Export limit exceeded: 345363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27631 | 1 Exiv2 | 1 Exiv2 | 2026-04-16 | 5.3 Medium |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an uncaught exception was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. Due to an integer overflow, the code attempts to create a huge std::vector, which causes Exiv2 to crash with an uncaught exception. This issue has been patched in version 0.28.8. | ||||
| CVE-2026-27596 | 1 Exiv2 | 1 Exiv2 | 2026-04-16 | 7.5 High |
| Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif, IPTC, XMP and ICC image metadata. Prior to version 0.28.8, an out-of-bounds read was found in Exiv2. The vulnerability is in the preview component, which is only triggered when running Exiv2 with an extra command line argument, like -pp. The out-of-bounds read is at a 4GB offset, which usually causes Exiv2 to crash. This issue has been patched in version 0.28.8. | ||||
| CVE-2026-34619 | 1 Adobe | 1 Coldfusion | 2026-04-16 | 7.7 High |
| ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access unauthorized files or directories outside the intended restrictions. Exploitation of this issue does not require user interaction. | ||||
| CVE-2026-2766 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2765 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-2764 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-16 | 9.8 Critical |
| JIT miscompilation, use-after-free in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 115.33, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||
| CVE-2026-4949 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-04-16 | 4.3 Medium |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 4.16.12. This is due to the 'process_checkout' function not properly enforcing the plan active status check when a 'change_plan_sub_id' parameter is provided. This makes it possible for authenticated attackers, with Subscriber-level access and above, to subscribe to inactive membership plans by supplying an arbitrary 'change_plan_sub_id' value in the checkout request. | ||||
| CVE-2025-62221 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-16 | 7.8 High |
| Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-35617 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 4.2 Medium |
| OpenClaw before 2026.3.25 contains an authorization bypass vulnerability in Google Chat group policy enforcement that relies on mutable space display names. Attackers can rebind group policies by changing or colliding space display names to gain unauthorized access to protected resources. | ||||
| CVE-2025-62565 | 1 Microsoft | 18 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 15 more | 2026-04-16 | 7.3 High |
| Use after free in Windows Shell allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62474 | 1 Microsoft | 22 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 19 more | 2026-04-16 | 7.8 High |
| Improper access control in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62467 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-16 | 7.8 High |
| Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62462 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-16 | 7.8 High |
| Buffer over-read in Windows Projected File System allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-59516 | 1 Microsoft | 16 Windows 10 1809, Windows 10 21h2, Windows 10 21h2 and 13 more | 2026-04-16 | 7.8 High |
| Missing authentication for critical function in Windows Storage VSP Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62562 | 1 Microsoft | 13 365 Apps, Office, Office 2019 and 10 more | 2026-04-16 | 7.8 High |
| Use after free in Microsoft Office Outlook allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62561 | 1 Microsoft | 11 365 Apps, Excel, Excel 2016 and 8 more | 2026-04-16 | 7.8 High |
| Untrusted pointer dereference in Microsoft Office Excel allows an unauthorized attacker to execute code locally. | ||||
| CVE-2025-62549 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 8.8 High |
| Untrusted pointer dereference in Windows Routing and Remote Access Service (RRAS) allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2025-62470 | 1 Microsoft | 23 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 20 more | 2026-04-16 | 7.8 High |
| Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-62456 | 1 Microsoft | 10 Windows 11 23h2, Windows 11 23h2, Windows 11 24h2 and 7 more | 2026-04-16 | 8.8 High |
| Heap-based buffer overflow in Windows Resilient File System (ReFS) allows an authorized attacker to execute code over a network. | ||||
| CVE-2026-35623 | 1 Openclaw | 1 Openclaw | 2026-04-16 | 4.8 Medium |
| OpenClaw before 2026.3.25 contains a missing rate limiting vulnerability in webhook authentication that allows attackers to brute-force weak webhook passwords without throttling. Remote attackers can repeatedly submit incorrect password guesses to the webhook endpoint to compromise authentication and gain unauthorized access. | ||||