Export limit exceeded: 357110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45110 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45110 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46302 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-28 | 5.7 Medium |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.2, tvOS 26.2, visionOS 26.2, watchOS 26.2. A malicious HID device may cause an unexpected process crash. | ||||
| CVE-2026-29645 | 2 Openxiangshan, Xiangshan | 2 Nemu, Nemu | 2026-04-28 | 7.5 High |
| NEMU (OpenXiangShan/NEMU) before v2025.12.r2 contains an improper instruction-validation flaw in its RISC-V Vector (RVV) decoder. The decoder does not correctly validate the funct3 field when decoding vsetvli/vsetivli/vsetvl, allowing certain invalid OP-V instruction encodings to be misinterpreted and executed as vset* configuration instructions rather than raising an illegal-instruction exception. This can be exploited by providing crafted RISC-V binaries to cause incorrect trap behavior, architectural state corruption/divergence, and potential denial of service in systems that rely on NEMU for correct execution or sandboxing. | ||||
| CVE-2026-41197 | 1 Noir-lang | 1 Noir | 2026-04-28 | N/A |
| Noir is a Domain Specific Language for SNARK proving systems that is designed to use any ACIR compatible proving system, and Brillig is the bytecode ACIR uses for non-determinism. Noir programs can invoke external functions through foreign calls. When compiling to Brillig bytecode, the SSA instructions are processed block-by-block in `BrilligBlock::compile_block()`. When the compiler encounters an `Instruction::Call` with a `Value::ForeignFunction` target, it invokes `codegen_call()` in `brillig_call/code_gen_call.rs`, which dispatches to `convert_ssa_foreign_call()`. Before emitting the foreign call opcode, the compiler must pre-allocate memory for any array results the call will return. This happens through `allocate_external_call_results()`, which iterates over the result types. For `Type::Array` results, it delegates to `allocate_foreign_call_result_array()` to recursively allocate memory on the heap for nested arrays. The `BrilligArray` struct is the internal representation of a Noir array in Brillig IR. Its `size` field represents the semi-flattened size, the total number of memory slots the array occupies, accounting for the fact that composite types like tuples consume multiple slots per element. This size is computed by `compute_array_length()` in `brillig_block_variables.rs`. For the outer array, `allocate_external_call_results()` correctly uses `define_variable()`, which internally calls `allocate_value_with_type()`. This function applies the formula above, producing the correct semi-flattened size. However, for nested arrays, `allocate_foreign_call_result_array()` contains a bug. The pattern `Type::Array(_, nested_size)` discards the inner types with `_` and uses only `nested_size`, the semantic length of the nested array (the number of logical elements), not the semi-flattened size. For simple element types this works correctly, but for composite element types it under-allocates. Foreign calls returning nested arrays of tuples or other composite types corrupt the Brillig VM heap. Version 1.0.0-beta.19 fixes this issue. | ||||
| CVE-2026-41679 | 1 Paperclip | 3 Paperclipai, Paperclipai/server, Paperclipai\/server | 2026-04-28 | 10 Critical |
| Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker can achieve full remote code execution on any network-accessible Paperclip instance running in `authenticated` mode with default configuration. No user interaction, no credentials, just the target's address. The chain consists of six API calls. The attack is fully automated, requires no user interaction, and works against the default deployment configuration. Version 2026.416.0 patches the issue. | ||||
| CVE-2026-6886 | 1 Borg Technology Corporation | 1 Borg Spm 2007 | 2026-04-28 | 9.8 Critical |
| Borg SPM 2007 (Sales Ended in 2008) developed by BorG Technology Corporation has a Authentication Bypass vulnerability, allowing unauthenticated remote attackers to log into the system as any user. | ||||
| CVE-2026-6920 | 3 Google, Linux, Microsoft | 4 Android, Chrome, Linux Kernel and 1 more | 2026-04-28 | 9.6 Critical |
| Out of bounds read in GPU in Google Chrome on Android prior to 147.0.7727.117 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-42035 | 1 Axios | 1 Axios | 2026-04-28 | 7.4 High |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, a prototype pollution gadget exists in the Axios HTTP adapter (lib/adapters/http.js) that allows an attacker to inject arbitrary HTTP headers into outgoing requests. The vulnerability exploits duck-type checking of the data payload, where if Object.prototype is polluted with getHeaders, append, pipe, on, once, and Symbol.toStringTag, Axios misidentifies any plain object payload as a FormData instance and calls the attacker-controlled getHeaders() function, merging the returned headers into the outgoing request. The vulnerable code resides exclusively in lib/adapters/http.js. The prototype pollution source does not need to originate from Axios itself — any prototype pollution primitive in any dependency in the application's dependency tree is sufficient to trigger this gadget. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-42044 | 2 Axios, Redhat | 2 Axios, Service Mesh | 2026-04-28 | 6.5 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. From 1.0.0 to before 1.15.2, he Axios library is vulnerable to a Prototype Pollution "Gadget" attack that allows any Object.prototype pollution in the application's dependency tree to be escalated into surgical, invisible modification of all JSON API responses — including privilege escalation, balance manipulation, and authorization bypass. The default transformResponse function at lib/defaults/index.js:124 calls JSON.parse(data, this.parseReviver), where this is the merged config object. Because parseReviver is not present in Axios defaults, not validated by assertOptions, and not subject to any constraints, a polluted Object.prototype.parseReviver function is called for every key-value pair in every JSON response, allowing the attacker to selectively modify individual values while leaving the rest of the response intact. This vulnerability is fixed in 1.15.2. | ||||
| CVE-2026-42043 | 1 Axios | 1 Axios | 2026-04-28 | 7.2 High |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, an attacker who can influence the target URL of an Axios request can use any address in the 127.0.0.0/8 range (other than 127.0.0.1) to completely bypass the NO_PROXY protection. This vulnerability is due to an incomplete for CVE-2025-62718, This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-42038 | 1 Axios | 1 Axios | 2026-04-28 | 6.8 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, he fix for no_proxy hostname normalization bypass is incomplete. When no_proxy=localhost is set, requests to 127.0.0.1 and [::1] still route through the proxy instead of bypassing it. The shouldBypassProxy() function does pure string matching — it does not resolve IP aliases or loopback equivalents. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2026-42042 | 1 Axios | 1 Axios | 2026-04-28 | 5.4 Medium |
| Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.1 and 0.31.1, the Axios library's XSRF token protection logic uses JavaScript truthy/falsy semantics instead of strict boolean comparison for the withXSRFToken config property. When this property is set to any truthy non-boolean value (via prototype pollution or misconfiguration), the same-origin check (isURLSameOrigin) is short-circuited, causing XSRF tokens to be sent to all request targets including cross-origin servers controlled by an attacker. This vulnerability is fixed in 1.15.1 and 0.31.1. | ||||
| CVE-2025-24152 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.3. An app may be able to cause unexpected system termination or corrupt kernel memory. | ||||
| CVE-2025-24092 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to read sensitive location information. | ||||
| CVE-2025-24156 | 1 Apple | 1 Macos | 2026-04-28 | 8.8 High |
| An integer overflow was addressed through improved input validation. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to elevate privileges. | ||||
| CVE-2025-24100 | 1 Apple | 1 Macos | 2026-04-28 | 3.3 Low |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to access information about a user's contacts. | ||||
| CVE-2025-24230 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 9.8 Critical |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. Playing a malicious audio file may lead to an unexpected app termination. | ||||
| CVE-2025-30458 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.4. An app may be able to read files outside of its sandbox. | ||||
| CVE-2025-24265 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-30437 | 1 Apple | 1 Macos | 2026-04-28 | 7.4 High |
| The issue was addressed with improved bounds checks. This issue is fixed in macOS Sequoia 15.4. An app may be able to corrupt coprocessor memory. | ||||
| CVE-2025-24182 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2026-04-28 | 5.5 Medium |
| An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing a maliciously crafted font may result in the disclosure of process memory. | ||||