Export limit exceeded: 361167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361167 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 84671 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (84671 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-56568 | 1 Open5gs | 1 Open5gs | 2026-05-04 | 7.5 High |
| Assertion failure vulnerability in the PCO (Protocol Configuration Options) parser in the SMF (Session Management Function) component of Open5GS before v2.7.5 allows remote attackers to cause denial of service via specially crafted NGAP messages containing malformed length fields in protocol configuration data. | ||||
| CVE-2026-34059 | 1 Apache | 1 Http Server | 2026-05-04 | 7.5 High |
| Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue. | ||||
| CVE-2026-5405 | 1 Wireshark | 1 Wireshark | 2026-05-04 | 7.8 High |
| RDP protocol dissector crash in Wireshark 4.6.0 to 4.6.4 and 4.4.0 to 4.4.14 allows denial of service and possible code execution | ||||
| CVE-2026-42079 | 1 Icip-cas | 1 Pptagent | 2026-05-04 | 8.6 High |
| PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins in scope. This issue has been patched via commit 418491a. | ||||
| CVE-2026-36762 | 1 Thinkgem | 1 Jeesite | 2026-05-04 | 8.8 High |
| An issue in the fileEntityId parameter in the /a/file/upload endpoint of JeeSite v5.15.1 allows authenticated attackers with file upload permissions to execute a path traversal and write arbitrary files with whitelisted suffixes to arbitrary filesystem locations. | ||||
| CVE-2026-36765 | 1 Chillzhuang | 1 Springblade | 2026-05-04 | 8.8 High |
| An XML external entity (XXE) vulnerability in the /designer/loadReport endpoint of SpringBlade v4.8.0 allows authenticated attackers to execute arbitrary code via injecting a crafted payload. | ||||
| CVE-2025-52347 | 2 Osforensics, Passmark | 3 Osforensics, Burnintest, Performancetest | 2026-05-04 | 7.8 High |
| An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call. | ||||
| CVE-2025-63547 | 1 Eprosima | 1 Micro-xrec-dds Agent | 2026-05-04 | 7.5 High |
| An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a crafted packet to the MTU length field | ||||
| CVE-2025-63548 | 1 Eprosima | 1 Micro-xrce-dds Agent | 2026-05-04 | 7.5 High |
| An issue in Eprosima Micro-XREC-DDS Agent v.3.0.1 allows a remote attacker to cause a denial of service via a packet specially crafted to bear a non-valid value in any Boolean field. | ||||
| CVE-2026-42467 | 1 Danielmartensson | 1 Open-sae-j1939 | 2026-05-04 | 7.5 High |
| An issue was discovered in Open-SAE-J1939 thru commit b6caf884df46435e539b1ecbf92b6c29b345bdfe (2025-11-30) in SAE_J1939_Read_Binary_Data_Transfer_DM16 causing a denial of service via crafted CAN frame on the J1939 bus. | ||||
| CVE-2026-37535 | 1 Openxc | 1 Isotp-c | 2026-05-04 | 7.1 High |
| openxc/isotp-c thru commit 5a5d19245f65189202719321facd49ce6f5d46ac (2021-08-09) contains an out-of-bounds read in the ISO-TP Single Frame receive handler, where the 4-bit payload length nibble is used directly as the memcpy size without validating it against the actual CAN data length. A malicious CAN frame with an oversized length nibble can cause memory reads beyond the buffer, allowing attackers to cause a denial of service, or gain sensitive information. | ||||
| CVE-2026-37536 | 1 Miaofng | 1 Uds-c | 2026-05-04 | 8.8 High |
| miaofng/uds-c commit e506334e270d77b20c0bc259ac6c7d8c9b702b7a (2016-10-05) contains a stack buffer overflow in send_diagnostic_request. A 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) receives memcpy at offset 1+pid_length with payload_length bytes. MAX_UDS_REQUEST_PAYLOAD_LENGTH=7, so 1+2+7=10 exceeds buffer by 4 bytes. No bounds check on payload_length before memcpy. | ||||
| CVE-2026-37537 | 1 Collin80 | 1 Open-sae-j1939 | 2026-05-04 | 8.1 High |
| collin80/Open-SAE-J1939 thru commit 744024d4306bc387857dfce439558336806acb06 (2023-03-08) contains an integer underflow leading to out-of-bounds write in Transport Protocol Data Transfer handling. At line 23: uint8_t index = data[0] - 1. When data[0] (sequence number from CAN frame) is 0, index underflows to 255. Subsequent write at tp_dt->data[255*7 + i-1] reaches offset 1791, exceeding the MAX_TP_DT buffer (1785 bytes) by 6 bytes. | ||||
| CVE-2026-37538 | 1 Dschanoeh | 1 Socketcand | 2026-05-04 | 7.5 High |
| Buffer overflow vulnerability in socketcand 0.4.2 in file socketcand.c in function main allows attackers to cause a denial of service or other unspecified impacts via crafted bus_name. | ||||
| CVE-2026-42485 | 1 Automotivelinux | 1 Agl-service-can-low-level | 2026-05-04 | 7.5 High |
| AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The send_diagnostic_request function in uds.c allocates a 6-byte stack buffer (MAX_DIAGNOSTIC_PAYLOAD_SIZE=6) but copies up to 7 bytes (MAX_UDS_REQUEST_PAYLOAD_LENGTH=7) via memcpy at an offset of 1+pid_length (2-3 bytes), resulting in 1-4 bytes of controlled stack overflow. The payload_length field (uint8_t) has no bounds check against the destination buffer. On 32-bit ARM automotive ECUs without stack canaries, this can lead to return address overwrite and RCE. | ||||
| CVE-2026-30363 | 1 Flipperzero | 1 Flipper Zero Firmware | 2026-05-04 | 8.4 High |
| flipperzero-firmware commit ad2a80 was discovered to contain a stack overflow in the "Main" function. | ||||
| CVE-2026-7584 | 2 Zhinst, Zurich Instruments | 2 Labone Q, Labone Q | 2026-05-04 | 7.8 High |
| The LabOne Q serialization framework uses a class-loading mechanism (import_cls) to dynamically import and instantiate Python classes during deserialization. Prior to the fix, this mechanism accepted arbitrary fully-qualified class names from the serialized data without any validation of the target class or restriction on which modules could be imported. An attacker can craft a serialized experiment file that causes the deserialization engine to import and instantiate arbitrary Python classes with attacker-controlled constructor arguments, resulting in arbitrary code execution in the context of the user running the Python process. Exploitation requires the victim to load a malicious file using LabOne Q's deserialization functions, for example a compromised experiment file shared for collaboration or support purposes. | ||||
| CVE-2026-2052 | 2 Marketingfire, Wordpress | 3 Widget-options, Widget-options – Advanced Conditional Visibility For Gutenberg Blocks & Classic Widgets, Wordpress | 2026-05-04 | 8.8 High |
| The Widget Options – Advanced Conditional Visibility for Gutenberg Blocks & Classic Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.2.2 via the Display Logic feature. This is due to the plugin using eval() on user-supplied Display Logic expressions with an insufficient blocklist/allowlist that can be bypassed using array_map with string concatenation, combined with a lack of authorization enforcement on the extended_widget_opts_block attribute. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. The vulnerability was partially patched in version 4.2.0. | ||||
| CVE-2026-6320 | 2 Wordpress, Wordpresschef | 2 Wordpress, Salon Booking System Free | 2026-05-04 | 7.5 High |
| The Salon Booking System – Free Version plugin for WordPress is vulnerable to Arbitrary File Read in versions up to, and including, 10.30.25. This is due to the public booking flow accepting attacker-controlled file-field values and later using those stored values as trusted paths for email attachments. This makes it possible for unauthenticated attackers to read arbitrary local files and exfiltrate them via booking confirmation email attachments. | ||||
| CVE-2026-7632 | 1 Code-projects | 1 Online Hospital Management System | 2026-05-04 | 7.3 High |
| A vulnerability was determined in code-projects Online Hospital Management System 1.0. This affects an unknown function of the file /viewappointment.php. This manipulation of the argument delid causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized. | ||||