Search Results (37391 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-21743 1 Fortinet 1 Fortiauthenticator 2026-04-17 6.8 Medium
A missing authorization vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow a read-only user to make modification to local users via a file upload to an unprotected endpoint.
CVE-2026-25947 1 Worklenz 1 Worklenz 2026-04-17 8.8 High
Worklenz is a project management tool. Prior to 2.1.7, there are multiple SQL injection vulnerabilities were discovered in backend SQL query construction affecting project and task management controllers, reporting and financial data endpoints, real-time socket.io handlers, and resource allocation and scheduling features. The vulnerability has been patched in version v2.1.7.
CVE-2026-25993 1 Evershop 1 Evershop 2026-04-17 9.8 Critical
EverShop is a TypeScript-first eCommerce platform. During category update and deletion event handling, the application embeds path / request_path values—derived from the url_key stored in the database—into SQL statements via string concatenation and passes them to execute(). As a result, if a malicious string is stored in url_key , subsequent event processing modifies and executes the SQL statement, leading to a second-order SQL injection. Patched from v2.1.1.
CVE-2026-21330 3 Adobe, Apple, Microsoft 3 After Effects, Macos, Windows 2026-04-17 7.8 High
After Effects versions 25.6 and earlier are affected by an Access of Resource Using Incompatible Type ('Type Confusion') vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2026-25609 1 Mongodb 1 Mongodb 2026-04-17 5.4 Medium
Incorrect validation of the profile command may result in the determination that a request altering the 'filter' is read-only.
CVE-2026-24913 1 Icz 1 Matcha Invoice 2026-04-17 N/A
SQL Injection vulnerability exists in MATCHA INVOICE 2.6.6 and earlier. If this vulnerability is exploited, information stored in the database may be obtained or altered by a user who can log in to the product.
CVE-2026-40311 1 Imagemagick 1 Imagemagick 2026-04-17 5.5 Medium
ImageMagick is free and open-source software used for editing and manipulating digital images. Versions below 7.1.2-19 and 6.9.13-44 contain a heap use-after-free vulnerability that can cause a crash when reading and printing values from an invalid XMP profile. This issue has been fixed in versions 6.9.13-44 and 7.1.2-19.
CVE-2026-34582 2 Botan Project, Randombit 2 Botan, Botan 2026-04-17 9.1 Critical
Botan is a C++ cryptography library. Prior to version 3.11.1, the TLS 1.3 implementation allowed ApplicationData records to be processed prior to the Finished message being received. A server which is attempting to enforce client authentication via certificates can by bypassed by a client which entirely omits Certificate, CertificateVerify, and the Finished message and instead sends application data records. This vulnerability is fixed in 3.11.1.
CVE-2026-26079 1 Roundcube 1 Webmail 2026-04-17 4.7 Medium
Roundcube Webmail before 1.5.13 and 1.6 before 1.6.13 allows Cascading Style Sheets (CSS) injection, e.g., because comments are mishandled.
CVE-2026-1837 2 Google, Libjxl Project 2 Libjxl, Libjxl 2026-04-17 7.5 High
A specially-crafted file can cause libjxl's decoder to write pixel data to uninitialized unallocated memory. Soon after that data from another uninitialized unallocated region is copied to pixel data. This can be done by requesting color transformation of grayscale images to another grayscale color space. Buffers allocated for 1-float-per-pixel are used as if they are allocated for 3-float-per-pixel. That happens only if LCMS2 is used as CMS engine. There is another CMS engine available (selected by build flags).
CVE-2026-25633 1 Statamic 2 Cms, Statamic 2026-04-17 4.3 Medium
Statamic is a, Laravel + Git powered CMS designed for building websites. Prior to 5.73.6 and 6.2.5, users without permission to view assets are able are able to download them and view their metadata. Logged-out users and users without permission to access the control panel are unable to take advantage of this. This has been fixed in 5.73.6 and 6.2.5.
CVE-2026-25924 1 Kanboard 1 Kanboard 2026-04-17 8.5 High
Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution (RCE). Although the application correctly hides the plugin installation interface when the PLUGIN_INSTALLER configuration is set to false, the underlying backend endpoint fails to verify this security setting. An attacker can exploit this oversight to force the server to download and install a malicious plugin, leading to arbitrary code execution. This vulnerability is fixed in 1.2.50.
CVE-2026-25935 2 Go-vikunja, Vikunja 2 Vikunja, Vikunja 2026-04-17 5.4 Medium
Vikunja is a todo-app to organize your life. Prior to 1.1.0, TaskGlanceTooltip.vue temporarily creates a div and sets the innerHtml to the description. Since there is no escaping on either the server or client side, a malicious user can share a project, create a malicious task, and cause an XSS on hover. This vulnerability is fixed in 1.1.0.
CVE-2026-26012 1 Dani-garcia 1 Vaultwarden 2026-04-17 6.5 Medium
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. Prior to 1.35.3, a regular organization member can retrieve all ciphers within an organization, regardless of collection permissions. The endpoint /ciphers/organization-details is accessible to any organization member and internally uses Cipher::find_by_org to retrieve all ciphers. These ciphers are returned with CipherSyncType::Organization without enforcing collection-level access control. This vulnerability is fixed in 1.35.3.
CVE-2026-26031 1 Frappe 2 Frappe Lms, Learning 2026-04-17 5.3 Medium
Frappe Learning Management System (LMS) is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students (by email) in batches. This vulnerability is fixed in 2.44.0.
CVE-2026-22821 2 Glpi-project, Pluginsglpi 2 More Reporting, Mreporting 2026-04-17 4.9 Medium
mreporting is the more reporting GLPI plugin. Prior to 1.9.4, there is a possible SQL injection on date change. This vulnerability is fixed in 1.9.4.
CVE-2026-0619 1 Silabs.com 1 Silicon Labs Matter 2026-04-17 N/A
A reachable infinite loop via an integer wraparound is present in Silicon Labs' Matter SDK which allows an attacker to trigger a denial of service. A hard reset is required to recover the device.
CVE-2026-22892 1 Mattermost 2 Mattermost, Mattermost Server 2026-04-17 4.3 Medium
Mattermost versions 11.1.x <= 11.1.2, 10.11.x <= 10.11.9, 11.2.x <= 11.2.1 fail to validate user permissions when creating Jira issues from Mattermost posts, which allows an authenticated attacker with access to the Jira plugin to read post content and attachments from channels they do not have access to via the /create-issue API endpoint by providing the post ID of an inaccessible post.. Mattermost Advisory ID: MMSA-2025-00550
CVE-2026-26268 2 Anysphere, Cursor 2 Cursor, Cursor 2026-04-17 8.1 High
Cursor is a code editor built for programming with AI. Sandbox escape via writing .git configuration was possible in versions prior to 2.5. A malicious agent (ie prompt injection) could write to improperly protected .git settings, including git hooks, which may cause out-of-sandbox RCE next time they are triggered. No user interaction was required as Git executes these commands automatically. Fixed in version 2.5.
CVE-2026-35491 1 Pi-hole 1 Ftldns 2026-04-17 6.1 Medium
FTLDNS (pihole-FTL) provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, Pi-hole FTL supports a CLI password feature (webserver.api.cli_pw) that creates “CLI” API sessions intended to be read-only for configuration changes. While /api/config correctly blocks CLI sessions from mutating configuration, /api/teleporter allowed Teleporter imports for CLI sessions, enabling a CLI-scoped session to overwrite configuration via a Teleporter archive (authorization bypass). This vulnerability is fixed in 6.6.