Export limit exceeded: 11270 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11270 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43450 | 1 Xwp | 1 Stream | 2026-04-28 | 4.3 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | ||||
| CVE-2026-27601 | 2 Jashkenas, Underscorejs | 2 Underscore, Underscore | 2026-04-28 | 5.9 Medium |
| Underscore.js is a utility-belt library for JavaScript. Prior to 1.13.8, the _.flatten and _.isEqual functions use recursion without a depth limit. Under very specific conditions, detailed below, an attacker could exploit this in a Denial of Service (DoS) attack by triggering a stack overflow. Untrusted input must be used to create a recursive datastructure, for example using JSON.parse, with no enforced depth limit. The datastructure thus created must be passed to _.flatten or _.isEqual. In the case of _.flatten, the vulnerability can only be exploited if it is possible for a remote client to prepare a datastructure that consists of arrays at all levels AND if no finite depth limit is passed as the second argument to _.flatten. In the case of _.isEqual, the vulnerability can only be exploited if there exists a code path in which two distinct datastructures that were submitted by the same remote client are compared using _.isEqual. For example, if a client submits data that are stored in a database, and the same client can later submit another datastructure that is then compared to the data that were saved in the database previously, OR if a client submits a single request, but its data are parsed twice, creating two non-identical but equivalent datastructures that are then compared. Exceptions originating from the call to _.flatten or _.isEqual, as a result of a stack overflow, are not being caught. This vulnerability is fixed in 1.13.8. | ||||
| CVE-2026-41369 | 1 Openclaw | 1 Openclaw | 2026-04-28 | 6.5 Medium |
| OpenClaw before 2026.3.31 contains insufficient environment variable sanitization in host exec operations, failing to filter package, registry, Docker, compiler, and TLS override variables. Attackers can exploit this by injecting malicious environment variables to override critical system configurations and compromise host execution integrity. | ||||
| CVE-2026-41372 | 1 Openclaw | 1 Openclaw | 2026-04-28 | 5.8 Medium |
| OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost endpoints and expose browser state. | ||||
| CVE-2026-31498 | 1 Linux | 1 Linux Kernel | 2026-04-28 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop l2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED state to support L2CAP reconfiguration (e.g. MTU changes). However, since both CONF_INPUT_DONE and CONF_OUTPUT_DONE are already set from the initial configuration, the reconfiguration path falls through to l2cap_ertm_init(), which re-initializes tx_q, srej_q, srej_list, and retrans_list without freeing the previous allocations and sets chan->sdu to NULL without freeing the existing skb. This leaks all previously allocated ERTM resources. Additionally, l2cap_parse_conf_req() does not validate the minimum value of remote_mps derived from the RFC max_pdu_size option. A zero value propagates to l2cap_segment_sdu() where pdu_len becomes zero, causing the while loop to never terminate since len is never decremented, exhausting all available memory. Fix the double-init by skipping l2cap_ertm_init() and l2cap_chan_ready() when the channel is already in BT_CONNECTED state, while still allowing the reconfiguration parameters to be updated through l2cap_parse_conf_req(). Also add a pdu_len zero check in l2cap_segment_sdu() as a safeguard. | ||||
| CVE-2026-28747 | 1 Milesight | 82 Ms-c2964-rflpc, Ms-c2966-rflwpc, Ms-c2966-x12rlpc and 79 more | 2026-04-28 | 7.1 High |
| A weak key generation vulnerability exists in specific firmware versions of Milesight AIOT cameras allows authorization to be bypassed. | ||||
| CVE-2026-42039 | 1 Axios | 1 Axios | 2026-04-28 | 7.5 High |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, toFormData recursively walks nested objects with no depth limit, so a deeply nested value passed as request data crashes the Node.js process with a RangeError. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-42255 | 1 Technitium | 1 Dnsserver | 2026-04-28 | 7.2 High |
| Technitium DNS Server before 15.0 allows DNS traffic amplification via cyclic name server delegation. | ||||
| CVE-2026-41362 | 1 Openclaw | 1 Openclaw | 2026-04-28 | 4.3 Medium |
| OpenClaw versions 2026.2.19 before 2026.3.31 contain an improper cache isolation vulnerability in the Zalo webhook replay-dedupe mechanism that is shared across authenticated webhook targets. Attackers controlling one authenticated Zalo webhook path in multi-account deployments can suppress legitimate events on different accounts by matching event_name and message_id parameters. | ||||
| CVE-2025-24180 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 8.1 High |
| The issue was addressed with improved input validation. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, visionOS 2.4, watchOS 11.4. A malicious website may be able to claim WebAuthn credentials from another website that shares a registrable suffix. | ||||
| CVE-2025-31224 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2025-43296 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| A logic issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26. An app may bypass Gatekeeper checks. | ||||
| CVE-2025-43413 | 1 Apple | 11 Ios, Ipad Os, Ipados and 8 more | 2026-04-28 | 7.5 High |
| An access issue was addressed with additional sandbox restrictions. This issue is fixed in iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. A sandboxed app may be able to observe system-wide network connections. | ||||
| CVE-2025-46290 | 1 Apple | 1 Macos | 2026-04-28 | 7.5 High |
| A logic issue was addressed with improved checks. This issue is fixed in iOS 18.7.3 and iPadOS 18.7.3, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, visionOS 26.2, watchOS 26.2. A remote attacker may be able to cause a denial-of-service. | ||||
| CVE-2025-36579 | 1 Dell | 50 14 Dc14250, 14 Premium Da14250, 15 Dc15250 and 47 more | 2026-04-28 | 5.1 Medium |
| Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2025-54502 | 1 Amd | 52 Athlon 3000 Series Mobile Processors With Radeon Graphics, Epyc 4004 Series Processors, Epyc 7002 Series Processors and 49 more | 2026-04-28 | 7.5 High |
| Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2026-29649 | 2 Openxiangshan, Xiangshan | 2 Nemu, Nemu | 2026-04-28 | 9.8 Critical |
| NEMU contains an implementation flaw in its RISC-V Hypervisor CSR handling where henvcfg[7:4] (CBIE/CBCFE/CBZE-related fields) is incorrectly masked/updated based on menvcfg[7:4], so a machine-mode write to menvcfg can implicitly modify the hypervisor's environment configuration. This can lead to incorrect enforcement of virtualization configuration and may cause unexpected traps or denial of service when executing cache-block management instructions in virtualized contexts (V=1). | ||||
| CVE-2026-6375 | 1 Spicejet | 1 Online Booking System | 2026-04-28 | N/A |
| A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated passenger names. This flaw stems from missing authorization checks on an endpoint intended for authenticated profile access. | ||||
| CVE-2026-41316 | 1 Ruby | 1 Erb | 2026-04-28 | 8.1 High |
| ERB is a templating system for Ruby. Ruby 2.7.0 (before ERB 2.2.0 was published on rubygems.org) introduced an `@_init` instance variable guard in `ERB#result` and `ERB#run` to prevent code execution when an ERB object is reconstructed via `Marshal.load` (deserialization). However, three other public methods that also evaluate `@src` via `eval()` were not given the same guard: `ERB#def_method`, `ERB#def_module`, and `ERB#def_class`. An attacker who can trigger `Marshal.load` on untrusted data in a Ruby application that has `erb` loaded can use `ERB#def_module` (zero-arg, default parameters) as a code execution sink, bypassing the `@_init` protection entirely. ERB 4.0.3.1, 4.0.4.1, 6.0.1.1, and 6.0.4 patch the issue. | ||||
| CVE-2026-2028 | 2 Ckp267, Wordpress | 2 Maxiblocks Builder, Wordpress | 2026-04-28 | 5.3 Medium |
| The MaxiBlocks Builder plugin for WordPress is vulnerable to arbitrary media file deletion due to insufficient file ownership validation on the 'maxi_remove_custom_image_size' AJAX action in all versions up to, and including, 2.1.8. This makes it possible for authenticated attackers, with Author-level access and above, to delete arbitrary files in the wp-content/uploads directory, including files uploaded by other users and administrators. | ||||