Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-35533 1 Jdx 1 Mise 2026-04-16 7.8 High
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks.
CVE-2026-4338 3 Activitypub, Automattic, Wordpress 3 Activitypub, Activitypub, Wordpress 2026-04-16 7.5 High
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
CVE-2026-24306 1 Microsoft 1 Azure Front Door 2026-04-16 9.8 Critical
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-20667 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-16 8.8 High
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.
CVE-2026-20666 1 Apple 1 Macos 2026-04-16 5.5 Medium
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
CVE-2026-20621 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-16 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2026-20660 1 Apple 6 Ios And Ipados, Ipados, Iphone Os and 3 more 2026-04-16 5.5 Medium
A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files.
CVE-2026-20634 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-04-16 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
CVE-2026-20603 1 Apple 1 Macos 2026-04-16 4.4 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.
CVE-2026-20658 1 Apple 1 Macos 2026-04-16 7.8 High
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
CVE-2026-20669 1 Apple 1 Macos 2026-04-16 5.5 Medium
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
CVE-2004-1064 2 Canonical, Php 2 Ubuntu Linux, Php 2026-04-16 N/A
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion.
CVE-2003-0789 2 Apache, Redhat 2 Http Server, Linux 2026-04-16 N/A
mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not properly handle CGI redirect paths, which could cause Apache to send the output of a CGI program to the wrong client.
CVE-2001-1319 1 Microsoft 1 Exchange Server 2026-04-16 N/A
Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2006-3331 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera before 9.0 does not reset the SSL security bar after displaying a download dialog from an SSL-enabled website, which allows remote attackers to spoof a trusted SSL certificate from an untrusted website and facilitates phishing attacks.
CVE-2005-3627 2 Redhat, Xpdf 2 Enterprise Linux, Xpdf 2026-04-16 N/A
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
CVE-2005-2993 1 Hp 2 Hp-ux, Tru64 2026-04-16 N/A
Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX 4.0F PK8 and other versions up to HP Tru64 UNIX 5.1B-3, and HP-UX B.11.00, B.11.04, B.11.11, and B.11.23, allows remote authenticated users to cause a denial of service (hang).
CVE-2006-4307 1 Sun 2 Solaris, Sunos 2026-04-16 N/A
Unspecified vulnerability in the format command in Sun Solaris 8 and 9 before 20060821 allows local users to modify arbitrary files via unspecified vectors involving profiles that permit running format with elevated privileges, a different issue than CVE-2006-4306 and CVE-2006-4319.
CVE-2006-0033 1 Microsoft 1 Office 2026-04-16 N/A
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via a crafted PNG image that triggers memory corruption when it is parsed.
CVE-2005-4585 2 Ethereal Group, Redhat 2 Ethereal, Enterprise Linux 2026-04-16 N/A
Unspecified vulnerability in the GTP dissector for Ethereal 0.9.1 to 0.10.13 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.