Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35281 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-44263 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 4 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to access user-sensitive data. | ||||
| CVE-2024-54536 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved validation of environment variables. This issue is fixed in macOS Sequoia 15.2. An app may be able to edit NVRAM variables. | ||||
| CVE-2024-40826 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2026-04-02 | 6.1 Medium |
| A privacy issue was addressed with improved handling of files. This issue is fixed in iOS 18 and iPadOS 18, macOS Sequoia 15. An unencrypted document may be written to a temporary file when using print preview. | ||||
| CVE-2024-44189 | 1 Apple | 1 Macos | 2026-04-02 | 7.5 High |
| The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. A logic issue existed where a process may be able to capture screen contents without user consent. | ||||
| CVE-2024-23237 | 1 Apple | 1 Macos | 2026-04-02 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15. An app may be able to cause a denial-of-service. | ||||
| CVE-2024-44127 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 5.3 Medium |
| This issue was addressed through improved state management. This issue is fixed in iOS 17.7 and iPadOS 17.7, iOS 18 and iPadOS 18. Private Browsing tabs may be accessed without authentication. | ||||
| CVE-2024-40867 | 1 Apple | 3 Ios, Ipados, Iphone Os | 2026-04-02 | 8.8 High |
| A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in iOS 18.1 and iPadOS 18.1. A remote attacker may be able to break out of Web Content sandbox. | ||||
| CVE-2024-40830 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-02 | 3.3 Low |
| This issue was addressed with improved data protection. This issue is fixed in iOS 18 and iPadOS 18. An app may be able to enumerate a user's installed apps. | ||||
| CVE-2024-54465 | 1 Apple | 1 Macos | 2026-04-02 | 9.8 Critical |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. | ||||
| CVE-2021-42744 | 1 Philips | 4 Mri 1.5t, Mri 1.5t Firmware, Mri 3t and 1 more | 2026-04-02 | 5.5 Medium |
| Philips MRI 1.5T and MRI 3T Version 5.3 through 5.8.1 does not restrict or incorrectly restricts access to a resource from an unauthorized actor. | ||||
| CVE-2025-22117 | 1 Linux | 1 Linux Kernel | 2026-04-02 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ice: fix using untrusted value of pkt_len in ice_vc_fdir_parse_raw() Fix using the untrusted value of proto->raw.pkt_len in function ice_vc_fdir_parse_raw() by verifying if it does not exceed the VIRTCHNL_MAX_SIZE_RAW_PACKET value. | ||||
| CVE-2026-20998 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 9.8 Critical |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. | ||||
| CVE-2026-21004 | 1 Samsung | 1 Smart Switch | 2026-04-02 | 6.5 Medium |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. | ||||
| CVE-2025-15606 | 2 Tp-link, Tp-link Systems Inc. | 3 Td-w8961n, Td-w8961nd Firmware, Td-w8961n V4.0 | 2026-04-02 | 7.5 High |
| A Denial-of-Service (DoS) vulnerability in the httpd component of TP-Link's TD-W8961N v4.0 due to improper input sanitization, allows crafted requests to trigger a processing error that causes the httpd service to crash. Successful exploitation may allow the attacker to cause service interruption, resulting in a DoS condition. | ||||
| CVE-2026-33898 | 2 Linuxcontainers, Lxc | 2 Incus, Incus | 2026-04-02 | 8.8 High |
| Incus is a system container and virtual machine manager. Prior to version 6.23.0, the web server spawned by `incus webui` incorrectly validates the authentication token such that an invalid value will be accepted. `incus webui` runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token. When accessed with that token, Incus creates a cookie persisting that token without needing to include it in subsequent HTTP requests. While the Incus client correctly validates the value of the cookie, it does not correctly validate the token when passed int the URL. This allows for an attacker able to locate and talk to the temporary web server on localhost to have as much access to Incus as the user who ran `incus webui`. This can lead to privilege escalation by another local user or an access to the user's Incus instances and possibly system resources by a remote attack able to trick the local user into interacting with the Incus UI web server. Version 6.23.0 patches the issue. | ||||
| CVE-2026-33745 | 1 Yhirose | 1 Cpp-httplib | 2026-04-02 | 7.4 High |
| cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.39.0, the cpp-httplib HTTP client forwards stored Basic Auth, Bearer Token, and Digest Auth credentials to arbitrary hosts when following cross-origin HTTP redirects (301/302/307/308). A malicious or compromised server can redirect the client to an attacker-controlled host, which then receives the plaintext credentials in the `Authorization` header. Version 0.39.0 fixes the issue. | ||||
| CVE-2026-0558 | 2 Lollms, Parisneo | 2 Lollms, Parisneo/lollms | 2026-04-02 | 9.8 Critical |
| A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the `/api/files/extract-text` endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the `Depends(get_current_active_user)` dependency. This issue can lead to denial of service (DoS) through resource exhaustion, information disclosure, and violation of the application's documented security policies. | ||||
| CVE-2024-44940 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2026-04-01 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: fou: remove warn in gue_gro_receive on unsupported protocol Drop the WARN_ON_ONCE inn gue_gro_receive if the encapsulated type is not known or does not have a GRO handler. Such a packet is easily constructed. Syzbot generates them and sets off this warning. Remove the warning as it is expected and not actionable. The warning was previously reduced from WARN_ON to WARN_ON_ONCE in commit 270136613bf7 ("fou: Do WARN_ON_ONCE in gue_gro_receive for bad proto callbacks"). | ||||
| CVE-2024-24882 | 2 Masteriyo, Themegrill | 2 Masteriyo, Masteriyo | 2026-04-01 | 9.8 Critical |
| Incorrect Privilege Assignment vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.7.2. | ||||
| CVE-2025-23367 | 1 Redhat | 8 Build Keycloak, Jboss Data Grid, Jboss Enterprise Application Platform and 5 more | 2026-04-01 | 6.5 Medium |
| A flaw was found in the Wildfly Server Role Based Access Control (RBAC) provider. When authorization to control management operations is secured using the Role Based Access Control provider, a user without the required privileges can suspend or resume the server. A user with a Monitor or Auditor role is supposed to have only read access permissions and should not be able to suspend the server. The vulnerability is caused by the Suspend and Resume handlers not performing authorization checks to validate whether the current user has the required permissions to proceed with the action. | ||||