Export limit exceeded: 21492 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43169 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38363 | 1 Airbyte | 1 Airbytehq | 2026-04-15 | 8.6 High |
| Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2. | ||||
| CVE-2025-50864 | 2026-04-15 | 6.5 Medium | ||
| An Origin Validation Error in the elysia-cors library thru 1.3.0 allows attackers to bypass Cross-Origin Resource Sharing (CORS) restrictions. The library incorrectly validates the supplied origin by checking if it is a substring of any domain in the site's CORS policy, rather than performing an exact match. For example, a malicious origin like "notexample.com", "example.common.net" is whitelisted when the site's CORS policy specifies "example.com." This vulnerability enables unauthorized access to user data on sites using the elysia-cors library for CORS validation. | ||||
| CVE-2025-12183 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input. | ||||
| CVE-2025-0960 | 2026-04-15 | 9.8 Critical | ||
| AutomationDirect C-more EA9 HMI contains a function with bounds checks that can be skipped, which could result in an attacker abusing the function to cause a denial-of-service condition or achieving remote code execution on the affected device. | ||||
| CVE-2024-3871 | 2026-04-15 | 9.8 Critical | ||
| The Delta Electronics DVW-W02W2-E2 devices expose a web administration interface to users. This interface implements multiple features that are affected by command injections and stack overflows vulnerabilities. Successful exploitation of these flaws would allow remote unauthenticated attackers to gain remote code execution with elevated privileges on the affected devices. This issue affects DVW-W02W2-E2 through version 2.5.2. | ||||
| CVE-2025-12501 | 1 Opera | 1 Gamemaker Ide | 2026-04-15 | 7.5 High |
| Integer overflow in GameMaker IDE below 2024.14.0 version can lead to can lead to application crashes through denial-of-service attacks (DoS). GameMaker users who use the network_create_server() function in their projects are urged to update and recompile immediately. | ||||
| CVE-2025-0754 | 1 Redhat | 1 Service Mesh | 2026-04-15 | 4.3 Medium |
| The vulnerability was found in OpenShift Service Mesh 2.6.3 and 2.5.6. This issue occurs due to improper sanitization of HTTP headers by Envoy, particularly the x-forwarded-for header. This lack of sanitization can allow attackers to inject malicious payloads into service mesh logs, leading to log injection and spoofing attacks. Such injections can mislead logging mechanisms, enabling attackers to manipulate log entries or execute reflected cross-site scripting (XSS) attacks. | ||||
| CVE-2024-37816 | 2026-04-15 | 4.2 Medium | ||
| Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. | ||||
| CVE-2024-38509 | 2026-04-15 | 7.2 High | ||
| A privilege escalation vulnerability was discovered in XCC that could allow an authenticated XCC user with elevated privileges to execute arbitrary code via a specially crafted IPMI command. | ||||
| CVE-2025-12592 | 1 Vivotek | 1 Camera | 2026-04-15 | N/A |
| Legacy Vivotek Device firmware uses default credetials for the root and user login accounts. | ||||
| CVE-2025-0421 | 1 Shopside | 1 Shopside | 2026-04-15 | 4.7 Medium |
| Improper Restriction of Rendered UI Layers or Frames vulnerability in Shopside Software Technologies Inc. Shopside allows iFrame Overlay.This issue affects Shopside: through 05022025. | ||||
| CVE-2025-0425 | 2026-04-15 | N/A | ||
| Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed. | ||||
| CVE-2025-0373 | 2 Freebsd, Netapp | 2 Freebsd, Ontap | 2026-04-15 | 6 Medium |
| On 64-bit systems, the implementation of VOP_VPTOFH() in the cd9660, tarfs and ext2fs filesystems overflows the destination FID buffer by 4 bytes, a stack buffer overflow. A NFS server that exports a cd9660, tarfs, or ext2fs file system can be made to panic by mounting and accessing the export with an NFS client. Further exploitation (e.g., bypassing file permission checking or remote kernel code execution) is potentially possible, though this has not been demonstrated. In particular, release kernels are compiled with stack protection enabled, and some instances of the overflow are caught by this mechanism, causing a panic. | ||||
| CVE-2025-39596 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Weak Authentication vulnerability in Quentn.com GmbH Quentn WP quentn-wp allows Privilege Escalation.This issue affects Quentn WP: from n/a through <= 1.2.8. | ||||
| CVE-2024-38999 | 1 Jrburke | 1 Requirejs | 2026-04-15 | 10 Critical |
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2025-7345 | 1 Redhat | 7 Enterprise Linux, Rhel Aus, Rhel E4s and 4 more | 2026-04-15 | 7.5 High |
| A flaw exists in gdk‑pixbuf within the gdk_pixbuf__jpeg_image_load_increment function (io-jpeg.c) and in glib’s g_base64_encode_step (glib/gbase64.c). When processing maliciously crafted JPEG images, a heap buffer overflow can occur during Base64 encoding, allowing out-of-bounds reads from heap memory, potentially causing application crashes or arbitrary code execution. | ||||
| CVE-2024-39207 | 2026-04-15 | 8.2 High | ||
| lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. | ||||
| CVE-2024-38805 | 1 Tianocore | 1 Edk2 | 2026-04-15 | 6.3 Medium |
| EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service. | ||||
| CVE-2025-48490 | 2026-04-15 | N/A | ||
| Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0. | ||||
| CVE-2025-48508 | 1 Amd | 1 Radeon Pro V710 | 2026-04-15 | 6 Medium |
| Improper Hardware reset flow logic in the GPU GFX Hardware IP block could allow a privileged attacker in a guest virtual machine to control reset operation potentially causing host or GPU crash or reset resulting in denial of service. | ||||