Export limit exceeded: 342100 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342100 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-21693 | 1 Onionshare | 1 Onionshare | 2026-04-03 | 6.3 Medium |
| OnionShare is an open source tool that lets you securely and anonymously share files, host websites, and chat with friends using the Tor network. In affected versions an adversary with a primitive that allows for filesystem access from the context of the Onionshare process can access sensitive files in the entire user home folder. This could lead to the leaking of sensitive data. Due to the automatic exclusion of hidden folders, the impact is reduced. This can be mitigated by usage of the flatpak release. | ||||
| CVE-2024-28862 | 1 Rotp Project | 1 Rotp | 2026-04-03 | 5.3 Medium |
| The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. | ||||
| CVE-2026-4818 | 2 Floragunn, Search-guard | 2 Search Guard Flx, Flx | 2026-04-03 | 6.8 Medium |
| In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams. | ||||
| CVE-2026-29014 | 1 Metinfo Cms | 1 Metinfo Cms | 2026-04-03 | 9.8 Critical |
| MetInfo CMS versions 7.9, 8.0, and 8.1 contain an unauthenticated PHP code injection vulnerability that allows remote attackers to execute arbitrary code by sending crafted requests with malicious PHP code. Attackers can exploit insufficient input neutralization in the execution path to achieve remote code execution and gain full control over the affected server. | ||||
| CVE-2026-35093 | 1 Redhat | 1 Enterprise Linux | 2026-04-03 | 8.8 High |
| A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. | ||||
| CVE-2026-1491 | 1 Ibm | 4 Security Verify Access, Security Verify Access Container, Verify Identity Access and 1 more | 2026-04-03 | 5.3 Medium |
| IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 IBM Security Verify could allow a remote attacker to access sensitive information due to an inconsistent interpretation of an HTTP request by a reverse proxy. | ||||
| CVE-2025-36375 | 1 Ibm | 3 Datapower Gateway 1050, Datapower Gateway 1060, Datapower Gateway 106cd | 2026-04-03 | 6.5 Medium |
| IBM DataPower Gateway 10.6CD 10.6.1.0 through 10.6.5.0 and IBM DataPower Gateway 10.5.0 10.5.0.0 through 10.5.0.20 and IBM DataPower Gateway 10.6.0 10.6.0.0 through 10.6.0.8 IBM DataPower Gateway is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | ||||
| CVE-2025-66486 | 1 Ibm | 1 Aspera Shares | 2026-04-03 | 4.8 Medium |
| IBM Aspera Shares 1.9.9 through 1.11.0 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | ||||
| CVE-2026-4347 | 2 Inc2734, Wordpress | 2 Mw Wp Form, Wordpress | 2026-04-03 | 8.1 High |
| The MW WP Form plugin for WordPress is vulnerable to arbitrary file moving due to insufficient file path validation via the 'generate_user_filepath' function and the 'move_temp_file_to_upload_dir' function in all versions up to, and including, 5.1.0. This makes it possible for unauthenticated attackers to move arbitrary files on the server, which can easily lead to remote code execution when the right file is moved (such as wp-config.php). The vulnerability is only exploitable if a file upload field is added to the form and the “Saving inquiry data in database” option is enabled. | ||||
| CVE-2026-32213 | 1 Microsoft | 1 Azure Ai Foundry | 2026-04-03 | 10 Critical |
| Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-33107 | 1 Microsoft | 1 Azure Databricks | 2026-04-03 | 10 Critical |
| Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network. | ||||
| CVE-2026-32173 | 1 Microsoft | 2 Azure Sre Agent Gateway, Azure Sre Agent Gateway Signalr Hub | 2026-04-03 | 8.6 High |
| Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-32211 | 1 Microsoft | 1 Azure Web Apps | 2026-04-03 | 9.1 Critical |
| Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network. | ||||
| CVE-2026-35466 | 1 Cert/cc | 1 Cveclient/cveinterface.js | 2026-04-03 | N/A |
| XSS vulnerability in cveInterface.js allows for inject HTML to be passed to display, as cveInterface trusts input from CVE API services | ||||
| CVE-2026-35467 | 1 Cert/cc | 1 Cveclient/encrypt-storage.js | 2026-04-03 | N/A |
| The stored API keys in temporary browser client is not marked as protected allowing for JavScript console or other errors to allow for extraction of the encryption credentials. | ||||
| CVE-2026-4819 | 2 Floragunn, Search-guard | 2 Search Guard Flx, Flx | 2026-04-03 | 4.9 Medium |
| In Search Guard FLX versions from 1.0.0 up to 4.0.1, the audit logging feature might log user credentials from users logging into Kibana. | ||||
| CVE-2024-14034 | 1 Belden | 1 Hirschmann Hieos | 2026-04-03 | 9.8 Critical |
| Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauthenticated remote attackers to gain administrative access by sending specially crafted HTTP(S) requests. Attackers can exploit improper authentication handling to obtain elevated privileges and perform unauthorized actions including configuration download or upload and firmware modification. | ||||
| CVE-2026-28815 | 1 Apple | 1 Macos | 2026-04-03 | N/A |
| A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing a crash or memory disclosure depending on runtime protections. This issue is fixed in swift-crypto version 4.3.1. | ||||
| CVE-2026-34359 | 1 Hapifhir | 1 Hl7 Fhir Core | 2026-04-03 | 7.4 High |
| HAPI FHIR is a complete implementation of the HL7 FHIR standard for healthcare interoperability in Java. Prior to version 6.9.4, ManagedWebAccessUtils.getServer() uses String.startsWith() to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs (e.g., http://tx.fhir.org) lack a trailing slash or host boundary check, an attacker-controlled domain like http://tx.fhir.org.attacker.com matches the prefix and receives Bearer tokens, Basic auth credentials, or API keys when the HTTP client follows a redirect to that domain. This issue has been patched in version 6.9.4. | ||||
| CVE-2026-23209 | 1 Linux | 1 Linux Kernel | 2026-04-03 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip link set up dev p2 ip link add mv0 link p2 type macvlan mode source ip link add invalid% link p2 type macvlan mode source macaddr add 00:00:00:00:00:20 ping -c1 -I p1 1.2.3.4 He also gave a very detailed analysis: <quote valis> The issue is triggered when a new macvlan link is created with MACVLAN_MODE_SOURCE mode and MACVLAN_MACADDR_ADD (or MACVLAN_MACADDR_SET) parameter, lower device already has a macvlan port and register_netdevice() called from macvlan_common_newlink() fails (e.g. because of the invalid link name). In this case macvlan_hash_add_source is called from macvlan_change_sources() / macvlan_common_newlink(): This adds a reference to vlan to the port's vlan_source_hash using macvlan_source_entry. vlan is a pointer to the priv data of the link that is being created. When register_netdevice() fails, the error is returned from macvlan_newlink() to rtnl_newlink_create(): if (ops->newlink) err = ops->newlink(dev, ¶ms, extack); else err = register_netdevice(dev); if (err < 0) { free_netdev(dev); goto out; } and free_netdev() is called, causing a kvfree() on the struct net_device that is still referenced in the source entry attached to the lower device's macvlan port. Now all packets sent on the macvlan port with a matching source mac address will trigger a use-after-free in macvlan_forward_source(). </quote valis> With all that, my fix is to make sure we call macvlan_flush_sources() regardless of @create value whenever "goto destroy_macvlan_port;" path is taken. Many thanks to valis for following up on this issue. | ||||