CVE Database

Common Vulnerabilities and Exposures

Search & Filter CVEs

Tendenze di Pubblicazione CVE (Ultimi 10 Anni)

Latest CVEs (Latest 50 vulnerabilities)

Incorrect Default Permissions vulnerability in AIRBUS PSS TETRA Connectivity Server on Windows Server OS allows Privilege Abuse. An attacker may ex…

7,3 High Apr 03, 2026

The Perfmatters plugin for WordPress is vulnerable to arbitrary file deletion via path traversal in all versions up to, and including, 2.5.9.1. This …

8,1 High Apr 03, 2026

A vulnerability was identified in Wahoo Fitness SYSTM App up to 7.2.1 on Android. Impacted is an unknown function of the file com/WahooFitness/SYSTM/…

3,3 Low Apr 03, 2026

A vulnerability was determined in Dialogue App up to 4.3.2 on Android. The affected element is an unknown function of the file file res/raw/config.js…

3,3 Low Apr 03, 2026

A vulnerability was identified in Align Technology My Invisalign App 3.12.4 on Android. The impacted element is an unknown function of the file com/a…

3,3 Low Apr 03, 2026

A security flaw has been discovered in PropertyGuru AgentNet Singapore App up to 23.7.10 on Android. This affects an unknown function of the file com…

3,3 Low Apr 03, 2026

A weakness has been identified in Noelse Individuals & Pro App up to 2.1.7 on Android. This impacts an unknown function of the file com/reactnative/a…

3,3 Low Apr 03, 2026

In Tornado before 6.5.5, cookie attribute injection could occur because the domain, path, and samesite arguments to .RequestHandler.set_cookie were n…

7,2 High Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsafe deserialization in the redis/memcache session handler may lead to arbit…

3,7 Low Apr 03, 2026

A flaw has been found in UCC CampusConnect App up to 14.3.5 on Android. This vulnerability affects unknown code of the file campusconnect/BuildConfig…

3,3 Low Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Unsanitized IMAP SEARCH command arguments could lead to IMAP injection or CSRF…

3,1 Low Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. XSS exists because of insufficient HTML attachment sanitization in preview mod…

6,1 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail 1.6.0 before 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages may …

5,4 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Incorrect password comparison in the password plugin could lead to type confus…

4,2 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via a crafted background att…

5,3 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. The remote image blocking feature can be bypassed via SVG content (with animat…

5,3 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.14 and 1.6.14. Insufficient Cascading Style Sheets (CSS) sanitization in HTML e-mail messages…

5,3 Medium Apr 03, 2026

An issue was discovered in Roundcube Webmail before 1.5.15 and 1.6.15. The remote image blocking feature can be bypassed via SVG content in an e-mail…

5,3 Medium Apr 03, 2026

An issue was discovered in MariaDB Server before 11.4.10, 11.5.x through 11.8.x before 11.8.6, and 12.x before 12.2.2. If the caching_sha2_password a…

6,5 Medium Apr 03, 2026

A vulnerability has been found in Rico só vantagem pra investir App up to 4.58.32.12421 on Android. This issue affects some unknown processing of the…

3,3 Low Apr 03, 2026

A vulnerability was found in GRID Organiser App up to 1.0.5 on Android. Impacted is an unknown function of the file file res/raw/app.json of the comp…

3,3 Low Apr 03, 2026

Command injection vulnerability in console.run_module_with_output() in pymetasploit3 through version 1.0.6 allows attackers to inject newline charact…

8,6 High Apr 03, 2026

Shynet before 0.14.0 allows Host header injection in the password reset flow.

6,4 Medium Apr 03, 2026

Shynet before 0.14.0 allows XSS in urldisplay and iconify template filters,

5,4 Medium Apr 03, 2026

A remote attacker can supply a short X-Wing HPKE encapsulated key and trigger an out-of-bounds read in the C decapsulation path, potentially causing …

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not …

7,4 High Apr 03, 2026

Server-side request forgery (ssrf) in Azure Custom Locations Resource Provider (RP) allows an authorized attacker to elevate privileges over a networ…

9,6 Critical Apr 03, 2026

Improper authentication in Azure SRE Agent allows an unauthorized attacker to disclose information over a network.

8,6 High Apr 03, 2026

Missing authentication for critical function in Azure MCP Server allows an unauthorized attacker to disclose information over a network.

9,1 Critical Apr 03, 2026

Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.

10,0 Critical Apr 03, 2026

Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.

10,0 Critical Apr 03, 2026

Server-side request forgery (ssrf) in Azure Databricks allows an unauthorized attacker to elevate privileges over a network.

10,0 Critical Apr 03, 2026

HiSecOS web server versions 05.0.00 to 08.3.01 prior to 08.3.02 contains a privilege escalation vulnerability that allows authenticated users with op…

7,8 High Apr 02, 2026

Hirschmann HiEOS devices versions prior to 01.1.00 contain an authentication bypass vulnerability in the HTTP(S) management module that allows unauth…

9,8 Critical Apr 02, 2026

vLLM is an inference and serving engine for large language models (LLMs). From version 0.5.5 to before version 0.18.0, Librosa defaults to using nump…

5,9 Medium Apr 02, 2026

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, Ella Core panics when processing a NGAP handover failure message. An at…

5,8 Medium Apr 02, 2026

Ella Core is a 5G core designed for private networks. Prior to version 1.8.0, the PUT /api/v1/subscriber/{imsi} API accepts an IMSI identifier from b…

2,7 Low Apr 02, 2026

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.30, NocoBase pl…

8,5 High Apr 02, 2026

Scoold is a Q&A and a knowledge sharing platform for teams. Prior to version 1.66.1, Scoold contains an authenticated authorization flaw in feedback …

6,5 Medium Apr 02, 2026

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the GET /api/auth/session endpoint previously incl…

8,7 High Apr 02, 2026

Bulwark Webmail is a self-hosted webmail client for Stalwart Mail Server. Prior to version 1.4.10, the verifyIdentity() function contained logic that…

8,7 High Apr 02, 2026

Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.156, 25.0.90, and 26.0.12, a vulnerability i…

9,9 Critical Apr 02, 2026

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, OneUptime's SAML SSO implementation (App/FeatureSet/Iden…

8,1 High Apr 02, 2026

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, the /enter page contains a DOM-based open redirect vulnerability. …

4,7 Medium Apr 02, 2026

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability in the team member overflow to…

5,4 Medium Apr 02, 2026

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is an open redirect vulnerability that leads to token exfilt…

8,5 High Apr 02, 2026

hoppscotch is an open source API development ecosystem. Prior to version 2026.3.0, there is a stored XSS vulnerability that can lead to CSRF. This is…

8,5 High Apr 02, 2026

OneUptime is an open-source monitoring and observability platform. Prior to version 10.0.42, the Worker service's ManualAPI exposes workflow executio…

9,2 Critical Apr 02, 2026

Bentley Systems iTwin Platform exposed a Cesium ion access token in the source of some web pages. An unauthenticated attacker could use this token to…

6,5 Medium Apr 02, 2026

A security flaw has been discovered in Shinrays Games Goods Triple App up to 1.200. The affected element is an unknown function of the file jRwTX.jav…

2,5 Low Apr 02, 2026

CVE ID

CVSS Score

Severity

Date