Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363530 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-4359 | 1 Mongodb | 1 C Driver | 2026-04-02 | 2 Low |
| A compromised third party cloud server or man-in-the-middle attacker could send a malformed HTTP response and cause a crash in applications using the MongoDB C driver. | ||||
| CVE-2026-21994 | 1 Oracle | 2 Edge Cloud Infrastructure Designer And Visualisation Toolkit, Okit | 2026-04-02 | 9.8 Critical |
| Vulnerability in the Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit product of Oracle Open Source Projects (component: Desktop). The supported version that is affected is 0.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. Successful attacks of this vulnerability can result in takeover of Oracle Edge Cloud Infrastructure Designer and Visualisation Toolkit. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-30402 | 2 Tianshiyeben, Wgstart | 2 Wgcloud, Wgcloud | 2026-04-02 | 9.8 Critical |
| An issue in wgcloud v.2.3.7 and before allows a remote attacker to execute arbitrary code via the test connection function | ||||
| CVE-2026-30403 | 2 Tianshiyeben, Wgstart | 2 Wgcloud, Wgcloud | 2026-04-02 | 7.5 High |
| There is an arbitrary file read vulnerability in the test connection function of backend database management in wgcloud v3.6.3 and before, which can be used to read any file on the victim's server. | ||||
| CVE-2026-30404 | 2 Tianshiyeben, Wgstart | 2 Wgcloud, Wgcloud | 2026-04-02 | 7.5 High |
| The backend database management connection test feature in wgcloud v3.6.3 has a server-side request forgery (SSRF) vulnerability. This issue can be exploited to make the server send requests to probe the internal network, remotely download malicious files, and perform other dangerous operations. | ||||
| CVE-2025-46598 | 1 Bitcoin | 1 Bitcoin Core | 2026-04-02 | 5.3 Medium |
| Bitcoin Core through 29.0 allows a denial of service via a crafted transaction. | ||||
| CVE-2025-46597 | 1 Bitcoin | 1 Bitcoin Core | 2026-04-02 | 7.5 High |
| Bitcoin Core 0.13.0 through 29.x has an integer overflow. | ||||
| CVE-2026-4567 | 1 Tenda | 2 A15, A15 Firmware | 2026-04-02 | 9.8 Critical |
| A vulnerability has been found in Tenda A15 15.13.07.13. The impacted element is the function UploadCfg of the file /cgi-bin/UploadCfg. The manipulation of the argument File leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-33946 | 2 Lfprojects, Modelcontextprotocol | 2 Mcp Ruby Sdk, Ruby-sdk | 2026-04-02 | 5.9 Medium |
| MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack the victim's Server-Sent Events (SSE) stream and intercept all real-time data. Version 0.9.2 contains a patch. | ||||
| CVE-2026-33981 | 2 Dgtlmoon, Webtechnologies | 2 Changedetection.io, Changedetection | 2026-04-02 | 6.5 Medium |
| changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use of the jq `env` builtin, which reads all process environment variables and stores them as the watch snapshot. An authenticated user (or unauthenticated user when no password is set, the default) can leak sensitive environment variables including `SALTED_PASS`, `PLAYWRIGHT_DRIVER_URL`, `HTTP_PROXY`, and any secrets passed as env vars to the container. Version 0.54.7 patches the issue. | ||||
| CVE-2026-31831 | 1 Tautulli | 1 Tautulli | 2026-04-02 | 7.5 High |
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. Prior to version 2.17.0, the /newsletter/image/images API endpoint is vulnerable to path traversal, allowing unauthenticated attackers to read arbitrary files from the application server's filesystem. This issue has been patched in version 2.17.0. | ||||
| CVE-2026-32275 | 1 Tautulli | 1 Tautulli | 2026-04-02 | 9.1 Critical |
| Tautulli is a Python based monitoring and tracking tool for Plex Media Server. From version 1.3.10 to before version 2.17.0, an unsanitized JSONP callback parameter allows cross-origin script injection and API key theft. This issue has been patched in version 2.17.0. | ||||
| CVE-2026-25627 | 2 Emqx, Nanomq | 2 Nanomq, Nanomq | 2026-04-02 | 6.5 Medium |
| NanoMQ MQTT Broker (NanoMQ) is an all-around Edge Messaging Platform. Prior to version 0.24.8, NanoMQ’s MQTT-over-WebSocket transport can be crashed by sending an MQTT packet with a deliberately large Remaining Length in the fixed header while providing a much shorter actual payload. The code path copies Remaining Length bytes without verifying that the current receive buffer contains that many bytes, resulting in an out-of-bounds read (ASAN reports OOB / crash). This is remotely triggerable over the WebSocket listener. This issue has been patched in version 0.24.8. | ||||
| CVE-2026-5152 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was detected in Tenda CH22 1.0.0.1. Impacted is the function formCreateFileName of the file /goform/createFileName. Performing a manipulation of the argument fileNameMit results in stack-based buffer overflow. The attack may be initiated remotely. The exploit is now public and may be used. | ||||
| CVE-2026-5153 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 6.3 Medium |
| A flaw has been found in Tenda CH22 1.0.0.1. The affected element is the function FormWriteFacMac of the file /goform/WriteFacMac. Executing a manipulation of the argument mac can lead to command injection. The attack may be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-5155 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was found in Tenda CH22 1.0.0.1. This affects the function fromAdvSetWan of the file /goform/AdvSetWan of the component Parameter Handler. The manipulation of the argument wanmode results in stack-based buffer overflow. The attack can be executed remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-5156 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. This impacts the function formQuickIndex of the file /goform/QuickIndex of the component Parameter Handler. This manipulation of the argument mit_linktype causes stack-based buffer overflow. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-33276 | 1 Checkmk | 1 Checkmk | 2026-04-02 | 5.4 Medium |
| Stored cross-site scripting (XSS) in Checkmk 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create hosts or services to execute arbitrary JavaScript in the browsers of other users performing searches in the Unified Search feature. | ||||
| CVE-2026-20915 | 1 Checkmk | 1 Checkmk | 2026-04-02 | 5.4 Medium |
| Stored cross-site scripting (XSS) in Checkmk version 2.5.0 (beta) before 2.5.0b2 allows authenticated users with permission to create pending changes to inject malicious JavaScript into the Pending Changes sidebar, which will execute in the browsers of other users viewing the sidebar. | ||||
| CVE-2026-5204 | 1 Tenda | 2 Ch22, Ch22 Firmware | 2026-04-02 | 8.8 High |
| A vulnerability was determined in Tenda CH22 1.0.0.1. Affected is the function formWebTypeLibrary of the file /goform/webtypelibrary of the component Parameter Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||