Export limit exceeded: 26459 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26459 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-7416 1 Coffee2code 1 Reveal Template Wordpress 2026-04-15 5.3 Medium
The Reveal Template plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.7. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
CVE-2025-65951 1 Mescuwa 1 Entropy-derby 2026-04-15 8.7 High
Inside Track / Entropy Derby is a research-grade horse-racing betting engine. Prior to commit 2d38d2f, the VDF-based timelock encryption system fails to enforce sequential delay against the betting operator. Bettors pre-compute the entire Wesolowski VDF and include vdfOutputHex in their encrypted bet ticket, allowing the house to decrypt immediately using fast proof verification instead of expensive VDF evaluation. This issue has been patched via commit 2d38d2f.
CVE-2025-55052 2026-04-15 4.3 Medium
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-21871 1 Intel 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more 2026-04-15 7.5 High
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-5397 1 Honeywell 1 Experion Server 2026-04-15 8.1 High
Server receiving a malformed message to create a new connection could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning.
CVE-2025-9229 1 Mobile-industrial-robots 5 Mir100, Mir1000, Mir200 and 2 more 2026-04-15 5.3 Medium
Information disclosure vulnerability in error handling in MiR software prior to version 3.0.0 allows unauthenticated attackers to view detailed error information, such as file paths and other data, via access to verbose error pages.
CVE-2021-47154 2026-04-15 6.3 Medium
The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
CVE-2023-6916 1 Nozominetworks 2 Central Management Control, Guardian 2026-04-15 7.2 High
Audit records for OpenAPI requests may include sensitive information. This could lead to unauthorized accesses and privilege escalation.
CVE-2025-13762 1 Cyberark 1 Secure Web Sessions Extension 2026-04-15 N/A
Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305.
CVE-2025-34132 1 Tvt 1 Dvr Firmware 2026-04-15 N/A
A command injection vulnerability exists in LILIN Digital Video Recorder (DVR) devices prior to firmware version 2.0b60_20200207 via the Server field in the NTPUpdate configuration. The web service at /z/zbin/dvr_box fails to properly sanitize input, allowing remote attackers to inject and execute arbitrary commands as root by supplying specially crafted XML data to the DVRPOST interface.
CVE-2024-12575 2 Ays-pro, Wordpress 2 Poll Maker, Wordpress 2026-04-15 5.3 Medium
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 5.8.9 via the 'ays_finish_poll' AJAX action. This makes it possible for unauthenticated attackers to retrieve admin email information which is exposed in the poll response.
CVE-2023-38417 2026-04-15 4.3 Medium
Improper input validation for some Intel(R) PROSet/Wireless WiFi software before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-10846 2026-04-15 5.9 Medium
The compose-go library component in versions v2.10-v2.4.0 allows an authorized user who sends malicious YAML payloads to cause the compose-go to consume excessive amount of Memory and CPU cycles while parsing YAML, such as used by Docker Compose from versions v2.27.0 to v2.29.7 included
CVE-2023-38302 2026-04-15 4.3 Medium
A certain software build for the Sharp Rouvo V device (SHARP/VZW_STTM21VAPP/STTM21VAPP:12/SP1A.210812.016/1KN0_0_530:user/release-keys) leaks the Wi-Fi MAC address and the Bluetooth MAC address to system properties that can be accessed by any local app on the device without any permissions or special privileges. Google restricted third-party apps from directly obtaining non-resettable device identifiers in Android 10 and higher, but in this instance they are leaked by a high-privilege process and can be obtained indirectly. This malicious app reads from the "ro.boot.wifi_mac" system property to indirectly obtain the Wi-Fi MAC address and reads the "ro.boot.bt_mac" system property to obtain the Bluetooth MAC address.
CVE-2024-20318 1 Cisco 1 Ios Xr Software 2026-04-15 7.4 High
A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition.
CVE-2024-50343 1 Symfony 1 Symfony 2026-04-15 3.1 Low
symfony/validator is a module for the Symphony PHP framework which provides tools to validate values. It is possible to trick a `Validator` configured with a regular expression using the `$` metacharacters, with an input ending with `\n`. Symfony as of versions 5.4.43, 6.4.11, and 7.1.4 now uses the `D` regex modifier to match the entire input. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-12149 1 Search-guard 1 Search Guard 2026-04-15 N/A
In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to all documents in the queried indices.
CVE-2025-22137 2026-04-15 9.8 Critical
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0.
CVE-2025-29628 2026-04-15 9.4 Critical
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.
CVE-2011-10020 2026-04-15 N/A
Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability.