Export limit exceeded: 12155 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12155 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-6942 | 1 Delinea | 1 Secret Server | 2026-04-15 | 3.8 Low |
| The distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorization event that would allow an attacker to impersonate another distributed engine. | ||||
| CVE-2024-6961 | 1 Guardrailsai | 1 Guardrails | 2026-04-15 | 5.9 Medium |
| RAIL documents are an XML-based format invented by Guardrails AI to enforce formatting checks on LLM outputs. Guardrails users that consume RAIL documents from external sources are vulnerable to XXE, which may cause leakage of internal file data via the SYSTEM entity. | ||||
| CVE-2024-7428 | 2026-04-15 | N/A | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in OpenText™ Network Node Manager i (NNMi) allows URL Redirector Abuse.This issue affects Network Node Manager i (NNMi): 2022.11, 2023.05, 23.4, 24.2. | ||||
| CVE-2025-10719 | 1 Wisdomgarden | 1 Tronclass | 2026-04-15 | 4.3 Medium |
| Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files. | ||||
| CVE-2025-0138 | 1 Paloaltonetworks | 1 Prisma Cloud Compute Edition | 2026-04-15 | N/A |
| Web sessions in the web interface of Palo Alto Networks Prisma® Cloud Compute Edition do not expire when users are deleted, which makes Prisma Cloud Compute Edition susceptible to unauthorized access. Compute in Prisma Cloud Enterprise Edition is not affected by this issue. | ||||
| CVE-2025-46386 | 2026-04-15 | 8.8 High | ||
| CWE-639 Authorization Bypass Through User-Controlled Key | ||||
| CVE-2025-46389 | 2026-04-15 | 6.5 Medium | ||
| CWE-620: Unverified Password Change | ||||
| CVE-2025-46826 | 2026-04-15 | N/A | ||
| insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025. | ||||
| CVE-2025-23183 | 2026-04-15 | 6.1 Medium | ||
| CWE-601: URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2025-60151 | 2 Crm Perks, Wordpress | 2 Wp Gravity Forms Hubspot, Wordpress | 2026-04-15 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in CRM Perks WP Gravity Forms HubSpot gf-hubspot allows Phishing.This issue affects WP Gravity Forms HubSpot: from n/a through <= 1.2.5. | ||||
| CVE-2025-6023 | 1 Grafana | 1 Grafana | 2026-04-15 | 7.6 High |
| An open redirect vulnerability has been identified in Grafana OSS that can be exploited to achieve XSS attacks. The vulnerability was introduced in Grafana v11.5.0. The open redirect can be chained with path traversal vulnerabilities to achieve XSS. Fixed in versions 12.0.2+security-01, 11.6.3+security-01, 11.5.6+security-01, 11.4.6+security-01 and 11.3.8+security-01 | ||||
| CVE-2024-11275 | 2026-04-15 | 4.3 Medium | ||
| The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users. | ||||
| CVE-2025-56675 | 1 Eken | 1 Video Doorbell T6 | 2026-04-15 | 3.5 Low |
| The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password. | ||||
| CVE-2024-47260 | 2026-04-15 | 6.5 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API mediaclip.cgi did not have a sufficient input validation allowing for uploading more audio clips then designed resulting in the Axis device running out of memory. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2025-62775 | 1 Mercku | 1 M6a | 2026-04-15 | 8 High |
| Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password. | ||||
| CVE-2024-55887 | 2026-04-15 | 8.6 High | ||
| Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted. | ||||
| CVE-2025-25058 | 1 Intel | 1 Ethernet 800-series | 2026-04-15 | 3.3 Low |
| Improper initialization for some ESXi kernel mode driver for the Intel(R) Ethernet 800-Series before version 2.2.2.0 (esxi 8.0) & 2.2.3.0 (esxi 9.0) within Ring 1: Device Drivers may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (none) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-46358 | 1 Emerson | 1 Valvelink | 2026-04-15 | 7.7 High |
| Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | ||||
| CVE-2025-4641 | 2026-04-15 | N/A | ||
| Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2. | ||||
| CVE-2025-2517 | 2026-04-15 | N/A | ||
| Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. | ||||