Export limit exceeded: 43384 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43384 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-42878 | 1 Sap | 1 Web Dispatcher And Internet Communication Manager | 2026-04-15 | 8.2 High |
| SAP Web Dispatcher and ICM may expose internal testing interfaces that are not intended for production. If enabled, unauthenticated attackers could exploit them to access diagnostics, send crafted requests, or disrupt services. This vulnerability has a high impact on confidentiality, availability and low impact on integrity and of the application. | ||||
| CVE-2025-42916 | 1 Sap | 1 S/4hana | 2026-04-15 | 8.1 High |
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database but no impact on confidentiality. | ||||
| CVE-2023-20582 | 2026-04-15 | 5.3 Medium | ||
| Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | ||||
| CVE-2023-20601 | 1 Amd | 2 Radeon Pro Vii, Radeon Vii | 2026-04-15 | N/A |
| Improper input validation within RAS TA Driver can allow a local attacker to access out-of-bounds memory, potentially resulting in a denial-of-service condition. | ||||
| CVE-2023-46960 | 2026-04-15 | 8.6 High | ||
| Buffer Overflow vulnerability in PyPXE v.1.8.4 allows a remote attacker to cause a denial of service via the handle function in the tftp module. | ||||
| CVE-2024-42027 | 1 Rocketchat | 1 Rocket.chat | 2026-04-15 | 6.7 Medium |
| The E2EE password entropy generated by Rocket.Chat Mobile prior to version 4.5.1 is insufficient, allowing attackers to crack it if they have the appropriate time and resources. | ||||
| CVE-2024-42011 | 1 Spotify | 1 Spotify App | 2026-04-15 | 7.5 High |
| The Spotify app 8.9.58 for iOS has a buffer overflow in its use of strcat. | ||||
| CVE-2025-42929 | 1 Sap | 1 Landscape Transformation Replication Server | 2026-04-15 | 8.1 High |
| Due to missing input validation, an attacker with high privilege access to ABAP reports could delete the content of arbitrary database tables, if the tables are not protected by an authorization group. This leads to a high impact on integrity and availability of the database. | ||||
| CVE-2024-41170 | 1 Siemens | 1 Tecnomatix Plant Simulation | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0015), Tecnomatix Plant Simulation V2404 (All versions < V2404.0004). The affected applications contain a stack based overflow vulnerability while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. | ||||
| CVE-2023-45924 | 1 Opengl | 1 Libglvnd-bb06db5a | 2026-04-15 | 9.8 Critical |
| libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | ||||
| CVE-2024-41166 | 2026-04-15 | 6.1 Medium | ||
| Stack-based buffer overflow in some Intel(R) PROSet/Wireless WiFi and Killerâ„¢ WiFi software for Windows before version 23.80 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-47262 | 2026-04-15 | 5.3 Medium | ||
| Dzmitry Lukyanenka, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API param.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the web interface of the Axis device. Other API endpoints or services not making use of param.cgi are not affected. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2023-5398 | 1 Honeywell | 1 Experion Server | 2026-04-15 | 5.9 Medium |
| Server receiving a malformed message based on a list of IPs resulting in heap corruption causing a denial of service. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2023-5403 | 1 Honeywell | 1 Experion Server | 2026-04-15 | 8.1 High |
| Server hostname translation to IP address manipulation which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2023-5407 | 2026-04-15 | 5.9 Medium | ||
| Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2025-68130 | 1 Trpc | 1 Trpc | 2026-04-15 | N/A |
| tRPC allows users to build and consume fully typesafe APIs without schemas or code generation. Starting in version 10.27.0 and prior to versions 10.45.3 and 11.8.0, a A prototype pollution vulnerability exists in `@trpc/server`'s `formDataToObject` function, which is used by the Next.js App Router adapter. An attacker can pollute `Object.prototype` by submitting specially crafted FormData field names, potentially leading to authorization bypass, denial of service, or other security impacts. Note that this vulnerability is only present when using `experimental_caller` / `experimental_nextAppDirCaller`. Versions 10.45.3 and 11.8.0 fix the issue. | ||||
| CVE-2025-1866 | 2026-04-15 | 8.0 High | ||
| Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in warmcat libwebsockets allows Pointer Manipulation, potentially leading to out-of-bounds memory access. This issue affects libwebsockets before 4.3.4 and is present in code built specifically for the Win32 platform. By default, the affected code is not executed unless one of the following conditions is met: LWS_WITHOUT_EXTENSIONS (default ON) is manually set to OFF in CMake. LWS_WITH_HTTP_STREAM_COMPRESSION (default OFF) is manually set to ON in CMake. Despite these conditions, when triggered in affected configurations, this vulnerability may allow attackers to manipulate pointers, potentially leading to memory corruption or unexpected behavior. | ||||
| CVE-2024-40086 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2026-04-15 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wifi_SSID_PWD function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via a password field larger than 64 bytes in length. | ||||
| CVE-2024-40085 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2026-04-15 | 9.6 Critical |
| A Buffer Overflow vulnerability in the local_app_set_router_wan function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via pppoe_username and pppoe_password fields being larger than 128 bytes in length. | ||||
| CVE-2023-6484 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2026-04-15 | 5.3 Medium |
| A log injection flaw was found in Keycloak. A text string may be injected through the authentication form when using the WebAuthn authentication mode. This issue may have a minor impact to the logs integrity. | ||||