Export limit exceeded: 343783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-5990 | 1 Tenda | 1 F451 Firmware | 2026-04-10 | 8.8 High |
| A vulnerability has been found in Tenda F451 1.0.0.7. Affected by this vulnerability is the function fromSafeEmailFilter of the file /goform/SafeEmailFilter. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-5989 | 1 Tenda | 1 F451 Firmware | 2026-04-10 | 8.8 High |
| A flaw has been found in Tenda F451 1.0.0.7. Affected is the function fromRouteStatic of the file /goform/RouteStatic. Executing a manipulation of the argument page can lead to stack-based buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5460 | 2026-04-10 | N/A | ||
| A heap use-after-free exists in wolfSSL's TLS 1.3 post-quantum cryptography (PQC) hybrid KeyShare processing. In the error handling path of TLSX_KeyShare_ProcessPqcHybridClient() in src/tls.c, the inner function TLSX_KeyShare_ProcessPqcClient_ex() frees a KyberKey object upon encountering an error. The caller then invokes TLSX_KeyShare_FreeAll(), which attempts to call ForceZero() on the already-freed KyberKey, resulting in writes of zero bytes over freed heap memory. | ||||
| CVE-2026-5448 | 2026-04-10 | N/A | ||
| X.509 date buffer overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore. A buffer overflow may occur when parsing date fields from a crafted X.509 certificate via the compatibility layer API. This is only triggered when calling these two APIs directly from an application, and does not affect TLS or certificate verify operations in wolfSSL. | ||||
| CVE-2026-5393 | 2026-04-10 | N/A | ||
| Dual-Algorithm CertificateVerify out-of-bounds read. When processing a dual-algorithm CertificateVerify message, an out-of-bounds read can occur on crafted input. This can only occur when --enable-experimental and --enable-dual-alg-certs is used when building wolfSSL. | ||||
| CVE-2026-5392 | 2026-04-10 | N/A | ||
| Heap out-of-bounds read in PKCS7 parsing. A crafted PKCS7 message can trigger an OOB read on the heap. The missing bounds check is in the indefinite-length end-of-content verification loop in PKCS7_VerifySignedData(). | ||||
| CVE-2026-34500 | 2026-04-10 | N/A | ||
| CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled and FFM is used in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M14 through 11.0.20, from 10.1.22 through 10.1.53, from 9.0.92 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fixes the issue. | ||||
| CVE-2026-34487 | 2026-04-10 | N/A | ||
| Insertion of Sensitive Information into Log File vulnerability in the cloud membership for clustering component of Apache Tomcat exposed the Kubernetes bearer token. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.13 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117, which fix the issue. | ||||
| CVE-2026-34483 | 2026-04-10 | N/A | ||
| Improper Encoding or Escaping of Output vulnerability in the JsonAccessLogValve component of Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.20, from 10.1.0-M1 through 10.1.53, from 9.0.40 through 9.0.116. Users are recommended to upgrade to version 11.0.21, 10.1.54 or 9.0.117 , which fix the issue. | ||||
| CVE-2026-29146 | 2026-04-10 | N/A | ||
| Padding Oracle vulnerability in Apache Tomcat's EncryptInterceptor with default configuration. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.0.0-M1 through 10.1.52, from 9.0.13 through 9..115, from 8.5.38 through 8.5.100, from 7.0.100 through 7.0.109. Users are recommended to upgrade to version 11.0.19, 10.1.53 and 9.0.116, which fixes the issue. | ||||
| CVE-2026-29145 | 2026-04-10 | N/A | ||
| CLIENT_CERT authentication does not fail as expected for some scenarios when soft fail is disabled vulnerability in Apache Tomcat, Apache Tomcat Native. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M7 through 10.1.52, from 9.0.83 through 9.0.115; Apache Tomcat Native: from 1.1.23 through 1.1.34, from 1.2.0 through 1.2.39, from 1.3.0 through 1.3.6, from 2.0.0 through 2.0.13. Users are recommended to upgrade to version Tomcat Native 1.3.7 or 2.0.14 and Tomcat 11.0.20, 10.1.53 and 9.0.116, which fix the issue. | ||||
| CVE-2026-29129 | 2026-04-10 | N/A | ||
| Configured cipher preference order not preserved vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.16 through 11.0.18, from 10.1.51 through 10.1.52, from 9.0.114 through 9.0.115. Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. | ||||
| CVE-2026-25854 | 2026-04-10 | N/A | ||
| Occasional URL redirection to untrusted Site ('Open Redirect') vulnerability in Apache Tomcat via the LoadBalancerDrainingValve. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M23 through 9.0.115, from 8.5.30 through 8.5.100. Other, unsupported versions may also be affected Users are recommended to upgrade to version 11.0.20, 10.1.53 or 9.0.116, which fix the issue. | ||||
| CVE-2026-24880 | 2026-04-10 | N/A | ||
| Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Apache Tomcat via invalid chunk extension. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.18, from 10.1.0-M1 through 10.1.52, from 9.0.0.M1 through 9.0.115, from 8.5.0 through 8.5.100, from 7.0.0 through 7.0.109. Other, unsupported versions may also be affected. Users are recommended to upgrade to version 11.0.20, 10.1.52 or 9.0.116, which fix the issue. | ||||
| CVE-2026-26133 | 1 Microsoft | 35 365 Copilot, 365 Copilot Android, 365 Copilot For Android and 32 more | 2026-04-09 | 7.1 High |
| AI command injection in M365 Copilot allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-0385 | 1 Microsoft | 3 Edge, Edge Chromium, Edge For Android | 2026-04-09 | 5 Medium |
| Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability | ||||
| CVE-2026-32187 | 1 Microsoft | 2 Edge, Edge Chromium | 2026-04-09 | 4.2 Medium |
| Microsoft Edge (Chromium-based) Defense in Depth Vulnerability | ||||
| CVE-2026-26144 | 1 Microsoft | 1 365 Apps | 2026-04-09 | 7.5 High |
| Improper neutralization of input during web page generation ('cross-site scripting') in Microsoft Office Excel allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-26141 | 1 Microsoft | 1 Azure Automation Hybrid Worker Windows Extension | 2026-04-09 | 7.8 High |
| Improper authentication in Azure Arc allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-26130 | 2 Microsoft, Redhat | 2 Asp.net Core, Enterprise Linux | 2026-04-09 | 7.5 High |
| Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||