Export limit exceeded: 343925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (343925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-30079 | 1 Openairinterface | 1 Oai-cn5g-amf | 2026-04-10 | 9.8 Critical |
| In OpenAirInterface V2.2.0 AMF, Out of sequence messages causes incorrect state transition during UE registration procedure. This allows authentication to be bypassed completely. If a SecurityModeComplete message is sent after InitialUERegistration, a registration reject is received followed by a registration accept! This leads the UE to be registered without proper authentication. | ||||
| CVE-2025-56015 | 1 Genieacs | 1 Genieacs | 2026-04-10 | 7.5 High |
| In GenieACS 1.2.13, an unauthenticated access vulnerability exists in the NBI API endpoint. | ||||
| CVE-2025-69515 | 1 Jxlindia | 1 Jxl 9 Inch Car Android Double Din Player | 2026-04-10 | 9.1 Critical |
| An issue in JXL 9 Inch Car Android Double Din Player Android v12.0 allows attackers to force the infotainment system into accepting falsified GPS signals as legitimate, resulting in the device reporting an incorrect or static location. | ||||
| CVE-2025-71058 | 1 Dual Dhcp Dns Server Project | 1 Dual Dhcp Dns Server | 2026-04-10 | 9.1 Critical |
| Dual DHCP DNS Server 8.01 improperly accepts and caches UDP DNS responses without validating that the response originates from a legitimate configured upstream DNS server. The implementation matches responses primarily by TXID and inserts results into the cache, enabling a remote attacker to inject forged responses and poison the DNS cache, potentially redirecting victims to attacker-controlled destinations. | ||||
| CVE-2026-31271 | 1 Megagao | 1 Production Ssm | 2026-04-10 | 9.8 Critical |
| megagao production_ssm v1.0 contains an authorization bypass vulnerability in the user addition functionality. The insert() method in UserController.java lacks authentication checks, allowing unauthenticated attackers to create super administrator accounts by directly accessing the /user/insert endpoint. This leads to complete system compromise. | ||||
| CVE-2026-31272 | 1 Wuweiit | 1 Mushroom | 2026-04-10 | 9.8 Critical |
| MRCMS 3.1.2 contains an access control vulnerability. The save() method in src/main/java/org/marker/mushroom/controller/UserController.java lacks proper authorization validation, enabling direct addition of super administrator accounts without authentication. | ||||
| CVE-2024-36057 | 1 Koha-community | 1 Koha Library Software | 2026-04-10 | 9.8 Critical |
| Koha Library before 23.05.10 fails to sanitize user-controllable filenames prior to unzipping, leading to remote code execution. The line "qx/unzip $filename -d $dirname/;" in upload-cover-image.pl is vulnerable to command injection via shell metacharacters because input data can be controlled by an attacker and is directly included in a system command, i.e., an attack can occur via malicious filenames after uploading a .zip file and clicking Process Images. | ||||
| CVE-2024-36058 | 1 Koha-community | 1 Koha | 2026-04-10 | 9.8 Critical |
| The Send Basket functionality in Koha Library before 23.05.10 is susceptible to Time-Based SQL Injection because it fails to sanitize the POST parameter bib_list in /cgi-bin/koha/opac-sendbasket.pl, allowing library users to read arbitrary data from the database. | ||||
| CVE-2025-52908 | 1 Samsung | 21 Exynos, Exynos 1280, Exynos 1280 Firmware and 18 more | 2026-04-10 | 9.8 Critical |
| An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow via a certain ioctl message, issue 1 of 2. | ||||
| CVE-2025-70844 | 1 Kantorge | 1 Yaffa | 2026-04-10 | 6.1 Medium |
| yaffa v2.0.0 is vulnerable to Cross Site Scripting (XSS). An attacker can inject malicious JavaScript into the "Add Account Group" function on the account-group page, allowing execution of arbitrary script in the context of users who view the affected page. | ||||
| CVE-2026-30460 | 2 Daylightstudio, Thedaylightstudio | 2 Fuel Cms, Fuel Cms | 2026-04-10 | 8.8 High |
| Daylight Studio FuelCMS v1.5.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability in the Blocks module. | ||||
| CVE-2025-15611 | 3 Ays-pro, Popup Box, Wordpress | 3 Popup Box, Popup Box, Wordpress | 2026-04-10 | 5.4 Medium |
| The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the add_or_edit_popupbox() function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create or modify popups with arbitrary JavaScript that executes in the admin panel and frontend. | ||||
| CVE-2026-4079 | 3 Guaven, Sql Chart Builder, Wordpress | 3 Sql Chart Builder, Sql Chart Builder, Wordpress | 2026-04-10 | 6.5 Medium |
| The SQL Chart Builder WordPress plugin before 2.3.8 does not properly escape user input as it is concatened to SQL queries, making it possible for attackers to conduct SQL Injection attacks against the dynamic filter functionality. | ||||
| CVE-2026-4277 | 1 Djangoproject | 1 Django | 2026-04-10 | 9.8 Critical |
| An issue was discovered in 6.0 before 6.0.4, 5.2 before 5.2.13, and 4.2 before 4.2.30. Add permissions on inline model instances were not validated on submission of forged `POST` data in `GenericInlineModelAdmin`. Earlier, unsupported Django series (such as 5.0.x, 4.1.x, and 3.2.x) were not evaluated and may also be affected. Django would like to thank N05ec@LZU-DSLab for reporting this issue. | ||||
| CVE-2026-35486 | 1 Oobabooga | 2 Text-generation-webui, Text Generation Web Ui | 2026-04-10 | 7.5 High |
| text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, he superbooga and superboogav2 RAG extensions fetch user-supplied URLs via requests.get() with zero validation — no scheme check, no IP filtering, no hostname allowlist. An attacker can access cloud metadata endpoints, steal IAM credentials, and probe internal services. The fetched content is exfiltrated through the RAG pipeline. This vulnerability is fixed in 4.3. | ||||
| CVE-2026-35487 | 1 Oobabooga | 2 Text-generation-webui, Text Generation Web Ui | 2026-04-10 | 5.3 Medium |
| text-generation-webui is an open-source web interface for running Large Language Models. Prior to 4.3, an unauthenticated path traversal vulnerability in load_prompt() allows reading any .txt file on the server filesystem. The file content is returned verbatim in the API response. This vulnerability is fixed in 4.3. | ||||
| CVE-2026-5745 | 2 Libarchive, Redhat | 5 Libarchive, Enterprise Linux, Hummingbird and 2 more | 2026-04-10 | 5.5 Medium |
| A flaw was found in libarchive. A NULL pointer dereference vulnerability exists in the ACL parsing logic, specifically within the archive_acl_from_text_nl() function. When processing a malformed ACL string (such as a bare "d" or "default" tag without subsequent fields), the function fails to perform adequate validation before advancing the pointer. An attacker can exploit this by providing a maliciously crafted archive, causing an application utilizing the libarchive API (such as bsdtar) to crash, resulting in a Denial of Service (DoS). | ||||
| CVE-2026-33815 | 1 Jackc | 1 Pgx | 2026-04-10 | 9.8 Critical |
| Memory-safety vulnerability in github.com/jackc/pgx/v5. | ||||
| CVE-2026-33816 | 1 Jackc | 1 Pgx | 2026-04-10 | 9.8 Critical |
| Memory-safety vulnerability in github.com/jackc/pgx/v5. | ||||
| CVE-2026-27315 | 1 Apache | 1 Cassandra | 2026-04-10 | 5.5 Medium |
| Sensitive Information Leak in cqlsh in Apache Cassandra 4.0 allows access to sensitive information, like passwords, from previously executed cqlsh command via ~/.cassandra/cqlsh_history local file access. Users are recommended to upgrade to version 4.0.20, which fixes this issue. -- Description: Cassandra's command-line tool, cqlsh, provides a command history feature that allows users to recall previously executed commands using the up/down arrow keys. These history records are saved in the ~/.cassandra/cqlsh_history file in the user's home directory. However, cqlsh does not redact sensitive information when saving command history. This means that if a user executes operations involving passwords (such as logging in or creating users) within cqlsh, these passwords are permanently stored in cleartext in the history file on the disk. | ||||