Export limit exceeded: 343236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343236 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-33184 | 1 Nimiq | 1 Core-rs-albatross | 2026-04-07 | 7.5 High |
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, the discovery handler accepts a peer-controlled limit during handshake and stores it unchanged. The immediate HandshakeAck path then honors limit = 0 and returns zero contacts, which makes the session look benign. Later, after the same session reaches Established, the periodic update path computes self.peer_list_limit.unwrap() as usize - 1. With limit = 0, that wraps to usize::MAX and then in rand 0.9.2, choose_multiple() immediately attempts Vec::with_capacity(amount), which deterministically panics with capacity overflow. This issue has been patched in version 1.3.0. | ||||
| CVE-2026-34052 | 1 Jupyterhub | 1 Ltiauthenticator | 2026-04-07 | 5.9 Medium |
| LTI JupyterHub Authenticator is a JupyterHub authenticator for LTI. Prior to version 1.6.3, the LTI 1.1 validator stores OAuth nonces in a class-level dictionary that grows without bounds. Nonces are added before signature validation, so an attacker with knowledge of a valid consumer key can send repeated requests with unique nonces to gradually exhaust server memory, causing a denial of service. This issue has been patched in version 1.6.3. | ||||
| CVE-2026-34061 | 1 Nimiq | 1 Core-rs-albatross | 2026-04-07 | 4.9 Medium |
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.3.0, an elected validator proposer can send an election macro block whose header.interlink does not match the canonical next interlink. Honest validators accept that proposal in verify_macro_block_proposal() because the proposal path validates header shape, successor relation, proposer, body root, and state, but never checks the interlink binding for election blocks. The same finalized block is later rejected by verify_block() during push with InvalidInterlink. Because validators prevote and precommit the malformed header hash itself, the failure happens after Tendermint decides the block, not before voting. This issue has been patched in version 1.3.0. | ||||
| CVE-2016-20050 | 1 Foundstone | 1 Netschedscan | 2026-04-07 | 6.2 Medium |
| NetSchedScan 1.0 contains a buffer overflow vulnerability in the scan Hostname/IP field that allows local attackers to crash the application by supplying an oversized input string. Attackers can paste a crafted payload containing 388 bytes of data followed by 4 bytes of EIP overwrite into the Hostname/IP field to trigger a denial of service condition. | ||||
| CVE-2016-20052 | 1 Snewscms | 1 Snews | 2026-04-07 | 9.8 Critical |
| Snews CMS 1.7 contains an unrestricted file upload vulnerability that allows unauthenticated attackers to upload arbitrary files including PHP executables to the snews_files directory. Attackers can upload malicious PHP files through the multipart form-data upload endpoint and execute them by accessing the uploaded file path to achieve remote code execution. | ||||
| CVE-2016-20055 | 1 Iobit | 2 Advanced Systemcare, Advanced Systemcare Ultimate | 2026-04-07 | 7.8 High |
| IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. | ||||
| CVE-2016-20056 | 1 Spy-emergency | 1 Spy Emergency | 2026-04-07 | 7.8 High |
| Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2016-20059 | 1 Iobit | 1 Malware Fighter | 2026-04-07 | 7.8 High |
| IObit Malware Fighter 4.3.1 contains an unquoted service path vulnerability in the IMFservice and LiveUpdateSvc services that allows local attackers to escalate privileges. Attackers can insert a malicious executable file in the unquoted service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges. | ||||
| CVE-2016-20060 | 2 Hotspotshield, Pango | 2 Hotspot Shield, Hotspot Shield | 2026-04-07 | 7.8 High |
| Hotspot Shield 6.0.3 contains an unquoted service path vulnerability in the hshld service binary that allows local attackers to escalate privileges by injecting malicious executables. Attackers can place executable files in the service path and upon service restart or system reboot, the malicious code executes with LocalSystem privileges. | ||||
| CVE-2016-20061 | 1 Sheedantivirus | 1 Sheed Antivirus | 2026-04-07 | 7.8 High |
| sheed AntiVirus 2.3 contains an unquoted service path vulnerability in the ShavProt service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can insert a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges. | ||||
| CVE-2026-34228 | 1 Emlog | 1 Emlog | 2026-04-07 | N/A |
| Emlog is an open source website building system. Prior to version 2.6.8, the backend upgrade interface accepts remote SQL and ZIP URLs via GET parameters. The server first downloads and executes the SQL file, then downloads the ZIP file and extracts it directly into the web root directory. This process does not validate a CSRF token. Therefore, an attacker only needs to trick an authenticated administrator into visiting a malicious link to achieve arbitrary SQL execution and arbitrary file write. This issue has been patched in version 2.6.8. | ||||
| CVE-2017-20233 | 1 Belden | 4 Hirschmann Hilcos Bat450, Hirschmann Hilcos Bat867, Hirschmann Hilcos Openbat and 1 more | 2026-04-07 | 5.4 Medium |
| Hirschmann HiLCOS products OpenBAT, BAT450, WLC, BAT867 contains a firewall filtering vulnerability that fails to correctly filter IPv4 multicast and broadcast traffic when management IP address filtering is disabled, allowing configured filter rules to be bypassed. Attackers with network access can inject or observe multicast and broadcast packets that should have been blocked by the firewall. | ||||
| CVE-2017-20234 | 1 Belden | 1 Garrettcom Magnum 6k And 10k Managed Switches | 2026-04-07 | 9.8 Critical |
| GarrettCom Magnum 6K and 10K managed switches contain an authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access by exploiting a hardcoded string in the authentication mechanism. Attackers can bypass login controls to access administrative functions and sensitive switch configuration without valid credentials. | ||||
| CVE-2017-20235 | 1 Prosoft-technology | 1 Icx35-hwc | 2026-04-07 | 8.8 High |
| ProSoft Technology ICX35-HWC version 1.3 and prior cellular gateways contain an authentication bypass vulnerability in the web user interface that allows unauthenticated attackers to gain access to administrative functions without valid credentials. Attackers can bypass the authentication mechanism in affected firmware versions to obtain full administrative access to device configuration and settings. | ||||
| CVE-2017-20238 | 1 Belden | 1 Hirschmann Industrial Hivision | 2026-04-07 | 7.1 High |
| Hirschmann Industrial HiVision versions 06.0.00 and 07.0.00 prior to 06.0.06 and 07.0.01 contains an improper authorization vulnerability that allows read-only users to gain write access to managed devices by bypassing access control mechanisms. Attackers can exploit alternative interfaces such as the web interface or SNMP browser to modify device configurations despite having restricted permissions. | ||||
| CVE-2026-3445 | 2 Properfraction, Wordpress | 2 Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – Profilepress, Wordpress | 2026-04-07 | 7.1 High |
| The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to unauthorized membership payment bypass in all versions up to, and including, 4.16.11. This is due to a missing ownership verification on the `change_plan_sub_id` parameter in the `process_checkout()` function. This makes it possible for authenticated attackers, with subscriber level access and above, to reference another user's active subscription during checkout to manipulate proration calculations, allowing them to obtain paid lifetime membership plans without payment via the `ppress_process_checkout` AJAX action. | ||||
| CVE-2018-25238 | 1 Vsco | 1 Vsco | 2026-04-07 | 6.2 Medium |
| VSCO 1.1.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string through the search functionality. Attackers can paste a buffer of 5000 characters into the search bar and navigate back to trigger an application crash. | ||||
| CVE-2018-25242 | 1 Microsoft | 1 One Search | 2026-04-07 | 6.2 Medium |
| One Search 1.1.0.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting excessively long input strings to the search functionality. Attackers can paste a buffer of 950 or more characters into the search bar to trigger an unhandled exception that crashes the application. | ||||
| CVE-2018-25243 | 1 Fasttube | 1 Fasttube | 2026-04-07 | 6.2 Medium |
| FastTube 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by submitting an excessively long string to the search functionality. Attackers can paste a buffer of 1900 characters into the search bar and trigger a crash when the search operation is executed. | ||||
| CVE-2026-34607 | 1 Emlog | 1 Emlog | 2026-04-07 | 7.2 High |
| Emlog is an open source website building system. In versions 2.6.2 and prior, a path traversal vulnerability exists in the emUnZip() function (include/lib/common.php:793). When extracting ZIP archives (plugin/template uploads, backup imports), the function calls $zip->extractTo($path) without sanitizing ZIP entry names. An authenticated admin can upload a crafted ZIP containing entries with ../ sequences to write arbitrary files to the server filesystem, including PHP webshells, achieving Remote Code Execution (RCE). At time of publication, there are no publicly available patches. | ||||