Export limit exceeded: 345240 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-29955 | 1 Cloudark | 1 Kubeplus | 2026-04-17 | 8.8 High |
| The `/registercrd` endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses `subprocess.Popen()` with `shell=True` parameter to execute shell commands, and the user-supplied `chartName` parameter is directly concatenated into the command string without any sanitization or validation. An attacker can inject arbitrary shell commands by crafting a malicious `chartName` parameter value. | ||||
| CVE-2026-30812 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-17 | N/A |
| Improper Neutralization of Input During Web Page Generation vulnerability allows Stored Cross-Site Scripting via event comments. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-32316 | 1 Jqlang | 1 Jq | 2026-04-17 | 8.2 High |
| jq is a command-line JSON processor. An integer overflow vulnerability exists through version 1.8.1 within the jvp_string_append() and jvp_string_copy_replace_bad functions, where concatenating strings with a combined length exceeding 2^31 bytes causes a 32-bit unsigned integer overflow in the buffer allocation size calculation, resulting in a drastically undersized heap buffer. Subsequent memory copy operations then write the full string data into this undersized buffer, causing a heap buffer overflow classified as CWE-190 (Integer Overflow) leading to CWE-122 (Heap-based Buffer Overflow). Any system evaluating untrusted jq queries is affected, as an attacker can crash the process or potentially achieve further exploitation through heap corruption by crafting queries that produce extremely large strings. The root cause is the absence of string size bounds checking, unlike arrays and objects which already have size limits. The issue has been addressed in commit e47e56d226519635768e6aab2f38f0ab037c09e5. | ||||
| CVE-2026-32605 | 1 Nimiq | 1 Core-rs-albatross | 2026-04-17 | 7.5 High |
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an untrusted peer could crash a validator by publishing a signed tendermint proposal message where signer == validators.num_validators(). ProposalSender::send uses > instead of >= for the signer bounds check, so the equality case passes and reaches validators.get_validator_by_slot_band(signer), which panics with an out-of-bounds index before any signature verification runs. This issue has been fixed in version 1.3.0. | ||||
| CVE-2026-33534 | 1 Espocrm | 1 Espocrm | 2026-04-17 | 4.3 Medium |
| EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have an authenticated Server-Side Request Forgery (SSRF) vulnerability that allows bypassing the internal-host validation logic by using alternative IPv4 representations such as octal notation (e.g., 0177.0.0.1 instead of 127.0.0.1). This is caused by HostCheck::isNotInternalHost() function relying on PHP's filter_var(..., FILTER_VALIDATE_IP), which does not recognize alternative IP formats, causing the validation to fall through to a DNS lookup that returns no records and incorrectly treats the host as safe, however the cURL subsequently normalizes the address and connects to the loopback destination. Through the confirmed /api/v1/Attachment/fromImageUrl endpoint, an authenticated user can force the server to make requests to loopback-only services and store the fetched response as an attachment. This vulnerability is distinct from CVE-2023-46736 (which involved redirect-based SSRF) and may allow access to internal resources reachable from the application runtime. This issue has been fixed in version 9.3.4. | ||||
| CVE-2026-33657 | 1 Espocrm | 1 Espocrm | 2026-04-17 | 4.6 Medium |
| EspoCRM is an open source customer relationship management application. Versions 9.3.3 and below have a stored HTML injection vulnerability that allows any authenticated user with standard (non-administrative) privileges to inject arbitrary HTML into system-generated email notifications by crafting malicious content in the post field of stream activity notes. The vulnerability exists because server-side Handlebars templates render the post field using unescaped triple-brace syntax, the Markdown processor preserves inline HTML by default, and the rendering pipeline explicitly skips sanitization for fields present in additionalData, creating a path where attacker-controlled HTML is accepted, stored, and rendered directly into emails without any escaping. Since the emails are sent using the system's configured SMTP identity (such as an administrative sender address), the injected content appears fully trusted to recipients, enabling phishing attacks, user tracking via embedded resources like image beacons, and UI manipulation within email content. The @mention feature further increases the impact by allowing targeted delivery of malicious emails to specific users. This issue has been fixed in version 9.3.4. | ||||
| CVE-2026-34186 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-17 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via custom fields. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-38529 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 8.8 High |
| A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request. | ||||
| CVE-2026-38532 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 8.1 High |
| A Broken Object-Level Authorization (BOLA) in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request. | ||||
| CVE-2026-39907 | 1 Unisys | 1 Webperfect Image Suite | 2026-04-17 | N/A |
| Unisys WebPerfect Image Suite versions 3.0.3960.22810 and 3.0.3960.22604 expose an unauthenticated WCF SOAP endpoint on TCP port 1208 that accepts unsanitized file paths in the ReadLicense action's LFName parameter, allowing remote attackers to trigger SMB connections and leak NTLMv2 machine-account hashes. Attackers can submit crafted SOAP requests with UNC paths to force the server to initiate outbound SMB connections, exposing authentication credentials that may be relayed for privilege escalation or lateral movement within the network. | ||||
| CVE-2026-34213 | 1 Docmost | 1 Docmost | 2026-04-17 | 5.4 Medium |
| Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim `attachmentId` to `POST /api/files/upload`. This is a remote integrity issue requiring no victim interaction. Version 0.71.0 contains a patch. | ||||
| CVE-2025-66769 | 1 Gonitro | 1 Nitro Pdf Pro | 2026-04-17 | 7.5 High |
| A NULL pointer dereference in Nitro PDF Pro for Windows v14.41.1.4 allows attackers to cause a Denial of Service (DoS) via a crafted XFA packet. | ||||
| CVE-2026-30809 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-17 | N/A |
| Improper Neutralization of Special Elements used in an OS Command vulnerability allows OS Command Injection via WebServerModuleDebug. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-30813 | 1 Pandora Fms | 1 Pandora Fms | 2026-04-17 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command vulnerability allows SQL Injection via module search. This issue affects Pandora FMS: from 777 through 800 | ||||
| CVE-2026-33555 | 1 Haproxy | 1 Haproxy | 2026-04-17 | 4 Medium |
| An issue was discovered in HAProxy before 3.3.6. The HTTP/3 parser does not check that the received body length matches a previously announced content-length when the stream is closed via a frame with an empty payload. This can cause desynchronization issues with the backend server and could be used for request smuggling. The earliest affected version is 2.6. | ||||
| CVE-2026-30999 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-17 | 7.5 High |
| A heap buffer overflow in the av_bprint_finalize() function of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2026-40719 | 1 Maradns | 1 Maradns | 2026-04-17 | 7.5 High |
| Deadwood in MaraDNS 3.5.0036 allows attackers to exhaust connection slots via a zone whose authoritative nameserver address cannot be resolved. | ||||
| CVE-2026-23891 | 1 Decidim | 1 Decidim | 2026-04-17 | N/A |
| Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting in high confidentiality and integrity impact across security boundaries. This issue has been fixed in versions 0.30.5 and 0.31.1. | ||||
| CVE-2026-0207 | 1 Purestorage | 1 Flashblade | 2026-04-17 | N/A |
| A vulnerability exists in FlashBlade whereby sensitive information may be logged under specific conditions. | ||||
| CVE-2026-40091 | 1 Authzed | 1 Spicedb | 2026-04-17 | 6 Medium |
| SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions 1.49.0 through 1.51.0, when SpiceDB starts with log level info, the startup "configuration" log will include the full datastore DSN, including the plaintext password, inside DatastoreConfig.URI. This issue has been fixed in version 1.51.1. If users are unable to immediately upgrade, they can work around this issue by changing the log level to warn or error. | ||||