Export limit exceeded: 346090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346090 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5749 | 1 Fullstep | 1 Fullstep | 2026-04-22 | N/A |
| Inadequate access control in the registration process in Fullstep V5, which could allow unauthenticated users to obtain a valid JWT token with which to interact with authenticated API resources. Successful exploitation of this vulnerability could allow an unauthenticated attacker to compromise the confidentiality of the affected resource, provided they have a valid token with which to interact with the API. | ||||
| CVE-2026-34947 | 1 Discourse | 1 Discourse | 2026-04-22 | 5.3 Medium |
| Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, staged user custom fields and username are exposed on public invite pages without email verification. This issue has been patched in versions 2026.1.3, 2026.2.2, and 2026.3.0. | ||||
| CVE-2017-20235 | 1 Prosoft-technology | 2 Icx35-hwc, Icx35-hwc Firmware | 2026-04-22 | 8.8 High |
| ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings. | ||||
| CVE-2026-4369 | 1 Autodesk | 1 Fusion | 2026-04-22 | 7.1 High |
| A maliciously crafted HTML payload in an assembly variant name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2017-20236 | 1 Prosoft-technology | 2 Icx35-hwc, Icx35-hwc Firmware | 2026-04-22 | 9.8 Critical |
| ProSoft Technology ICX35-HWC versions 1.3 and prior cellular gateways contain an input validation vulnerability in the web user interface that allows remote attackers to inject and execute system commands by submitting malicious input through unvalidated fields. Attackers can exploit this vulnerability to gain root privileges and execute arbitrary commands on the device through the accessible web interface. | ||||
| CVE-2026-34772 | 2 Electron, Electronjs | 2 Electron, Electron | 2026-04-22 | 5.8 Medium |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that allow downloads and programmatically destroy sessions may be vulnerable to a use-after-free. If a session is torn down while a native save-file dialog is open for a download, dismissing the dialog dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not destroy sessions at runtime, or that do not permit downloads, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. | ||||
| CVE-2026-34771 | 2 Electron, Electronjs | 2 Electron, Electron | 2026-04-22 | 7.5 High |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8, apps that register an asynchronous session.setPermissionRequestHandler() may be vulnerable to a use-after-free when handling fullscreen, pointer-lock, or keyboard-lock permission requests. If the requesting frame navigates or the window closes while the permission handler is pending, invoking the stored callback dereferences freed memory, which may lead to a crash or memory corruption. Apps that do not set a permission request handler, or whose handler responds synchronously, are not affected. This issue has been patched in versions 38.8.6, 39.8.0, 40.7.0, and 41.0.0-beta.8. | ||||
| CVE-2026-34770 | 2 Electron, Electronjs | 2 Electron, Electron | 2026-04-22 | 7 High |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8, apps that use the powerMonitor module may be vulnerable to a use-after-free. After the native PowerMonitor object is garbage-collected, the associated OS-level resources (a message window on Windows, a shutdown handler on macOS) retain dangling references. A subsequent session-change event (Windows) or system shutdown (macOS) dereferences freed memory, which may lead to a crash or memory corruption. All apps that access powerMonitor events (suspend, resume, lock-screen, etc.) are potentially affected. The issue is not directly renderer-controllable. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.0, and 41.0.0-beta.8. | ||||
| CVE-2025-31981 | 1 Hcltech | 1 Bigfix Service Management | 2026-04-22 | 5.3 Medium |
| HCL BigFix Service Management (SM) Discovery is vulnerable to unenforced encryption due to port 80 (HTTP) being open, allowing unencrypted access. An attacker with access to the network traffic can sniff packets from the connection and uncover the data. | ||||
| CVE-2026-6781 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-6780 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Denial-of-service in the Audio/Video: Playback component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-6746 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Use-after-free in the DOM: Core & HTML component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6777 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 5.3 Medium |
| Other issue in the Networking: DNS component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-6776 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.8 High |
| Incorrect boundary conditions in the WebRTC: Networking component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6749 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Information disclosure due to uninitialized memory in the Graphics: Canvas2D component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6770 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 6.5 Medium |
| Other issue in the Storage: IndexedDB component. This vulnerability was fixed in Firefox 150, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6754 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Use-after-free in the JavaScript Engine component. This vulnerability was fixed in Firefox 150, Firefox ESR 115.35, Firefox ESR 140.10, Thunderbird 150, and Thunderbird 140.10. | ||||
| CVE-2026-6758 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-22 | 7.5 High |
| Use-after-free in the JavaScript: WebAssembly component. This vulnerability was fixed in Firefox 150 and Thunderbird 150. | ||||
| CVE-2026-4345 | 1 Autodesk | 1 Fusion | 2026-04-22 | 7.1 High |
| A maliciously crafted HTML payload, stored in a design name and exported to CSV, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||
| CVE-2026-4344 | 1 Autodesk | 1 Fusion | 2026-04-22 | 7.1 High |
| A maliciously crafted HTML payload in a component name, when displayed during the delete confirmation dialog and clicked by a user, can trigger a Stored Cross-site Scripting (XSS) vulnerability in the Autodesk Fusion desktop application. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process. | ||||