Export limit exceeded: 80967 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80967 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-7668 | 1 Mikrotik | 1 Routeros | 2026-05-04 | 7.3 High |
| A vulnerability was identified in MikroTik RouterOS 6.49.8. This vulnerability affects the function ASN1_STRING_data in the library nova/lib/www/scep.p of the component SCEP Endpoint. The manipulation of the argument transactionID/messageType leads to out-of-bounds read. The attack may be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-34986 | 2 Go-jose, Go-jose Project | 2 Go-jose, Go-jose | 2026-05-04 | 7.5 High |
| Go JOSE provides an implementation of the Javascript Object Signing and Encryption set of standards in Go, including support for JSON Web Encryption (JWE), JSON Web Signature (JWS), and JSON Web Token (JWT) standards. Prior to 4.1.4 and 3.0.5, decrypting a JSON Web Encryption (JWE) object will panic if the alg field indicates a key wrapping algorithm (one ending in KW, with the exception of A128GCMKW, A192GCMKW, and A256GCMKW) and the encrypted_key field is empty. The panic happens when cipher.KeyUnwrap() in key_wrap.go attempts to allocate a slice with a zero or negative length based on the length of the encrypted_key. This code path is reachable from ParseEncrypted() / ParseEncryptedJSON() / ParseEncryptedCompact() followed by Decrypt() on the resulting object. Note that the parse functions take a list of accepted key algorithms. If the accepted key algorithms do not include any key wrapping algorithms, parsing will fail and the application will be unaffected. This panic is also reachable by calling cipher.KeyUnwrap() directly with any ciphertext parameter less than 16 bytes long, but calling this function directly is less common. Panics can lead to denial of service. This vulnerability is fixed in 4.1.4 and 3.0.5. | ||||
| CVE-2026-42167 | 1 Proftpd | 1 Proftpd | 2026-05-04 | 8.1 High |
| mod_sql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands (e.g., COPY TO PROGRAM). | ||||
| CVE-2026-4061 | 2 Cyberhobo, Wordpress | 2 Geo Mashup, Wordpress | 2026-05-04 | 7.5 High |
| The Geo Mashup plugin for WordPress is vulnerable to Time-Based SQL Injection via the 'map_post_type' parameter in all versions up to, and including, 1.13.18. This is due to the `SearchResults` hook explicitly calling `stripslashes_deep($_POST)` which removes WordPress magic quotes protection, followed by the unsanitized `map_post_type` value being concatenated into an `IN(...)` clause without `esc_sql()` or `$wpdb->prepare()`. The 'any' branch of the same code correctly applies `array_map('esc_sql', ...)`, but the else branch does not. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database via a time-based blind approach. Exploitation requires the Geo Search feature to be enabled in plugin settings. | ||||
| CVE-2026-7679 | 1 Yunaiv | 1 Yudao-cloud | 2026-05-04 | 7.3 High |
| A security flaw has been discovered in YunaiV yudao-cloud up to 2026.01. This impacts the function getAccessToken of the file yudao-module-system-biz/src/main/java/io/github/ruoyi/common/oauth2/service/impl/OAuth2TokenServiceImpl.java. Performing a manipulation results in improper authentication. The attack can be initiated remotely. The exploit has been released to the public and may be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-7685 | 1 Edimax | 2 Br-6208ac, Br-6208ac Firmware | 2026-05-04 | 8.8 High |
| A vulnerability was detected in Edimax BR-6208AC up to 1.02. Affected is an unknown function of the file /goform/setWAN. Performing a manipulation of the argument pptpDfGateway results in buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-5113 | 2 Gravityforms, Wordpress | 2 Gravity Forms, Wordpress | 2026-05-04 | 7.2 High |
| The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wp_kses(), combined with insufficient output escaping. The state validation logic creates two hashes (raw input and wp_kses-sanitized input) and only fails validation if BOTH hashes don't match the original state. When an attacker injects XSS payloads using tags stripped by wp_kses() (like <svg>), the sanitized hash matches while the malicious raw value is preserved and saved to the database. When administrators view the Entries List page, the stored malicious consent label is retrieved and output without escaping, causing the XSS payload to execute. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in entries that will execute whenever an authenticated administrator accesses the entries list page. | ||||
| CVE-2026-32650 | 1 Anviz | 2 Anviz Crosschex Standard, Crosschex Standard | 2026-05-04 | 7.5 High |
| Anviz CrossChex Standard is vulnerable when an attacker manipulates the TDS7 PreLogin to disable encryption, causing database credentials to be sent in plaintext and enabling unauthorized database access. | ||||
| CVE-2026-40434 | 1 Anviz | 2 Anviz Crosschex Standard, Crosschex Standard | 2026-05-04 | 8.1 High |
| Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacker on the same network to alter or disrupt application traffic. | ||||
| CVE-2026-24186 | 3 Apple, Linux, Nvidia | 4 Macos, Linux Kernel, Flare Sdk and 1 more | 2026-05-04 | 8.8 High |
| NVIDIA FLARE SDK contains a vulnerability in FOBS, where an attacker may cause deserialization of untrusted data by sending a malicious FOBS- encoded message. A successful exploit of this vulnerability might lead to code execution. | ||||
| CVE-2026-32324 | 1 Anviz | 3 Anviz Cx7 Firmware, Cx7, Cx7 Firmware | 2026-05-04 | 7.7 High |
| Anviz CX7 Firmware is vulnerable because the application embeds reusable certificate/key material, enabling decryption of MQTT traffic and potential interaction with device messaging channels at scale. | ||||
| CVE-2026-24222 | 1 Nvidia | 1 Nemoclaw | 2026-05-04 | 8.6 High |
| NVIDIA NeMoClaw contains a vulnerability in the sandbox environment initialization component, where a remote attacker could cause improper access control by sending prompt-injected content that causes the agent to read and exfiltrate host environment variables not properly restricted during sandbox creation. A successful exploit of this vulnerability might lead to information disclosure. | ||||
| CVE-2026-35682 | 1 Anviz | 3 Anviz Cx2 Lite Firmware, Cx2 Lite, Cx2 Lite Firmware | 2026-05-04 | 8.8 High |
| Anviz CX2 Lite is vulnerable to an authenticated command injection via a filename parameter that enables arbitrary command execution (e.g., starting telnetd), resulting in root‑level access. | ||||
| CVE-2026-40066 | 1 Anviz | 6 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware, Cx2 Lite and 3 more | 2026-05-04 | 8.8 High |
| Anviz CX2 Lite and CX7 are vulnerable to unverified update packages that can be uploaded. The device unpacks and executes a script resulting in unauthenticated remote code execution. | ||||
| CVE-2026-40461 | 1 Anviz | 6 Anviz Cx2 Lite Firmware, Anviz Cx7 Firmware, Cx2 Lite and 3 more | 2026-05-04 | 7.5 High |
| Anviz CX2 Lite and CX7 are vulnerable to unauthenticated POST requests that modify debug settings (e.g., enabling SSH), allowing unauthorized state changes that can facilitate later compromise. | ||||
| CVE-2026-1874 | 2 Mitsubishi Electric, Mitsubishielectric | 6 Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip, Melsec Iq-f Series Fx5-enet Ip, Melsec Iq-f Fx5-eip and 3 more | 2026-05-04 | 7.5 High |
| Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | ||||
| CVE-2026-28402 | 1 Nimiq | 2 Core-rs-albatross, Nimiq Proof-of-stake | 2026-05-04 | 7.1 High |
| nimiq/core-rs-albatross is a Rust implementation of the Nimiq Proof-of-Stake protocol based on the Albatross consensus algorithm. Prior to version 1.2.2, a malicious or compromised validator that is elected as proposer can publish a macro block proposal where `header.body_root` does not match the actual macro body hash. The proposal can pass proposal verification because the macro proposal verification path validates the header but does not validate the binding `body_root == hash(body)`; later code expects this binding and may panic on mismatch, crashing validators. Note that the impact is only for validator nodes. The patch for this vulnerability is formally released as part of v1.2.2. The patch adds the corresponding body root verification in the proposal checks. No known workarounds are available. | ||||
| CVE-2026-7579 | 1 Astrbot | 1 Astrbot | 2026-05-04 | 7.3 High |
| A security vulnerability has been detected in AstrBotDevs AstrBot up to 4.16.0. This issue affects some unknown processing of the file astrbot/dashboard/routes/auth.py of the component Dashboard. The manipulation leads to hard-coded credentials. It is possible to initiate the attack remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-7435 | 1 Siteserver | 1 Sscms | 2026-05-04 | 7.2 High |
| SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise. | ||||
| CVE-2026-43824 | 1 Argoproj | 2 Argo-cd, Argo Cd | 2026-05-04 | 7.7 High |
| In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data. | ||||