Export limit exceeded: 42841 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (42841 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-35611 | 1 Sporkmonger | 1 Addressable | 2026-04-09 | 7.5 High |
| Addressable is an alternative implementation to the URI implementation that is part of Ruby's standard library. From 2.3.0 to before 2.9.0, within the URI template implementation in Addressable, two classes of URI template generate regular expressions vulnerable to catastrophic backtracking. Templates using the * (explode) modifier with any expansion operator (e.g., {foo*}, {+var*}, {#var*}, {/var*}, {.var*}, {;var*}, {?var*}, {&var*}) generate patterns with nested unbounded quantifiers that are O(2^n) when matched against a maliciously crafted URI. Templates using multiple variables with the + or # operators (e.g., {+v1,v2,v3}) generate patterns with O(n^k) complexity due to the comma separator being within the matched character class, causing ambiguous backtracking across k variables. When matched against a maliciously crafted URI, this can result in catastrophic backtracking and uncontrolled resource consumption, leading to denial of service. This vulnerability is fixed in 2.9.0. | ||||
| CVE-2026-39863 | 1 Kamailio | 1 Kamailio | 2026-04-09 | 7.5 High |
| Kamailio is an open source implementation of a SIP Signaling Server. Prior to 6.1.1, 6.0.6, and 5.8.8, an out-of-bounds access in the core of Kamailio (formerly OpenSER and SER) allows remote attackers to cause a denial of service (process crash) via a specially crafted data packet sent over TCP. The issue impacts Kamailio instances having TCP or TLS listeners. This vulnerability is fixed in 5.1.1, 6.0.6, and 5.8.8. | ||||
| CVE-2026-0810 | 2 Gitoxidelabs, Redhat | 3 Gix-date, Enterprise Linux, Logging | 2026-04-09 | 7.1 High |
| A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently processed. This could potentially result in application instability or other unforeseen consequences. | ||||
| CVE-2025-12664 | 1 Gitlab | 1 Gitlab | 2026-04-09 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.0 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. | ||||
| CVE-2026-33347 | 1 Thephpleague | 1 Commonmark | 2026-04-09 | 6.1 Medium |
| league/commonmark is a PHP Markdown parser. From version 2.3.0 to before version 2.8.2, the DomainFilteringAdapter in the Embed extension is vulnerable to an allowlist bypass due to a missing hostname boundary assertion in the domain-matching regex. An attacker-controlled domain like youtube.com.evil passes the allowlist check when youtube.com is an allowed domain. This issue has been patched in version 2.8.2. | ||||
| CVE-2026-31818 | 1 Budibase | 1 Budibase | 2026-04-09 | 9.6 Critical |
| Budibase is an open-source low-code platform. Prior to version 3.33.4, a server-side request forgery (SSRF) vulnerability exists in Budibase's REST datasource connector. The platform's SSRF protection mechanism (IP blacklist) is rendered completely ineffective because the BLACKLIST_IPS environment variable is not set by default in any of the official deployment configurations. When this variable is empty, the blacklist function unconditionally returns false, allowing all requests through without restriction. This issue has been patched in version 3.33.4. | ||||
| CVE-2025-47389 | 1 Qualcomm | 363 Ar8035, Ar8035 Firmware, Cologne and 360 more | 2026-04-09 | 7.8 High |
| Memory corruption when buffer copy operation fails due to integer overflow during attestation report generation. | ||||
| CVE-2025-47390 | 1 Qualcomm | 59 Cologne, Cologne Firmware, Fastconnect 6700 and 56 more | 2026-04-09 | 7.8 High |
| Memory corruption while preprocessing IOCTL request in JPEG driver. | ||||
| CVE-2025-47391 | 1 Qualcomm | 203 Fastconnect 6200, Fastconnect 6200 Firmware, Fastconnect 6700 and 200 more | 2026-04-09 | 7.8 High |
| Memory corruption while processing a frame request from user. | ||||
| CVE-2025-47392 | 1 Qualcomm | 309 5g Fixed Wireless Access Platform, 5g Fixed Wireless Access Platform Firmware, Ar8035 and 306 more | 2026-04-09 | 8.8 High |
| Memory corruption when decoding corrupted satellite data files with invalid signature offsets. | ||||
| CVE-2025-47400 | 1 Qualcomm | 23 Pandeiro, Pandeiro Firmware, Snapdragon and 20 more | 2026-04-09 | 7.1 High |
| Cryptographic issue while copying data to a destination buffer without validating its size. | ||||
| CVE-2026-21367 | 1 Qualcomm | 301 Ar8035, Ar8035 Firmware, Cologne and 298 more | 2026-04-09 | 7.6 High |
| Transient DOS when processing nonstandard FILS Discovery Frames with out-of-range action sizes during initial scans. | ||||
| CVE-2026-21371 | 1 Qualcomm | 105 Aqt1000, Aqt1000 Firmware, Cologne and 102 more | 2026-04-09 | 7.8 High |
| Memory Corruption when retrieving output buffer with insufficient size validation. | ||||
| CVE-2026-21372 | 1 Qualcomm | 57 Cologne, Cologne Firmware, Fastconnect 6700 and 54 more | 2026-04-09 | 7.8 High |
| Memory Corruption when sending IOCTL requests with invalid buffer sizes during memcpy operations. | ||||
| CVE-2026-21373 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21374 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when processing auxiliary sensor input/output control commands with insufficient buffer size validation. | ||||
| CVE-2026-21375 | 1 Qualcomm | 71 Cologne, Cologne Firmware, Fastconnect 6700 and 68 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing. | ||||
| CVE-2026-21376 | 1 Qualcomm | 109 Aqt1000, Aqt1000 Firmware, Cologne and 106 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21378 | 1 Qualcomm | 103 Aqt1000, Aqt1000 Firmware, Cologne and 100 more | 2026-04-09 | 7.8 High |
| Memory Corruption when accessing an output buffer without validating its size during IOCTL processing in a camera sensor driver. | ||||
| CVE-2026-21381 | 1 Qualcomm | 206 Ar8035, Ar8035 Firmware, Cologne and 203 more | 2026-04-09 | 7.6 High |
| Transient DOS when receiving a service data frame with excessive length during device matching over a neighborhood awareness network protocol connection. | ||||