Search Results (26448 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22271 2026-04-15 8.2 High
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published.
CVE-2024-22260 1 Vmware 1 Workspace One Uem 2026-04-15 6.8 Medium
VMware Workspace One UEM update addresses an information exposure vulnerability.  A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.
CVE-2024-25011 1 Ericsson 2 Catalog Manager, Order Care 2026-04-15 5.3 Medium
Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue.
CVE-2024-25010 2026-04-15 8.8 High
Ericsson RAN Compute and Site Controller 6610 contains in certain configurations a high severity vulnerability where improper input validation could be exploited leading to arbitrary code execution.
CVE-2024-24984 2026-04-15 6.5 Medium
Improper input validation for some Intel(R) Wireless Bluetooth(R) products for Windows before version 23.40 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-24981 1 Intel 3 Intel Server D50fcp Family, Intel Server M50fcp Family, Server Board S2600bp Firmware 2026-04-15 7.5 High
Improper input validation in PfrSmiUpdateFw driver in UEFI firmware for some Intel(R) Server M50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-11290 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-11153 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
CVE-2024-1643 1 Lunary-ai 1 Lunary 2026-04-15 N/A
By knowing an organization's ID, an attacker can join the organization without permission and gain the ability to read and modify all data within that organization. This vulnerability allows unauthorized access and modification of sensitive information, posing a significant security risk. The flaw is due to insufficient verification of user permissions when joining an organization.
CVE-2024-22002 2026-04-15 7.8 High
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.
CVE-2024-2236 1 Redhat 2 Enterprise Linux, Rhel Eus 2026-04-15 5.9 Medium
A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.
CVE-2024-11994 1 Elastic 1 Apm Server 2026-04-15 5.7 Medium
APM server logs could contain parts of the document body from a partially failed bulk index request. Depending on the nature of the document, this could disclose sensitive information in APM Server error logs.
CVE-2024-13820 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Melhor Envio plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.15.11 via the 'run' function, which uses a hardcoded hash. This makes it possible for unauthenticated attackers to extract sensitive data including environment information, plugin tokens, shipping configurations, and limited vendor information.
CVE-2024-13807 1 Wordpress 1 Wordpress 2026-04-15 7.5 High
The Xagio SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.1.0.5 via the backup functionality due to weak filename structure and lack of protection in the directory. This makes it possible for unauthenticated attackers to extract sensitive data from backups which can include the entire database and site's files.
CVE-2024-25290 1 Casa Systems 1 Nl1901acv 2026-04-15 8 High
An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function.
CVE-2024-21544 1 Spatie 1 Browsershot 2026-04-15 8.6 High
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server.
CVE-2025-27211 1 Ui 1 Edgeswitch 2026-04-15 7.5 High
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
CVE-2024-11106 1 Wpchill 1 Simple Restrict 2026-04-15 5.3 Medium
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-34897 2026-04-15 7.5 High
Nedis SmartLife android app v1.4.0 was discovered to contain an API key disclosure vulnerability.
CVE-2024-1244 2026-04-15 N/A
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for remote code execution or used to escalate privileges to SYSTEM via AD CS certificate forging and other similar attacks.