Export limit exceeded: 23389 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 357188 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25825 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25825 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26315 | 1 Ethereum | 1 Go Ethereum | 2026-04-18 | 7.5 High |
| go-ethereum (Geth) is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.16.9, through a flaw in the ECIES cryptography implementation, an attacker may be able to extract bits of the p2p node key. The issue is resolved in the v1.16.9 and v1.17.0 releases of Geth. Geth maintainers recommend rotating the node key after applying the upgrade, which can be done by removing the file `<datadir>/geth/nodekey` before starting Geth. | ||||
| CVE-2026-27480 | 1 Static-web-server | 1 Static Web Server | 2026-04-18 | 5.3 Medium |
| Static Web Server (SWS) is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames, enabling targeted brute-force or credential-stuffing attacks. SWS checks whether a username exists before verifying the password, causing valid usernames to follow a slower code path (e.g., bcrypt hashing) while invalid usernames receive an immediate 401 response. This timing discrepancy allows attackers to enumerate valid accounts by measuring response-time differences. This issue has been fixed in version 2.41.0. | ||||
| CVE-2024-1139 | 1 Redhat | 2 Acm, Openshift | 2026-04-18 | 7.7 High |
| A credentials leak vulnerability was found in the cluster monitoring operator in OCP. This issue may allow a remote attacker who has basic login credentials to check the pod manifest to discover a repository pull secret. | ||||
| CVE-2026-25138 | 2 Cern, Rucio | 2 Rucio, Rucio | 2026-04-18 | 5.3 Medium |
| Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. Prior to versions 35.8.3, 38.5.4, and 39.3.1, the WebUI login endpoint returns distinct error messages depending on whether a supplied username exists, allowing unauthenticated attackers to enumerate valid usernames. Versions 35.8.3, 38.5.4, and 39.3.1 fix the issue. | ||||
| CVE-2026-21495 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to division by zero in the TIFF Image Reader. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21496 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the signature parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21499 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to NULL pointer dereference via the XML parser. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21500 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to stack overflow in the XML calculator macro expansion. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21503 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 6.1 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to a null pointer passed to memcpy() in CIccTagSparseMatrixArray. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21505 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 5.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV has undefined behavior due to an invalid enum value. This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-21678 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 7.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to version 2.3.1.2, iccDEV is vulnerable to heap-buffer-overflow vulnerability in IccTagXml(). This issue has been patched in version 2.3.1.2. | ||||
| CVE-2026-22539 | 1 Efacec | 3 Qc 120, Qc 60, Qc 90 | 2026-04-18 | N/A |
| As the service interaction is performed without authentication, an attacker with some knowledge of the protocol could obtain information about the charger via OCPP v1.6. | ||||
| CVE-2026-21689 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 6.5 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccProfileXml::ParseBasic()` at `IccXML/IccLibXML/IccProfileXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | ||||
| CVE-2026-21690 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 6.3 Medium |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `CIccTagXmlTagData::ToXml()`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | ||||
| CVE-2026-21692 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 8.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a Type Confusion vulnerability in `ToXmlCurve()` at `IccXML/IccLibXML/IccMpeXml.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | ||||
| CVE-2026-22047 | 2 Color, Internationalcolorconsortium | 2 Iccdev, Iccdev | 2026-04-18 | 8.8 High |
| iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of International Color Consortium (ICC) color management profiles. Versions prior to 2.3.1.2 have a heap-buffer-overflow vulnerability in `SIccCalcOp::Describe()` at `IccProfLib/IccMpeCalc.cpp`. This vulnerability affects users of the iccDEV library who process ICC color profiles. Version 2.3.1.2 contains a patch. No known workarounds are available. | ||||
| CVE-2026-22246 | 1 Joinmastodon | 1 Mastodon | 2026-04-18 | 6.5 Medium |
| Mastodon is a free, open-source social network server based on ActivityPub. Mastodon 4.3 added notifications of severed relationships, allowing end-users to inspect the relationships they lost as the result of a moderation action. The code allowing users to download lists of severed relationships for a particular event fails to check the owner of the list before returning the lost relationships. Any registered local user can access the list of lost followers and followed users caused by any severance event, and go through all severance events this way. The leaked information does not include the name of the account which has lost follows and followers. This has been fixed in Mastodon v4.3.17, v4.4.11 and v4.5.4. | ||||
| CVE-2026-0747 | 2 Devolutions, Microsoft | 2 Remote Desktop Manager, Windows | 2026-04-18 | 3.3 Low |
| Exposure of sensitive information in the TeamViewer entry dashboard component in Devolutions Remote Desktop Manager 2025.3.24.0 through 2025.3.28.0 on Windows allows an external observer to view a password on screen via a defective masking feature, for example during physical observation or screen sharing. | ||||
| CVE-2026-22700 | 1 Rustcrypto | 2 Elliptic-curves, Sm2 Elliptic Curve | 2026-04-18 | 7.5 High |
| RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a denial-of-service vulnerability exists in the SM2 public-key encryption (PKE) implementation: the decrypt() path performs unchecked slice::split_at operations on input buffers derived from untrusted ciphertext. An attacker can submit short/undersized ciphertext or carefully-crafted DER-encoded structures to trigger bounds-check panics (Rust unwinding) which crash the calling thread or process. This issue has been patched via commit e60e991. | ||||
| CVE-2026-0403 | 1 Netgear | 20 Rbe970, Rbe970 Firmware, Rbe971 and 17 more | 2026-04-18 | 8.0 High |
| An insufficient input validation vulnerability in NETGEAR Orbi routers allows attackers connected to the router's LAN to execute OS command injections. | ||||