Export limit exceeded: 345207 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345207 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34722 | 1 Zammad | 1 Zammad | 2026-04-17 | 4.3 Medium |
| Zammad is a web based open source helpdesk/customer support system. Prior to 7.0.1 and 6.5.4, the used endpoint for ticket creation was missing authorization if the related parameter for adding links is used. This vulnerability is fixed in 7.0.1 and 6.5.4. | ||||
| CVE-2025-43935 | 1 Dell | 1 Powerscale Onefs | 2026-04-17 | 4.4 Medium |
| Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an improper resource shutdown or release vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2023-20585 | 2026-04-17 | N/A | ||
| Insufficient checks of the RMP on host buffer access in IOMMU may allow an attacker with privileges and a compromised hypervisor to trigger an out of bounds condition without RMP checks, resulting in a potential loss of confidential guest integrity. | ||||
| CVE-2025-54510 | 2026-04-17 | N/A | ||
| A missing lock verification in AMD Secure Processor (ASP) firmware may permit a locally authenticated attacker with administrative privileges to alter MMIO routing on some Zen 5-based products, potentially compromising guest system integrity. | ||||
| CVE-2025-36579 | 2026-04-17 | 5.1 Medium | ||
| Dell Client Platform BIOS contains a Weak Password Recovery Mechanism vulnerability. An unauthenticated attacker with physical access to the system could potentially exploit this vulnerability, leading to unauthorized access. | ||||
| CVE-2025-43937 | 1 Dell | 1 Powerscale Onefs | 2026-04-17 | 6.6 Medium |
| Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | ||||
| CVE-2025-54502 | 2026-04-17 | N/A | ||
| Incorrect use of boot service in the AMD Platform Configuration Blob (APCB) SMM driver could allow a privileged attacker with local access (Ring 0) to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2026-3324 | 1 Zohocorp | 1 Manageengine Log360 | 2026-04-17 | 8.2 High |
| Zohocorp ManageEngine Log360 versions 13000 through 13013 are vulnerable to authentication bypass on certain actions due to improper filter configuration. | ||||
| CVE-2026-33392 | 1 Jetbrains | 1 Youtrack | 2026-04-17 | 7.2 High |
| In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass | ||||
| CVE-2026-23853 | 1 Dell | 1 Powerprotect Data Domain | 2026-04-17 | 8.4 High |
| Dell PowerProtect Data Domain with Data Domain Operating System (DD OS) of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain a use of weak credentials vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to the system. | ||||
| CVE-2026-40688 | 1 Fortinet | 1 Fortiweb | 2026-04-17 | 6.7 Medium |
| An out-of-bounds write vulnerability [CWE-787] vulnerability in Fortinet FortiWeb 8.0.0 through 8.0.3, FortiWeb 7.6.0 through 7.6.6, FortiWeb 7.4.0 through 7.4.11 may allow a remote privileged attacker to execute arbitrary code or command via crafted HTTP requests. | ||||
| CVE-2026-21742 | 1 Fortinet | 2 Fortisoaron-premise, Fortisoarpaas | 2026-04-17 | 5.4 Medium |
| A cleartext transmission of sensitive information vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.2, FortiSOAR on-premise 7.5.0 through 7.5.1, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated attacker to view cleartext password in response for Secure Message Exchange and Radius queries, if configured | ||||
| CVE-2026-22574 | 1 Fortinet | 2 Fortisoaron-premise, Fortisoarpaas | 2026-04-17 | 4.1 Medium |
| A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to retrieve Service account password via server address modification in LDAP configuration. | ||||
| CVE-2026-22154 | 1 Fortinet | 2 Fortisoaron-premise, Fortisoarpaas | 2026-04-17 | 4.4 Medium |
| An improper neutralization of input during web page generation ('cross-site scripting') vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2, FortiSOAR on-premise 7.4 all versions, FortiSOAR on-premise 7.3 all versions may allow an authenticated remote attacker to perform a stored cross site scripting (XSS) attack via crafted HTTP Requests. | ||||
| CVE-2026-22828 | 1 Fortinet | 4 Fortianalyzer Cloud, Fortianalyzercloud, Fortimanager Cloud and 1 more | 2026-04-17 | 7.3 High |
| A heap-based buffer overflow vulnerability in Fortinet FortiAnalyzer Cloud 7.6.2 through 7.6.4, FortiManager Cloud 7.6.2 through 7.6.4 may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests. Successful exploitation would require a large amount of effort in preparation because of ASLR and network segmentation | ||||
| CVE-2026-23708 | 1 Fortinet | 2 Fortisoaron-premise, Fortisoarpaas | 2026-04-17 | 6.7 Medium |
| A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via replaying captured 2FA request. The attack requires being able to intercept and decrypt authentication traffic and precise timing to replay the request before token expiration, which raises the attack complexity. | ||||
| CVE-2026-2400 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-17 | N/A |
| CWE-93 Improper Neutralization of CRLF Sequences ('CRLF Injection') vulnerability exists that could cause application user credentials to reset when a Web Admin user alters the POST /setPCBEDesc request payload. | ||||
| CVE-2026-2403 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-17 | N/A |
| CWE-1284 Improper Validation of Specified Quantity in Input vulnerability exists that could cause Event and Data Log truncation impacting log integrity when a Web Admin user alters the POST /logsettings request payload. | ||||
| CVE-2026-2404 | 1 Schneider-electric | 1 Powerchute Serial Shutdown | 2026-04-17 | N/A |
| CWE-116 Improper Encoding or Escaping of Output vulnerability exists that could cause log injection and forged log when an attacker alters the POST /j_security check request payload. | ||||
| CVE-2026-25691 | 1 Fortinet | 4 Fortisandbox, Fortisandbox Paas, Fortisandboxcloud and 1 more | 2026-04-17 | 6.2 Medium |
| A improper limitation of a pathname to a restricted directory ('path traversal') vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.5, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox 4.2 all versions, FortiSandbox Cloud 5.0.4, FortiSandbox PaaS 5.0.4 may allow a privileged attacker with super-admin profile and CLI access to delete an arbitrary directory via HTTP crafted requests. | ||||