Export limit exceeded: 352371 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (4182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1458 | 1 Gitlab | 1 Gitlab | 2026-04-17 | 6.5 Medium |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. | ||||
| CVE-2026-0958 | 1 Gitlab | 1 Gitlab | 2026-04-17 | 7.5 High |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. | ||||
| CVE-2026-2550 | 1 Iptime | 1 A6004mx | 2026-04-17 | 9.8 Critical |
| A vulnerability was found in EFM iptime A6004MX 14.18.2. Affected is the function commit_vpncli_file_upload of the file /cgi/timepro.cgi. The manipulation results in unrestricted upload. The attack may be performed from remote. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2666 | 1 Mingsoft | 1 Mcms | 2026-04-17 | 4.7 Medium |
| A flaw has been found in mingSoft MCMS 6.1.1. The affected element is an unknown function of the file /ms/file/uploadTemplate.do of the component Template Archive Handler. Executing a manipulation of the argument File can lead to unrestricted upload. The attack can be launched remotely. The exploit has been published and may be used. | ||||
| CVE-2026-2684 | 2 Tsinghua Unigroup, Unigroup | 2 Electronic Archives System, Electronic Archives System | 2026-04-17 | 7.3 High |
| A vulnerability was determined in Tsinghua Unigroup Electronic Archives System up to 3.2.210802(62532). The impacted element is an unknown function of the file /Archive/ErecordManage/uploadFile.html. Executing a manipulation of the argument File can lead to unrestricted upload. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2976 | 1 Fastapiadmin | 1 Fastapiadmin | 2026-04-17 | 4.3 Medium |
| A weakness has been identified in FastApiAdmin up to 2.2.0. Affected by this issue is the function download_controller of the file /backend/app/api/v1/module_common/file/controller.py of the component Download Endpoint. This manipulation of the argument file_path causes information disclosure. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. | ||||
| CVE-2026-3025 | 1 Shuoren | 1 Smart Heating Integrated Management Platform | 2026-04-17 | 7.3 High |
| A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-33807 | 1 Fastify | 1 Fastify-express | 2026-04-17 | 9.1 Critical |
| @fastify/express v4.0.4 and earlier contains a path handling bug in the onRegister function that causes middleware paths to be doubled when inherited by child plugins. When a child plugin is registered with a prefix that matches a middleware path, the middleware path is prefixed a second time, causing it to never match incoming requests. This results in complete bypass of Express middleware security controls, including authentication, authorization, and rate limiting, for all routes defined within affected child plugin scopes. No special configuration or request crafting is required. Upgrade to @fastify/express v4.0.5 or later. | ||||
| CVE-2026-33808 | 1 Fastify | 1 Fastify-express | 2026-04-17 | N/A |
| Impact@fastify/express v4.0.4 and earlier fails to normalize URLs before passing them to Express middleware when Fastify router normalization options are enabled. This allows complete bypass of path-scoped authentication middleware via duplicate slashes when ignoreDuplicateSlashes is enabled, or via semicolon delimiters when useSemicolonDelimiter is enabled. In both cases, Fastify router normalizes the URL and matches the route, but @fastify/express passes the original un-normalized URL to Express middleware, which fails to match and is skipped. An unauthenticated attacker can access protected routes by manipulating the URL path. PatchesUpgrade to @fastify/express v4.0.5 or later. | ||||
| CVE-2026-38526 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 9.9 Critical |
| An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2026-40040 | 1 Pachno | 1 Pachno | 2026-04-17 | 8.8 High |
| Pachno 1.0.6 contains an unrestricted file upload vulnerability that allows authenticated users to upload arbitrary file types by bypassing ineffective extension filtering to the /uploadfile endpoint. Attackers can upload executable files .php5 scripts to web-accessible directories and execute them to achieve remote code execution on the server. | ||||
| CVE-2026-26984 | 2 Aces, Mcgill | 2 Loris, Loris | 2026-04-17 | 8.8 High |
| LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. Prior to versions 26.0.5, 27.0.2, and 28.0.0, an authenticated user with sufficient privileges can exploit a path traversal vulnerability to upload a malicious file to an arbitrary location on the server. Once uploaded, the file can be used to achieve remote code execution (RCE). An attacker must be authenticated and have the appropriate permissions to exploit this issue. If the server is configured as read-only, remote code execution (RCE) is not possible; however, the malicious file upload may still be achievable. This problem is fixed in LORIS v26.0.5 and above, v27.0.2 and above, and v28.0.0 and above. As a workaround, LORIS administrators can disable the media module if it is not being used. | ||||
| CVE-2026-27896 | 2 Lfprojects, Modelcontextprotocol | 2 Mcp Go Sdk, Go-sdk | 2026-04-17 | 7.5 High |
| The Go MCP SDK used Go's standard encoding/json.Unmarshal for JSON-RPC and MCP protocol message parsing in versions prior to 1.3.1. Go's standard library performs case-insensitive matching of JSON keys to struct field tags — a field tagged json:"method" would also match "Method", "METHOD", etc. This violated the JSON-RPC 2.0 specification, which defines exact field names. A malicious MCP peer may have been able to send protocol messages with non-standard field casing that the SDK would silently accept. This had the potential for bypassing intermediary inspection and coss-implementation inconsistency. Go's standard JSON unmarshaling was replaced with a case-sensitive decoder in commit 7b8d81c. Users are advised to update to v1.3.1 to resolve this issue. | ||||
| CVE-2026-27444 | 1 Seppmail | 2 Seppmail, Seppmail Secure Email Gateway | 2026-04-17 | 7.5 High |
| SEPPmail Secure Email Gateway before version 15.0.1 incorrectly interprets email addresses in the email headers, causing an interpretation conflict with other mail infrastructure that allows an attacker to fake the source of the email or decrypt it. | ||||
| CVE-2026-21628 | 2 Astroidframe.work, Templaza | 2 Astroid Template Framework, Astroid Framework | 2026-04-17 | 9.8 Critical |
| A improperly secured file management feature allows uploads of dangerous data types for unauthenticated users, leading to remote code execution. | ||||
| CVE-2026-21536 | 1 Microsoft | 1 Devices Pricing Program | 2026-04-17 | 9.8 Critical |
| Microsoft Devices Pricing Program Remote Code Execution Vulnerability | ||||
| CVE-2026-27605 | 2 Chartbrew, Depomo | 2 Chartbrew, Chartbrew | 2026-04-17 | 6.3 Medium |
| Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.4, the application allows uploading files (project logos) without validating the file type or content. It trusts the extension provided by the user. These files are saved to the uploads/ directory and served statically. An attacker can upload an HTML file containing malicious JavaScript. Since authentication tokens are likely stored in localStorage (as they are returned in the API body), this XSS can lead to account takeover. This issue has been patched in version 4.8.4. | ||||
| CVE-2026-28800 | 1 Natroteam | 2 Natro Macro, Natromacro | 2026-04-17 | 6.4 Medium |
| Natro Macro is an open-source Bee Swarm Simulator macro written in AutoHotkey. Prior to version 1.1.0, anyone with Discord Remote Control set up in a non-private channel gives access to any user with the permission to send message in said channel access to do anything on their computer. This includes keyboard and mouse inputs and full file access. This issue has been patched in version 1.1.0. | ||||
| CVE-2026-3800 | 3 Janobe, Oretnom23, Sourcecodester | 3 Resort Reservation System, Resort Reservation System, Resort Reservation System | 2026-04-17 | 6.3 Medium |
| A vulnerability has been found in SourceCodester/janobe Resort Reservation System 1.0. Affected is the function doInsert of the file /controller.php?action=add. Such manipulation of the argument image leads to unrestricted upload. The attack can be executed remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-33704 | 1 Chamilo | 1 Chamilo Lms | 2026-04-16 | 7.1 High |
| Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are filtered to .phps, the .pht extension passes through unmodified. On Apache configurations where .pht is handled as PHP, this leads to Remote Code Execution. This vulnerability is fixed in 1.11.38. | ||||