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 8.8 High |
| Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can activate a Telnet service on port 23. This exposes a privileged diagnostic interface that is not intended for external access and can be used to interact with the underlying system. | ||||
| CVE-2026-31848 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 9.8 Critical |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 uses the ecos_pw cookie for authentication, which contains Base64-encoded credential data combined with a static suffix. Because the encoding is reversible and lacks integrity protection, an attacker can reconstruct or forge a valid cookie value without proper authentication. This allows unauthorized administrative access to protected endpoints. | ||||
| CVE-2026-7099 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A vulnerability was detected in Tenda F456 1.0.0.5. The affected element is the function formQuickIndex of the file /goform/QuickIndex of the component httpd. Performing a manipulation of the argument mit_linktype results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-31849 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 6.5 Medium |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement CSRF protections on state-changing endpoints such as /goform/setSysTools and other administrative interfaces. As a result, an attacker can craft malicious web requests that are executed in the context of an authenticated administrator’s browser, leading to unauthorized configuration changes, including enabling services or modifying system settings. | ||||
| CVE-2026-7100 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A flaw has been found in Tenda F456 1.0.0.5. The impacted element is the function fromNatlimitof of the file /goform/Natlimit of the component httpd. Executing a manipulation can lead to buffer overflow. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-7101 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 8.8 High |
| A vulnerability has been found in Tenda F456 1.0.0.5. This affects the function fromWrlclientSet of the file /goform/WrlclientSet of the component httpd. The manipulation leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7102 | 1 Tenda | 2 F456, F456 Firmware | 2026-04-29 | 6.3 Medium |
| A vulnerability was found in Tenda F456 1.0.0.5. This impacts the function FromWriteFacMac of the file /goform/WriteFacMac of the component httpd. The manipulation of the argument mac results in command injection. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-31850 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 4.9 Medium |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 stores sensitive information, including administrative credentials and WiFi pre-shared keys, in plaintext within exported configuration backup files. These backup files can be obtained through legitimate functionality or other weaknesses and do not apply encryption or hashing, allowing attackers to directly extract sensitive information. | ||||
| CVE-2026-31851 | 1 Nexxtsolutions | 3 Nebula300+, Nebula300plus, Nebula300plus Firmware | 2026-04-29 | 9.8 Critical |
| Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 does not implement rate limiting or account lockout mechanisms on authentication interfaces. An attacker can perform unlimited authentication attempts against endpoints that rely on credential validation, enabling brute-force attacks to guess administrative credentials without restriction. | ||||
| CVE-2026-5937 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Insufficient parameter verification leads to the occurrence of format errors in files, which will trigger an unhandled "std::invalid_argument" exception, ultimately causing the program to terminate. | ||||
| CVE-2026-1281 | 1 Ivanti | 1 Endpoint Manager Mobile | 2026-04-29 | 9.8 Critical |
| A code injection in Ivanti Endpoint Manager Mobile allowing attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2025-56534 | 1 Opennebula | 1 Opennebula | 2026-04-29 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the custom authenticator driver of opennebula v6.10.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2026-5938 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| Improper control flow management allows a crafted document action chain to cause modal dialog reentry on the main thread, resulting in UI freeze and denial of service. | ||||
| CVE-2026-3503 | 1 Wolfssl | 2 Wolfcrypt, Wolfssl | 2026-04-29 | 5.2 Medium |
| Protection mechanism failure in wolfCrypt post-quantum implementations (ML-KEM and ML-DSA) in wolfSSL on ARM Cortex-M microcontrollers allows a physical attacker to compromise key material and/or cryptographic outcomes via induced transient faults that corrupt or redirect seed/pointer values during Keccak-based expansion. This issue affects wolfSSL (wolfCrypt): commit hash d86575c766e6e67ef93545fa69c04d6eb49400c6. | ||||
| CVE-2026-5939 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 5.5 Medium |
| A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution. | ||||
| CVE-2026-4159 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 3.3 Low |
| 1-byte OOB heap read in wc_PKCS7_DecodeEnvelopedData via zero-length encrypted content. A vulnerability existed in wolfSSL 5.8.4 and earlier, where a 1-byte out-of-bounds heap read in wc_PKCS7_DecodeEnvelopedData could be triggered by a crafted CMS EnvelopedData message with zero-length encrypted content. Note that PKCS7 support is disabled by default. | ||||
| CVE-2026-5940 | 2 Foxit, Foxitsoftware | 4 Pdf Editor, Pdf Reader, Foxit Pdf Editor and 1 more | 2026-04-29 | 7.8 High |
| Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes. | ||||
| CVE-2026-5446 | 1 Wolfssl | 1 Wolfssl | 2026-04-29 | 7.1 High |
| In wolfSSL, ARIA-GCM cipher suites used in TLS 1.2 and DTLS 1.2 reuse an identical 12-byte GCM nonce for every application-data record. Because wc_AriaEncrypt is stateless and passes the caller-supplied IV verbatim to the MagicCrypto SDK with no internal counter, and because the explicit IV is zero-initialized at session setup and never incremented in non-FIPS builds. This vulnerability affects wolfSSL builds configured with --enable-aria and the proprietary MagicCrypto SDK (a non-default, opt-in configuration required for Korean regulatory deployments). AES-GCM is not affected because wc_AesGcmEncrypt_ex maintains an internal invocation counter independently of the call-site guard. | ||||