Export limit exceeded: 342998 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342998 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34778 | 1 Electron | 1 Electron | 2026-04-07 | 5.9 Medium |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript() and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered and use the result of webContents.executeJavaScript() (or webFrameMain.executeJavaScript()) in security-sensitive decisions. This issue has been patched in versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0. | ||||
| CVE-2026-34780 | 1 Electron | 1 Electron | 2026-04-07 | 8.4 High |
| Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. From versions 39.0.0-alpha.1 to before 39.8.0, 40.0.0-alpha.1 to before 40.7.0, and 41.0.0-alpha.1 to before 41.0.0-beta.8, apps that pass VideoFrame objects (from the WebCodecs API) across the contextBridge are vulnerable to a context isolation bypass. An attacker who can execute JavaScript in the main world (for example, via XSS) can use a bridged VideoFrame to gain access to the isolated world, including any Node.js APIs exposed to the preload script. Apps are only affected if a preload script returns, resolves, or passes a VideoFrame object to the main world via contextBridge.exposeInMainWorld(). Apps that do not bridge VideoFrame objects are not affected. This issue has been patched in versions 39.8.0, 40.7.0, and 41.0.0-beta.8. | ||||
| CVE-2026-34787 | 1 Emlog | 1 Emlog | 2026-04-07 | 6.5 Medium |
| Emlog is an open source website building system. In versions 2.6.2 and prior, a Local File Inclusion (LFI) vulnerability exists in admin/plugin.php at line 80. The $plugin parameter from the GET request is directly used in a require_once path without proper sanitization. If the CSRF token check can be bypassed (see potential bypass conditions), an attacker can include arbitrary PHP files from the server filesystem, leading to code execution. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-34788 | 1 Emlog | 1 Emlog | 2026-04-07 | 6.5 Medium |
| Emlog is an open source website building system. In versions 2.6.2 and prior, a SQL injection vulnerability exists in include/model/tag_model.php at line 168. The updateTagName() function directly interpolates user input into the SQL query string without using parameterized queries or proper escaping ($this->db->escape_string()), making it vulnerable to SQL injection attacks. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-34824 | 1 Mesop-dev | 1 Mesop | 2026-04-07 | 7.5 High |
| Mesop is a Python-based UI framework that allows users to build web applications. From version 1.2.3 to before version 1.2.5, an uncontrolled resource consumption vulnerability exists in the WebSocket implementation of the Mesop framework. An unauthenticated attacker can send a rapid succession of WebSocket messages, forcing the server to spawn an unbounded number of operating system threads. This leads to thread exhaustion and Out of Memory (OOM) errors, causing a complete Denial of Service (DoS) for any application built on the framework. This issue has been patched in version 1.2.5. | ||||
| CVE-2026-34933 | 1 Avahi | 1 Avahi | 2026-04-07 | 5.5 Medium |
| Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version 0.9-rc4. | ||||
| CVE-2026-34934 | 1 Mervinpraison | 1 Praisonai | 2026-04-07 | 9.8 Critical |
| PraisonAI is a multi-agent teams system. Prior to version 4.5.90, the get_all_user_threads function constructs raw SQL queries using f-strings with unescaped thread IDs fetched from the database. An attacker stores a malicious thread ID via update_thread. When the application loads the thread list, the injected payload executes and grants full database access. This issue has been patched in version 4.5.90. | ||||
| CVE-2026-34936 | 1 Mervinpraison | 1 Praisonai | 2026-04-07 | 7.7 High |
| PraisonAI is a multi-agent teams system. Prior to version 4.5.90, passthrough() and apassthrough() in praisonai accept a caller-controlled api_base parameter that is concatenated with endpoint and passed directly to httpx.Client.request() when the litellm primary path raises AttributeError. No URL scheme validation, private IP filtering, or domain allowlist is applied, allowing requests to any host reachable from the server. This issue has been patched in version 4.5.90. | ||||
| CVE-2026-34938 | 1 Mervinpraison | 1 Praisonai | 2026-04-07 | 10 Critical |
| PraisonAI is a multi-agent teams system. Prior to version 1.5.90, execute_code() in praisonai-agents runs attacker-controlled Python inside a three-layer sandbox that can be fully bypassed by passing a str subclass with an overridden startswith() method to the _safe_getattr wrapper, achieving arbitrary OS command execution on the host. This issue has been patched in version 1.5.90. | ||||
| CVE-2026-34978 | 1 Openprinting | 1 Cups | 2026-04-07 | 6.5 Medium |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, the RSS notifier allows .. path traversal in notify-recipient-uri (e.g., rss:///../job.cache), letting a remote IPP client write RSS XML bytes outside CacheDir/rss (anywhere that is lp-writable). In particular, because CacheDir is group-writable by default (typically root:lp and mode 0770), the notifier (running as lp) can replace root-managed state files via temp-file + rename(). This PoC clobbers CacheDir/job.cache with RSS XML, and after restarting cupsd the scheduler fails to parse the job cache and previously queued jobs disappear. At time of publication, there are no publicly available patches. | ||||
| CVE-2026-34980 | 1 Openprinting | 1 Cups | 2026-04-07 | 6.4 Medium |
| OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, in a network-exposed cupsd with a shared target queue, an unauthorized client can send a Print-Job to that shared PostScript queue without authentication. The server accepts a page-border value supplied as textWithoutLanguage, preserves an embedded newline through option escaping and reparse, and then reparses the resulting second-line PPD: text as a trusted scheduler control record. A follow-up raw print job can therefore make the server execute an attacker-chosen existing binary such as /usr/bin/vim as lp. At time of publication, there are no publicly available patches. | ||||
| CVE-2020-37216 | 1 Belden | 1 Hirschmann Hios | 2026-04-07 | 7.5 High |
| Hirschmann HiOS devices versions prior to 08.1.00 and 07.1.01 contain a denial of service vulnerability in the EtherNet/IP stack where improper handling of packet length fields allows remote attackers to crash or hang the device. Attackers can send specially crafted UDP EtherNet/IP packets with a length value larger than the actual packet size to render the device inoperable. | ||||
| CVE-2026-35216 | 1 Budibase | 1 Budibase | 2026-04-07 | 9.1 Critical |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, an unauthenticated attacker can achieve Remote Code Execution (RCE) on the Budibase server by triggering an automation that contains a Bash step via the public webhook endpoint. No authentication is required to trigger the exploit. The process executes as root inside the container. This issue has been patched in version 3.33.4. | ||||
| CVE-2026-35218 | 1 Budibase | 1 Budibase | 2026-04-07 | 8.7 High |
| Budibase is an open-source low-code platform. Prior to version 3.32.5, Budibase's Builder Command Palette renders entity names (tables, views, queries, automations) using Svelte's {@html} directive without any sanitization. An authenticated user with Builder access can create a table, automation, view, or query whose name contains an HTML payload (e.g. <img src=x onerror=alert(document.domain)>). When any Builder-role user in the same workspace opens the Command Palette (Ctrl+K), the payload executes in their browser, stealing their session cookie and enabling full account takeover. This issue has been patched in version 3.32.5. | ||||
| CVE-2026-35468 | 1 Nimiq | 1 Core-rs-albatross | 2026-04-07 | 5.3 Medium |
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, two peer-facing consensus request handlers assume that the history index is always available and call blockchain.history_store.history_index().unwrap() directly. That assumption is false by construction. HistoryStoreProxy::history_index() explicitly returns None for the valid HistoryStoreProxy::WithoutIndex state. when a full node is syncing or otherwise running without the history index, a remote peer can send RequestTransactionsProof or RequestTransactionReceiptsByAddress and trigger an Option::unwrap() panic on the request path. This issue has been patched in version 1.3.0. | ||||
| CVE-2026-35560 | 1 Amazon | 1 Amazon Athena Odbc Driver | 2026-04-07 | 7.4 High |
| Improper certificate validation in the identity provider connection components in Amazon Athena ODBC driver before 2.1.0.0 might allow a man-in-the-middle threat actor to intercept authentication credentials due to insufficient default transport security when connecting to identity providers. This only applies to connections with external identity providers and does not apply to connections with Athena. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35561 | 1 Amazon | 1 Amazon Athena Odbc Driver | 2026-04-07 | 7.4 High |
| Insufficient authentication security controls in the browser-based authentication components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to intercept or hijack authentication sessions due to insufficient protections in the browser-based authentication flows. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-35562 | 1 Amazon | 1 Amazon Athena Odbc Driver | 2026-04-07 | 7.5 High |
| Allocation of resources without limits in the parsing components in Amazon Athena ODBC driver before 2.1.0.0 might allow a threat actor to cause a denial of service by delivering crafted input that triggers excessive resource consumption during the driver's parsing operations. To remediate this issue, users should upgrade to version 2.1.0.0. | ||||
| CVE-2026-3571 | 2 Genetechproducts, Wordpress | 2 Pie Register – User Registration, Profiles & Content Restriction, Wordpress | 2026-04-07 | 6.5 Medium |
| The Pie Register – User Registration, Profiles & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pie_main() function in all versions up to, and including, 3.8.4.8. This makes it possible for unauthenticated attackers to change registration form status. | ||||
| CVE-2026-5470 | 1 Mixelpixx | 1 Google-research-mcp | 2026-04-07 | 6.3 Medium |
| A security vulnerability has been detected in mixelpixx Google-Research-MCP 1e062d7bd887bfe5f6e582b6cc288bb897b35cf2/ca613b736ab787bc926932f59cddc69457185a83. This issue affects the function extractContent of the file src/services/content-extractor.service.ts of the component Model Context Protocol Handler. The manipulation of the argument URL leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available. The vendor was contacted early about this disclosure but did not respond in any way. | ||||