Export limit exceeded: 11145 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11145 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-6501 | 1 Ilm Informatique | 1 Jopendocument | 2026-05-04 | N/A |
| Improper restriction of XML external entity reference vulnerability in ILM Informatique jOpenDocument allows Data Serialization External Entities Blowup. This issue affects jOpenDocument: 1.5. | ||||
| CVE-2026-35372 | 1 Uutils | 1 Coreutils | 2026-05-04 | 5 Medium |
| A logic error in the ln utility of uutils coreutils allows the utility to dereference a symbolic link target even when the --no-dereference (or -n) flag is explicitly provided. The implementation previously only honored the "no-dereference" intent if the --force (overwrite) mode was also enabled. This flaw causes ln to follow a symbolic link that points to a directory and create new links inside that target directory instead of treating the symbolic link itself as the destination. In environments where a privileged user or system script uses ln -n to update a symlink, a local attacker could manipulate existing symbolic links to redirect file creation into sensitive directories, potentially leading to unauthorized file creation or system misconfiguration. | ||||
| CVE-2026-6542 | 2 Ibm, Langflow | 2 Langflow Oss, Langflow | 2026-05-04 | 6.5 Medium |
| IBM Langflow OSS 1.0.0 through 1.8.4 could allow any user to supply a flow_id to read transaction logs and vertex build data belonging to other users, and to delete persisted vertex build data for another user's flow. | ||||
| CVE-2026-7491 | 1 Zyosoft | 1 School App | 2026-05-04 | 8.1 High |
| School App developed by Zyosoft has an Insecure Direct Object Reference vulnerability, allowing authenticated remote attackers to modify a specific parameter to read and modify other users' data. | ||||
| CVE-2026-7638 | 2 Appcheap, Wordpress | 2 App Builder – Create Native Android & Ios Apps On The Flight, Wordpress | 2026-05-04 | 5.3 Medium |
| The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the `upload_avatar()` function, which accepts an attacker-controlled `user_id` parameter from the POST request body and uses it to update user meta without verifying that the authenticated requester owns or has permission to modify the target account. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite the profile avatar of any arbitrary user on the site, including administrators, by supplying a target `user_id` in the request body to the `/wp-json/app-builder/v1/upload-avatar` endpoint. | ||||
| CVE-2026-24178 | 3 Apple, Linux, Nvidia | 4 Macos, Linux Kernel, Flare Sdk and 1 more | 2026-05-04 | 9.8 Critical |
| NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data tampering, information disclosure, code execution, and denial of service. | ||||
| CVE-2026-1874 | 2 Mitsubishi Electric, Mitsubishielectric | 6 Melsec Iq-f Series Fx5-enet/ip Ethernet Module Fx5-enet/ip, Melsec Iq-f Series Fx5-enet Ip, Melsec Iq-f Fx5-eip and 3 more | 2026-05-04 | 7.5 High |
| Always-Incorrect Control Flow Implementation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET/IP Ethernet Module FX5-ENET/IP versions 1.106 and prior and Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-EIP EtherNet/IP Module FX5-EIP versions 1.000 and prior allows a remote attacker to cause a denial-of-service (DoS) condition on the products by continuously sending UDP packets to the products. A system reset of the product is required for recovery. | ||||
| CVE-2026-5337 | 2 Frontend File Manager Plugin, Wordpress | 2 Frontend File Manager Plugin, Wordpress | 2026-05-04 | 6.5 Medium |
| During the analysis, it was identified that authenticated attackers with Subscriber-level access or higher are able to perform an Insecure Direct Object Reference (IDOR) attack. This vulnerability exists because the Frontend File Manager Plugin WordPress plugin through 23.6 does not properly validate user authorization for the requested uploaded file when processing download requests. By modifying the value of the 'file_id' parameter in the download endpoint (e.g., http://localhost/?do=wpfm_download&file_id=40&nm_file_nonce=a36fb893f1), an attacker can access files belonging to other users, including privileged users such as administrators. This allows unauthorized access/read to sensitive data stored within the application. | ||||
| CVE-2026-41174 | 1 Traefik | 1 Traefik | 2026-05-04 | 6.4 Medium |
| Traefik is an HTTP reverse proxy and load balancer. Prior to versions 2.11.43, 3.6.14, and 3.7.0-rc.2, there is a potential vulnerability in Traefik's Kubernetes CRD provider cross-namespace isolation enforcement. When providers.kubernetesCRD.allowCrossNamespace=false, Traefik correctly rejects direct cross-namespace middleware references from IngressRoute objects, but fails to apply the same restriction to middleware references nested inside a Chain middleware's spec.chain.middlewares[]. An actor with permission to create or update Traefik CRDs in their own namespace can exploit this to cause Traefik to resolve and apply middleware objects from another namespace, bypassing the documented isolation boundary. This issue has been patched in versions 2.11.43, 3.6.14, and 3.7.0-rc.2. | ||||
| CVE-2026-7702 | 2 Affine, Toeverything | 2 Affine, Affine | 2026-05-04 | 5.3 Medium |
| A vulnerability was detected in toeverything AFFiNE up to 0.26.3. This issue affects the function allowDocPreview of the file /workspace/:workspaceId/:docId of the component Public Markdown Preview Endpoint. The manipulation results in authorization bypass. It is possible to launch the attack remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-14543 | 1 Rti | 1 Connext Professional | 2026-05-04 | 9.1 Critical |
| Improper Restriction of XML External Entity Reference vulnerability in Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*. | ||||
| CVE-2026-42403 | 1 Apache | 1 Neethi | 2026-05-03 | 7.5 High |
| Apache Neethi does not properly detect circular references in policy definitions. When a WS-Policy document contains circular policy references (where Policy A references Policy B which references Policy A), the policy normalization process can enter an infinite loop or cause excessive recursion, leading to a stack overflow or application hang. An attacker can craft malicious policy documents with circular references to cause a Denial of Service condition Users are recommended to upgrade to version 3.2.2, which fixes this issue. | ||||
| CVE-2026-40685 | 1 Exim | 1 Exim | 2026-05-02 | 6.5 Medium |
| In Exim before 4.99.2, when JSON lookup is enabled, an out-of-bounds heap write can occur when a JSON operator encounters malformed JSON in an untrusted header, because of an incorrect implementation of \ skipping. | ||||
| CVE-2026-6526 | 1 Wireshark | 1 Wireshark | 2026-05-02 | 5.5 Medium |
| RTSP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 | ||||
| CVE-2026-34444 | 1 Scoder | 1 Lupa | 2026-05-01 | 10.0 Critical |
| Lupa integrates the runtimes of Lua or LuaJIT2 into CPython. In 2.6 and earlier, attribute_filter is not consistently applied when attributes are accessed through built-in functions like getattr and setattr. This allows an attacker to bypass the intended restrictions and eventually achieve arbitrary code execution. | ||||
| CVE-2026-7510 | 1 Owasp | 1 Defectdojo | 2026-05-01 | 6.3 Medium |
| A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 2.56.0 addresses this issue. This patch is called eb6120a379185d37eb1af17b69bb5614a830ab1f. Upgrading the affected component is recommended. | ||||
| CVE-2026-6527 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| ASN.1 PER protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-6528 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| TLS protocol dissector infinite loop in Wireshark 4.6.0 to 4.6.4 allows denial of service | ||||
| CVE-2026-5409 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| Monero protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||
| CVE-2026-5299 | 1 Wireshark | 1 Wireshark | 2026-05-01 | 5.5 Medium |
| ICMPv6 PvD protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service | ||||