Export limit exceeded: 342081 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342081 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-70887 | 1 Ralphje | 1 Signify | 2026-04-02 | 8.8 High |
| An issue in ralphje Signify before v.0.9.2 allows a remote attacker to escalate privileges via the signed_data.py and the context.py components | ||||
| CVE-2026-4761 | 1 Codra | 5 Panorama Collaborative Operation \& Execution, Panorama Com, Panorama E2 and 2 more | 2026-04-02 | 7.5 High |
| When a certificate and its private key are installed in the Windows machine certificate store using Network and Security tool, access rights to the private key are unnecessarily granted to the operator group. * Installations based on Panorama Suite 2025 (25.00.004) are vulnerable unless update PS-2500-00-0357 (or higher) is installed * Installations based on Panorama Suite 2025 Updated Dec. 25 (25.10.007) are not vulnerable Please refer to security bulletin BS-036, available on the Panorama CSIRT website: https://my.codra.net/en-gb/csirt. | ||||
| CVE-2026-2349 | 2 Beyris, Drupal | 2 Ui Icons, Ui Icons | 2026-04-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal UI Icons allows Cross-Site Scripting (XSS).This issue affects UI Icons: from 0.0.0 before 1.0.1, from 1.1.0 before 1.1.1. | ||||
| CVE-2026-3210 | 2 Drupal, Imagexmedia | 2 Material Icons, Material Icons | 2026-04-02 | 5.3 Medium |
| Incorrect Authorization vulnerability in Drupal Material Icons allows Forceful Browsing.This issue affects Material Icons: from 0.0.0 before 2.0.4. | ||||
| CVE-2026-3211 | 2 Drupal, Webikon | 2 Theme Negotiation By Rules, Theme Negotiation By Rules | 2026-04-02 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Drupal Theme Negotiation by Rules allows Cross Site Request Forgery.This issue affects Theme Negotiation by Rules: from 0.0.0 before 1.2.1. | ||||
| CVE-2026-3213 | 2 Cleantalk, Drupal | 2 Anti-spam, Anti-spam By Cleantalk | 2026-04-02 | 4.7 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Anti-Spam by CleanTalk allows Cross-Site Scripting (XSS).This issue affects Anti-Spam by CleanTalk: from 0.0.0 before 9.7.0. | ||||
| CVE-2026-3215 | 2 Drupal, Islandora | 2 Islandora, Islandora | 2026-04-02 | 5.4 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Islandora allows Cross-Site Scripting (XSS).This issue affects Islandora: from 0.0.0 before 2.17.5. | ||||
| CVE-2026-3216 | 2 Drupal, Drupal Canvas Project | 2 Drupal Canvas, Drupal Canvas | 2026-04-02 | 5 Medium |
| Server-Side Request Forgery (SSRF) vulnerability in Drupal Drupal Canvas allows Server Side Request Forgery.This issue affects Drupal Canvas: from 0.0.0 before 1.1.1. | ||||
| CVE-2026-3217 | 2 Drupal, Miniorange | 2 Saml Sso - Service Provider, Saml Sso - Service Provider | 2026-04-02 | 6.1 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal SAML SSO - Service Provider allows Cross-Site Scripting (XSS).This issue affects SAML SSO - Service Provider: from 0.0.0 before 3.1.3. | ||||
| CVE-2026-3218 | 2 Drupal, Pixelite | 2 Responsive Favicons, Responsive Favicons | 2026-04-02 | 4.8 Medium |
| Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") vulnerability in Drupal Responsive Favicons allows Cross-Site Scripting (XSS).This issue affects Responsive Favicons: from 0.0.0 before 2.0.2. | ||||
| CVE-2026-2414 | 1 Hypr | 2 Hypr, Server | 2026-04-02 | 9.8 Critical |
| Authorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.5.2 before 10.7.2. | ||||
| CVE-2026-1001 | 1 Domoticz | 1 Domoticz | 2026-04-02 | 4.8 Medium |
| Domoticz versions prior to 2026.1 contain a stored cross-site scripting vulnerability in the Add Hardware and rename device functionality of the web interface that allows authenticated administrators to execute arbitrary scripts by supplying crafted names containing script or HTML markup. Attackers can inject malicious code that is stored and rendered without proper output encoding, causing script execution in the browsers of users viewing the affected page and enabling unauthorized actions within their session context. | ||||
| CVE-2026-2484 | 1 Ibm | 1 Infosphere Information Server | 2026-04-02 | 4.3 Medium |
| IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 is affected by an information exposure vulnerability caused by overly verbose error messages | ||||
| CVE-2025-14684 | 1 Ibm | 3 Maximo Application Suite, Maximo Application Suite - Monitor Component, Maximo Application Suite Monitor Component | 2026-04-02 | 4 Medium |
| IBM Maximo Application Suite - Monitor Component 9.1, 9.0, 8.11, and 8.10 could allow an unauthorized user to inject data into log messages due to improper neutralization of special elements when written to log files. | ||||
| CVE-2025-36187 | 2 Ibm, Redhat | 3 Knowledge Catalog, Knowledge Catalog Standard Cartridge, Openshift | 2026-04-02 | 4.4 Medium |
| IBM Knowledge Catalog Standard Cartridge 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.1, 5.1.1, 5,1.2, 5.1.3, 5.2.0, 5.2.1 stores potentially sensitive information in log files that could be read by a local privileged user. | ||||
| CVE-2026-30162 | 1 Auntvt | 1 Timo | 2026-04-02 | 6.1 Medium |
| Cross Site Scripting (xss) vulnerability in Timo 2.0.3 via crafted links in the title field. | ||||
| CVE-2026-29933 | 1 Yzmcms | 1 Yzmcms | 2026-04-02 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the /index/login.html component of YZMCMS v7.4 allows attackers to execute arbitrary Javascript in the context of the user's browser via modifying the referrer value in the request header. | ||||
| CVE-2026-4874 | 1 Redhat | 7 Build Keycloak, Build Of Keycloak, Jboss Enterprise Application Platform and 4 more | 2026-04-02 | 3.1 Low |
| A flaw was found in Keycloak. An authenticated attacker can perform Server-Side Request Forgery (SSRF) by manipulating the `client_session_host` parameter during refresh token requests. This occurs when a Keycloak client is configured to use the `backchannel.logout.url` with the `application.session.host` placeholder. Successful exploitation allows the attacker to make HTTP requests from the Keycloak server’s network context, potentially probing internal networks or internal APIs, leading to information disclosure. | ||||
| CVE-2026-32846 | 1 Openclaw | 1 Openclaw | 2026-04-02 | 7.5 High |
| OpenClaw through 2026.3.23 (fixed in commit 4797bbc) contains a path traversal vulnerability in media parsing that allows attackers to read arbitrary files by bypassing path validation in the isLikelyLocalPath() and isValidMedia() functions. Attackers can exploit incomplete validation and the allowBareFilename bypass to reference files outside the intended application sandbox, resulting in disclosure of sensitive information including system files, environment files, and SSH keys. | ||||
| CVE-2026-33438 | 2 Stirling, Stirlingpdf | 2 Stirling Pdf, Stirling Pdf | 2026-04-02 | 6.5 Medium |
| Stirling-PDF is a locally hosted web application that allows you to perform various operations on PDF files. Versions starting in 2.1.5 and prior to 2.5.2 have Denial of Service (DoS) vulnerability in the Stirling-PDF watermark functionality (`/api/v1/security/add-watermark` endpoint). The vulnerability allows authenticated users to cause resource exhaustion and server crashes by providing extreme values for the `fontSize` and `widthSpacer` parameters. Version 2.5.2 patches the issue. | ||||