Export limit exceeded: 43382 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43382 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-21853 | 2026-04-15 | 4.7 Medium | ||
| Improper finite state machines (FSMs) in the hardware logic in some 4th and 5th Generation Intel(R) Xeon(R) Processors may allow an authorized user to potentially enable denial of service via local access. | ||||
| CVE-2025-14547 | 1 Silabs | 2 Gecko Sdk, Simplicity Sdk | 2026-04-15 | N/A |
| An integer underflow vulnerability is present in Silicon Lab’s implementation of PSA Crypto and SE Manager EC-JPAKE APIs during ZKP parsing. Triggering the underflow can lead to a hard fault, causing a temporary denial of service. | ||||
| CVE-2024-21529 | 1 Dset Project | 1 Dset | 2026-04-15 | 8.2 High |
| Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. | ||||
| CVE-2024-21512 | 2026-04-15 | 8.2 High | ||
| Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. | ||||
| CVE-2024-21505 | 2026-04-15 | 7.5 High | ||
| Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. | ||||
| CVE-2024-2105 | 1 Jbl | 7 Boombox 2, Boombox 3, Flip 5 and 4 more | 2026-04-15 | 6.5 Medium |
| An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices. | ||||
| CVE-2025-14607 | 1 Offis | 1 Dcmtk | 2026-04-15 | 6.3 Medium |
| A vulnerability was detected in OFFIS DCMTK up to 3.6.9. Affected by this issue is the function DcmByteString::makeDicomByteString of the file dcmdata/libsrc/dcbytstr.cc of the component dcmdata. The manipulation results in memory corruption. The attack can be launched remotely. Upgrading to version 3.7.0 can resolve this issue. The patch is identified as 4c0e5c10079392c594d6a7abd95dd78ac0aa556a. You should upgrade the affected component. | ||||
| CVE-2025-32412 | 2026-04-15 | 7.8 High | ||
| Fuji Electric Smart Editor is vulnerable to an out-of-bounds read, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2024-46899 | 2026-04-15 | 7.1 High | ||
| Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04. | ||||
| CVE-2024-8772 | 2026-04-15 | 4.3 Medium | ||
| 51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-20416 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability in the upload module of Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to insufficient boundary checks when processing specific HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system of the device. | ||||
| CVE-2025-11594 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | ||||
| CVE-2024-46547 | 2026-04-15 | 7.5 High | ||
| A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks. | ||||
| CVE-2025-59820 | 1 Kde | 1 Krita | 2026-04-15 | 6.7 Medium |
| In KDE Krita before 5.2.13, loading a manipulated TGA file could result in a heap-based buffer overflow in plugins/impex/tga/kis_tga_import.cpp (aka KisTgaImport). Control flow proceeds even when a number of pixels becomes negative. | ||||
| CVE-2024-1657 | 1 Redhat | 3 Ansible Automation Platform, Ansible Automation Platform Developer, Ansible Automation Platform Inside | 2026-04-15 | 8.1 High |
| A flaw was found in the ansible automation platform. An insecure WebSocket connection was being used in installation from the Ansible rulebook EDA server. An attacker that has access to any machine in the CIDR block could download all rulebook data from the WebSocket, resulting in loss of confidentiality and integrity of the system. | ||||
| CVE-2025-5878 | 2026-04-15 | 7.3 High | ||
| A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disclosed to the public. The project was contacted early about this issue and handled it with an exceptional level of professionalism. Upgrading to version 2.7.0.0 is able to address this issue. Commit ID f75ac2c2647a81d2cfbdc9c899f8719c240ed512 is disabling the feature by default and any attempt to use it will trigger a warning. And commit ID e2322914304d9b1c52523ff24be495b7832f6a56 is updating the misleading Java class documentation to warn about the risks. | ||||
| CVE-2024-13941 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in ouch-org ouch up to 0.3.1. It has been classified as critical. This affects the function ouch::archive::zip::convert_zip_date_time of the file zip.rs. The manipulation of the argument month leads to memory corruption. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.4.0 is able to address this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-13893 | 2026-04-15 | N/A | ||
| Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, might share same credentials for telnet service. Hash of the password can be retrieved through physical access to SPI connected memory. For the telnet service to be enabled, the inserted SD card needs to have a folder with a specific name created. Two products were tested, but since the vendor has not replied to reports, patching status remains unknown, as well as groups of devices and firmware ranges in which the same password is shared. Newer firmware versions might be vulnerable as well. | ||||
| CVE-2025-9709 | 2026-04-15 | N/A | ||
| On-Chip Debug and Test Interface With Improper Access Control and Improper Protection against Electromagnetic Fault Injection (EM-FI) in Nordic Semiconductor nRF52810 allow attacker to perform EM Fault Injection and bypass APPROTECT at runtime, requiring the least amount of modification to the hardware system possible. | ||||
| CVE-2025-11537 | 1 Redhat | 2 Build Keycloak, Build Of Keycloak | 2026-04-15 | 5 Medium |
| A flaw was found in Keycloak. When the logging format is configured to a verbose, user-supplied pattern (such as the pre-defined 'long' pattern), sensitive headers including Authorization and Cookie are disclosed to the logs in cleartext. An attacker with read access to the log files can extract these credentials (e.g., bearer tokens, session cookies) and use them to impersonate users, leading to a full account compromise. | ||||