Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-3938 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-16 6.5 Medium
Insufficient policy enforcement in Clipboard in Google Chrome prior to 146.0.7680.71 allowed a remote attacker who had compromised the renderer process to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low)
CVE-2026-3939 4 Apple, Google, Linux and 1 more 4 Macos, Chrome, Linux Kernel and 1 more 2026-04-16 6.5 Medium
Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. (Chromium security severity: Low)
CVE-2026-35533 1 Jdx 1 Mise 2026-04-16 7.8 High
mise manages dev tools like node, python, cmake, and terraform. From 2026.2.18 through 2026.4.5, mise loads trust-control settings from a local project .mise.toml before the trust check runs. An attacker who can place a malicious .mise.toml in a repository can make that same file appear trusted and then reach dangerous directives such as [env] _.source, templates, hooks, or tasks.
CVE-2026-4338 3 Activitypub, Automattic, Wordpress 3 Activitypub, Activitypub, Wordpress 2026-04-16 7.5 High
The ActivityPub WordPress plugin before 8.0.2 does not properly filter posts to be displayed, allowed unauthenticated users to access drafts/scheduled/pending posts
CVE-2026-24306 1 Microsoft 1 Azure Front Door 2026-04-16 9.8 Critical
Improper access control in Azure Front Door (AFD) allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-20667 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-16 8.8 High
A logic issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, watchOS 26.3. An app may be able to break out of its sandbox.
CVE-2026-20666 1 Apple 1 Macos 2026-04-16 5.5 Medium
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
CVE-2026-20621 1 Apple 5 Ios And Ipados, Ipados, Iphone Os and 2 more 2026-04-16 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. An app may be able to cause unexpected system termination or corrupt kernel memory.
CVE-2026-20660 1 Apple 6 Ios And Ipados, Ipados, Iphone Os and 3 more 2026-04-16 5.5 Medium
A path handling issue was addressed with improved logic. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.5, macOS Sonoma 14.8.4, macOS Tahoe 26.3, visionOS 26.3. A remote user may be able to write arbitrary files.
CVE-2026-20634 1 Apple 7 Ios And Ipados, Ipados, Iphone Os and 4 more 2026-04-16 5.5 Medium
The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. Processing a maliciously crafted image may result in disclosure of process memory.
CVE-2026-20603 1 Apple 1 Macos 2026-04-16 4.4 Medium
This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Tahoe 26.3. An app with root privileges may be able to access private information.
CVE-2026-20658 1 Apple 1 Macos 2026-04-16 7.8 High
A package validation issue was addressed by blocking the vulnerable package. This issue is fixed in macOS Tahoe 26.3. An app may be able to gain root privileges.
CVE-2026-20669 1 Apple 1 Macos 2026-04-16 5.5 Medium
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
CVE-2006-2941 2 Gnu, Redhat 2 Mailman, Enterprise Linux 2026-04-16 N/A
Mailman before 2.1.9rc1 allows remote attackers to cause a denial of service via unspecified vectors involving "standards-breaking RFC 2231 formatted headers".
CVE-2005-3747 1 Mortbay 1 Jetty 2026-04-16 N/A
Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash ("%5C") characters. NOTE: this might be the same issue as CVE-2006-2758.
CVE-2005-0233 5 Mozilla, Omnigroup, Opera and 2 more 7 Camino, Firefox, Mozilla and 4 more 2026-04-16 N/A
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
CVE-2006-0267 1 Oracle 1 Database Server 2026-04-16 N/A
Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20.
CVE-2006-0467 1 Pioneers 1 Pioneers 2026-04-16 N/A
Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.
CVE-2005-2273 1 Opera 1 Opera Browser 2026-04-16 N/A
Opera 7.x and 8 before 8.01 does not clearly associate a Javascript dialog box with the web page that generated it, which allows remote attackers to spoof a dialog box from a trusted site and facilitates phishing attacks, aka the "Dialog Origin Spoofing Vulnerability."
CVE-2003-1333 1 Intersystems 1 Cache Database 2026-04-16 N/A
Unspecified vulnerability in the Cache' Server Page (CSP) implementation in InterSystems Cache' 4.0.3 through 5.0.5 allows remote attackers to "gain complete control" of a server.