Export limit exceeded: 361533 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (361533 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4150 | 1 Gimp | 1 Gimp | 2026-04-15 | 7.8 High |
| GIMP PSD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28807. | ||||
| CVE-2026-4151 | 1 Gimp | 1 Gimp | 2026-04-15 | 7.8 High |
| GIMP ANI File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ANI files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28813. | ||||
| CVE-2026-4152 | 1 Gimp | 1 Gimp | 2026-04-15 | 7.8 High |
| GIMP JP2 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28863. | ||||
| CVE-2026-4153 | 1 Gimp | 1 Gimp | 2026-04-15 | 7.8 High |
| GIMP PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28874. | ||||
| CVE-2026-4154 | 1 Gimp | 1 Gimp | 2026-04-15 | 7.8 High |
| GIMP XPM File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPM files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-28901. | ||||
| CVE-2026-36872 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_book.php. | ||||
| CVE-2026-36873 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_admin.php. | ||||
| CVE-2026-36874 | 2 Razormist, Sourcecodester | 2 Basic Library System, Basic Library System | 2026-04-15 | 2.7 Low |
| Sourcecodester Basic Library System v1.0 is vulnerable to SQL Injection in /librarysystem/load_student.php. | ||||
| CVE-2026-36946 | 2 Oretnom23, Sourcecodester | 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL injection in the file /rsms/admin/inquiries/view_details.php. | ||||
| CVE-2026-36947 | 2 Oretnom23, Sourcecodester | 2 Computer And Mobile Repair Shop Management System, Computer And Mobile Repair Shop Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Computer and Mobile Repair Shop Management System v1.0 is vulnerable to SQL Injection in the file /rsms/admin/services/view_service.php. | ||||
| CVE-2026-36922 | 2 Oretnom23, Sourcecodester | 2 Cab Management System, Cab Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Cab Management System v1.0 is vulnerable to SQL injection in the file /cms/admin/categories/view_category.php. | ||||
| CVE-2026-36923 | 2 Oretnom23, Sourcecodester | 2 Cab Management System, Cab Management System | 2026-04-15 | 2.7 Low |
| Sourcecodester Cab Management System 1.0 is vulnerable to SQL Injection in the file /cms/admin/bookings/view_booking.php. | ||||
| CVE-2026-34849 | 1 Huawei | 1 Harmonyos | 2026-04-15 | 2.5 Low |
| UAF vulnerability in the screen management module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-21006 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 2.4 Low |
| Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. | ||||
| CVE-2026-21007 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 6.8 Medium |
| Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard. | ||||
| CVE-2026-21011 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 6.8 Medium |
| Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. | ||||
| CVE-2026-21012 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 3.3 Low |
| External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege. | ||||
| CVE-2026-21008 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 6.5 Medium |
| Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information. | ||||
| CVE-2026-21010 | 2 Samsung, Samsung Mobile | 3 Android, Mobile Devices, Samsung Mobile Devices | 2026-04-15 | 6.6 Medium |
| Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. | ||||
| CVE-2026-32614 | 1 Emmansun | 1 Gmsm | 2026-04-15 | 7.5 High |
| Go ShangMi (Commercial Cryptography) Library (GMSM) is a cryptographic library that covers the Chinese commercial cryptographic public algorithms SM2/SM3/SM4/SM9/ZUC. Prior to 0.41.1, the current SM9 decryption implementation contains an infinity-point ciphertext forgery vulnerability. The root cause is that, during decryption, the elliptic-curve point C1 in the ciphertext is only deserialized and checked to be on the curve, but the implementation does not explicitly reject the point at infinity. In the current implementation, an attacker can construct C1 as the point at infinity, causing the bilinear pairing result to degenerate into the identity element in the GT group. As a result, a critical part of the key derivation input becomes a predictable constant. An attacker who only knows the target user's UID can derive the decryption key material and then forge a ciphertext that passes the integrity check. This vulnerability is fixed in 0.41.1. | ||||