Export limit exceeded: 345223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345223 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345223 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-32280 | 2 Go Standard Library, Golang | 2 Crypto/x509, Go | 2026-04-16 | 7.5 High |
| During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls. | ||||
| CVE-2026-3497 | 1 Ubuntu | 1 Openssh | 2026-04-16 | 8.2 High |
| Vulnerability in the OpenSSH GSSAPI delta included in various Linux distributions. This vulnerability affects the GSSAPI patches added by various Linux distributions and does not affect the OpenSSH upstream project itself. The usage of sshpkt_disconnect() on an error, which does not terminate the process, allows an attacker to send an unexpected GSSAPI message type during the GSSAPI key exchange to the server, which will call the underlying function and continue the execution of the program without setting the related connection variables. As the variables are not initialized to NULL the code later accesses those uninitialized variables, accessing random memory, which could lead to undefined behavior. The recommended workaround is to use ssh_packet_disconnect() instead, which does terminate the process. The impact of the vulnerability depends heavily on the compiler flag hardening configuration. | ||||
| CVE-2026-32283 | 2 Go Standard Library, Golang | 2 Crypto Tls, Go | 2026-04-16 | 7.5 High |
| If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3. | ||||
| CVE-2026-32288 | 2 Go Standard Library, Golang | 2 Archive/tar, Go | 2026-04-16 | 5.5 Medium |
| tar.Reader can allocate an unbounded amount of memory when reading a maliciously-crafted archive containing a large number of sparse regions encoded in the "old GNU sparse map" format. | ||||
| CVE-2026-29131 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to read the contents of emails encrypted for other users. | ||||
| CVE-2026-29132 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker with access to a victim's GINA account to bypass a second-password check and read protected emails. | ||||
| CVE-2026-32289 | 2 Go Standard Library, Golang | 2 Html/template, Go | 2026-04-16 | 6.1 Medium |
| Context was not properly tracked across template branches for JS template literals, leading to possibly incorrect escaping of content when branches were used. Additionally template actions within JS template literals did not properly track the brace depth, leading to incorrect escaping being applied. These issues could cause actions within JS template literals to be incorrectly or improperly escaped, leading to XSS vulnerabilities. | ||||
| CVE-2026-29133 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 9.1 Critical |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to upload PGP keys with UIDs that do not match their email address. | ||||
| CVE-2026-29134 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an external user to modify GINA webdomain metadata and bypass per-domain restrictions. | ||||
| CVE-2026-29135 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to craft a password-tag that bypasses subject sanitization. | ||||
| CVE-2026-29136 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 6.1 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to inject HTML into notification emails about new CA certificates. | ||||
| CVE-2025-63238 | 1 Limesurvey | 1 Limesurvey | 2026-04-16 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) affects LimeSurvey versions prior to 6.15.11+250909, due to the lack of validation of gid parameter in getInstance() function in application/models/QuestionCreate.php. This allows an attacker to craft a malicious URL and compromise the logged in user. | ||||
| CVE-2026-29137 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 5.3 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to hide security tags from users by crafting a long subject. | ||||
| CVE-2026-29138 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.3 allows attackers with a specially crafted email address to claim another user's PGP signature as their own. | ||||
| CVE-2025-70797 | 1 Limesurvey | 1 Limesurvey | 2026-04-16 | 6.1 Medium |
| Cross Site Scripting vulnerability in Limesurvey v.6.15.20+251021 allows a remote attacker to execute arbitrary code via the Box[title] and box[url] parameters. | ||||
| CVE-2026-29139 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 9.8 Critical |
| SEPPmail Secure Email Gateway before version 15.0.3 allows account takeover by abusing GINA account initialization to reset a victim account password. | ||||
| CVE-2026-29144 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 5.3 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge security tags using Unicode lookalike characters. | ||||
| CVE-2026-29142 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 5.3 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to forge a GINA-encrypted email. | ||||
| CVE-2026-29140 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 5.3 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to cause attacker-controlled certificates to be used for future encryption to a victim by adding the certificates to S/MIME signatures. | ||||
| CVE-2026-29141 | 1 Seppmail | 2 Secure Email Gateway, Seppmail Secure Email Gateway | 2026-04-16 | 5.3 Medium |
| SEPPmail Secure Email Gateway before version 15.0.3 allows an attacker to bypass subject sanitization and forge tags such as [signed OK]. | ||||