CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/04/10 7:22 p.m.•7 views

CVE-2025-50647

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1, specifically in the handling of the wans parameter in the qos.asp endpoint...

RedhatCVE•added 2026/04/10 7:22 p.m.•5 views

CVE-2025-50652

An issue in D-Link DI-8003 16.07.26A1 related to improper handling of the id parameter in the /saveparmusb.asp endpoint...

7.5CVSS5.8AI score0.00467EPSS

RedhatCVE•added 2026/04/10 7:22 p.m.•3 views

CVE-2025-50653

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper handling of the name and mem parameters in the /timegroup.asp endpoint...

RedhatCVE•added 2026/04/10 7:22 p.m.•3 views

CVE-2025-50648

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to inadequate input validation in the /tggl.asp endpoint...

RedhatCVE•added 2026/04/10 7:22 p.m.•2 views

CVE-2025-50644

A buffer overflow vulnerability exists in D-Link DI-8003 16.07.26A1 due to improper validation of user input in the qj.asp endpoint...

RedhatCVE•added 2026/04/10 7:22 p.m.•2 views

CVE-2025-45059

D-Link DI-8300 v16.07.26A1 was discovered to contain a buffer overflow via the fn parameter in the tgfilehtm function. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted input...

7.5CVSS6.1AI score0.00395EPSS

Circl•added 2026/04/10 7:1 p.m.•2 views

CVE-2026-35669

creationtimestamp| type| source ---|---|--- 2026-04-10 19:01:52+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj5z42kgrc2w 2026-04-10 19:31:07+00:00| published-proof-of-concept| Telegram/KfGKsJKmMisviQyzRxPu6tVP9UplbeA33H-GctVC-uIg4Q 2026-04-11 08:00:49+00:00| seen|...

8.8CVSS4.9AI score0.00298EPSS

Exploits0References3

Circl•added 2026/04/10 6:33 p.m.•1 views

CVE-2026-35667

creationtimestamp| type| source ---|---|--- 2026-04-10 18:33:47+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj5xju2hzy2o...

6.9CVSS5.7AI score0.00146EPSS

Exploits1References1

Circl•added 2026/04/10 6:19 p.m.•1 views

CVE-2026-35664

creationtimestamp| type| source ---|---|--- 2026-04-10 18:19:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj5wqyntnc2z...

6.9CVSS5.7AI score0.00276EPSS

Circl•added 2026/04/10 4:30 p.m.•1 views

CVE-2026-34480

creationtimestamp| type| source ---|---|--- 2026-04-10 16:30:02+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3mj5qmk3inb2l 2026-04-24 19:22:45+00:00| seen| Telegram/6Kzjgs5Jm1YsIV5W18stSaCNyR3ZbpfLU45htDdv-YDitI...

7.5CVSS4.7AI score0.0086EPSS

NVD•added 2026/04/10 4:16 p.m.•1 views

CVE-2026-35594

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's link share authentication GetLinkShareFromClaims in pkg/models/linksharing.go constructs authorization objects entirely from JWT claims without any server-side database validation. When a project owner delet...

6.5CVSS0.00268EPSS

Cvelist•added 2026/04/10 3:55 p.m.•25 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

6.5CVSS0.00268EPSS

Vulnrichment•added 2026/04/10 3:55 p.m.•3 views

CVE-2026-35594 Vikunja Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade

6.5CVSS5.7AI score0.00268EPSS

CVE•added 2026/04/10 3:55 p.m.•9 views

CVE-2026-35594

CVE-2026-35594 affects Vikunja prior to version 2.3.0, where link-share JWTs were validated entirely from JWT claims without server-side checks. The GetLinkShareFromClaims path builds a LinkSharing object without database validation, allowing previously issued link-share JWTs to retain their orig...

6.5CVSS5.7AI score0.00268EPSS

Exploits1References4Affected Software1

EUVD•added 2026/04/10 3:31 p.m.•3 views

EUVD-2026-21417

Vikunja: Link Share JWT tokens remain valid for 72 hours after share deletion or permission downgrade...

6.5CVSS5.8AI score0.00268EPSS