Export limit exceeded: 29894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-1680 | 2 Danoffice It, Danofficeit | 2 Local Admin Service, Local Admin Service | 2026-04-18 | 7.8 High |
| Improper access control in the WCF endpoint in Edgemo (now owned by Danoffice IT) Local Admin Service 1.2.7.23180 on Windows allows a local user to escalate their privileges to local administrator via direct communication with the LocalAdminService.exe named pipe, bypassing client-side group membership restrictions. | ||||
| CVE-2026-23016 | 1 Linux | 1 Linux Kernel | 2026-04-18 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: inet: frags: drop fraglist conntrack references Jakub added a warning in nf_conntrack_cleanup_net_list() to make debugging leaked skbs/conntrack references more obvious. syzbot reports this as triggering, and I can also reproduce this via ip_defrag.sh selftest: conntrack cleanup blocked for 60s WARNING: net/netfilter/nf_conntrack_core.c:2512 [..] conntrack clenups gets stuck because there are skbs with still hold nf_conn references via their frag_list. net.core.skb_defer_max=0 makes the hang disappear. Eric Dumazet points out that skb_release_head_state() doesn't follow the fraglist. ip_defrag.sh can only reproduce this problem since commit 6471658dc66c ("udp: use skb_attempt_defer_free()"), but AFAICS this problem could happen with TCP as well if pmtu discovery is off. The relevant problem path for udp is: 1. netns emits fragmented packets 2. nf_defrag_v6_hook reassembles them (in output hook) 3. reassembled skb is tracked (skb owns nf_conn reference) 4. ip6_output refragments 5. refragmented packets also own nf_conn reference (ip6_fragment calls ip6_copy_metadata()) 6. on input path, nf_defrag_v6_hook skips defragmentation: the fragments already have skb->nf_conn attached 7. skbs are reassembled via ipv6_frag_rcv() 8. skb_consume_udp -> skb_attempt_defer_free() -> skb ends up in pcpu freelist, but still has nf_conn reference. Possible solutions: 1 let defrag engine drop nf_conn entry, OR 2 export kick_defer_list_purge() and call it from the conntrack netns exit callback, OR 3 add skb_has_frag_list() check to skb_attempt_defer_free() 2 & 3 also solve ip_defrag.sh hang but share same drawback: Such reassembled skbs, queued to socket, can prevent conntrack module removal until userspace has consumed the packet. While both tcp and udp stack do call nf_reset_ct() before placing skb on socket queue, that function doesn't iterate frag_list skbs. Therefore drop nf_conn entries when they are placed in defrag queue. Keep the nf_conn entry of the first (offset 0) skb so that reassembled skb retains nf_conn entry for sake of TX path. Note that fixes tag is incorrect; it points to the commit introducing the 'ip_defrag.sh reproducible problem': no need to backport this patch to every stable kernel. | ||||
| CVE-2026-23081 | 1 Linux | 1 Linux Kernel | 2026-04-17 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: phy: intel-xway: fix OF node refcount leakage Automated review spotted am OF node reference count leakage when checking if the 'leds' child node exists. Call of_put_node() to correctly maintain the refcount. | ||||
| CVE-2026-25052 | 1 N8n | 1 N8n | 2026-04-17 | 9.9 Critical |
| n8n is an open source workflow automation platform. Prior to versions 1.123.18 and 2.5.0, a vulnerability in the file access controls allows authenticated users with permission to create or modify workflows to read sensitive files from the n8n host system. This can be exploited to obtain critical configuration data and user credentials, leading to complete account takeover of any user on the instance. This issue has been patched in versions 1.123.18 and 2.5.0. | ||||
| CVE-2026-24916 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2026-04-17 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2026-2055 | 2 D-link, Dlink | 6 Dir-605l, Dir-619l, Dir-605l and 3 more | 2026-04-17 | 5.3 Medium |
| A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-24443 | 1 Netikus | 1 Eventsentry | 2026-04-17 | 8.8 High |
| EventSentry versions prior to 6.0.1.20 contain an unverified password change vulnerability in the account management functionality of the Web Reports interface. The password change mechanism does not require validation of the current password before allowing a new password to be set. An attacker who gains temporary access to an authenticated user session can change the account password without knowledge of the original credentials. This enables persistent account takeover and, if administrative accounts are affected, may result in privilege escalation. | ||||
| CVE-2006-1547 | 2 Apache, Redhat | 3 Commons Beanutils, Struts, Rhel Application Server | 2026-04-16 | 7.5 High |
| ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | ||||
| CVE-2026-29086 | 1 Hono | 1 Hono | 2026-04-16 | 5.4 Medium |
| Hono is a Web application framework that provides support for any JavaScript runtime. Prior to version 4.12.4, the setCookie() utility did not validate semicolons (;), carriage returns (\r), or newline characters (\n) in the domain and path options when constructing the Set-Cookie header. Because cookie attributes are delimited by semicolons, this could allow injection of additional cookie attributes if untrusted input was passed into these fields. This issue has been patched in version 4.12.4. | ||||
| CVE-2026-3796 | 2 Qi-anxin, Qianxin | 2 Qax Virus Removal, Qax Internet Control Gateway | 2026-04-16 | 5.3 Medium |
| A weakness has been identified in Qi-ANXIN QAX Virus Removal up to 2025-10-22. The affected element is the function ZwTerminateProcess in the library QKSecureIO_Imp.sys of the component Mini Filter Driver. Executing a manipulation can lead to improper access controls. The attack is restricted to local execution. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-1525 | 1 Gitlab | 1 Gitlab | 2026-04-16 | 5.3 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP. | ||||
| CVE-2001-1348 | 1 Twig Development Team | 1 Twig | 2026-04-16 | N/A |
| TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. | ||||
| CVE-2002-0556 | 1 Deep Forest Software | 1 Quik-serv Webserver | 2026-04-16 | N/A |
| Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. | ||||
| CVE-1999-0472 | 2 Network Appliance, Snmp | 2 Netcache, Snmp | 2026-04-16 | N/A |
| The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it. | ||||
| CVE-2003-0208 | 1 Macromedia | 1 Flash | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. | ||||
| CVE-2002-1248 | 1 Northern Solutions | 1 Xeneo Web Server | 2026-04-16 | N/A |
| Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI. | ||||
| CVE-2003-0617 | 1 Hugo Rabson | 1 Mindi | 2026-04-16 | N/A |
| mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. | ||||
| CVE-1999-0781 | 3 Freebsd, Kde, Linux | 3 Freebsd, Kde, Linux Kernel | 2026-04-16 | N/A |
| KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables. | ||||
| CVE-2003-0207 | 1 Gs-common | 1 Gs-common | 2026-04-16 | N/A |
| ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. | ||||