Export limit exceeded: 15531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 43444 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43444 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-52536 | 1 Amd | 8 Epyc 7003 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 5 more | 2026-04-15 | N/A |
| Improper Prevention of Lock Bit Modification in SEV firmware could allow a privileged attacker to downgrade firmware potentially resulting in a loss of integrity. | ||||
| CVE-2025-12829 | 1 Amazon | 1 Ion | 2026-04-15 | 6.2 Medium |
| An uninitialized stack read issue exists in Amazon Ion-C versions <v1.1.4 that may allow a threat actor to craft data and serialize it to Ion text in such a way that sensitive data in memory could be exposed through UTF-8 escape sequences. To mitigate this issue, users should upgrade to version v1.1.4. | ||||
| CVE-2024-29650 | 2026-04-15 | 9.8 Critical | ||
| An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. | ||||
| CVE-2025-3648 | 2026-04-15 | N/A | ||
| A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list (ACL) configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer instance data that is not intended to be accessible to them. To assist customers in enhancing access controls, ServiceNow has introduced additional access control frameworks in Xanadu and Yokohama, such as Query ACLs, Security Data Filters and Deny-Unless ACLs. Additionally, in May 2025, ServiceNow delivered to customers a security update that is designed to enhance customer ACL configurations. Customers, please review the KB Articles in the References section. | ||||
| CVE-2025-10392 | 1 Mercury | 1 Km08-708h Giga Wifi Wave2 | 2026-04-15 | 9.8 Critical |
| A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be used. | ||||
| CVE-2025-48386 | 1 Git | 1 Git | 2026-04-15 | 6.3 Medium |
| Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. The wincred credential helper uses a static buffer (target) as a unique key for storing and comparing against internal storage. This credential helper does not properly bounds check the available space remaining in the buffer before appending to it with wcsncat(), leading to potential buffer overflows. This vulnerability is fixed in v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1. | ||||
| CVE-2025-23283 | 1 Nvidia | 1 Gpu Display Driver | 2026-04-15 | 7.8 High |
| NVIDIA vGPU software for Linux-style hypervisors contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause stack buffer overflow. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2025-4425 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 8.2 High |
| The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability. https://support.lenovo.com/us/en/product_security/home | ||||
| CVE-2025-4446 | 1 H3c | 1 Gr-5400ax | 2026-04-15 | 8 High |
| A vulnerability has been found in H3C GR-5400AX up to 100R008 and classified as critical. This vulnerability affects the function Edit_List_SSID of the file /goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack needs to be approached within the local network. | ||||
| CVE-2025-12755 | 1 Ibm | 2 Mq Advanced, Mq Operator | 2026-04-15 | 4 Medium |
| IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues. | ||||
| CVE-2025-10678 | 1 Netbirdio | 1 Netbird | 2026-04-15 | N/A |
| NetBird VPN when installed using vendor's provided script failed to remove or change default password of an admin account created by ZITADEL. This issue affects instances installed using vendor's provided script. This issue may affect instances created with Docker if the default password was not changed nor the user was removed. This issue has been fixed in version 0.57.0 | ||||
| CVE-2025-46419 | 1 Westermo | 1 Weos | 2026-04-15 | 5.9 Medium |
| Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. | ||||
| CVE-2025-1073 | 2026-04-15 | 7.5 High | ||
| Panasonic IR Control Hub (IR Blaster) versions 1.17 and earlier may allow an attacker with physical access to load unauthorized firmware onto the device. | ||||
| CVE-2025-4969 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.5 Medium |
| A vulnerability was found in the libsoup package. This flaw stems from its failure to correctly verify the termination of multipart HTTP messages. This can allow a remote attacker to send a specially crafted multipart HTTP body, causing the libsoup-consuming server to read beyond its allocated memory boundaries (out-of-bounds read). | ||||
| CVE-2025-50572 | 2026-04-15 | 8.8 High | ||
| Archer 6.11.00204.10014 allows attackers to execute arbitrary code via crafted system inputs that would be exported into the CSV and be executed after the user opened the file with compatible applications. NOTE: the Supplier does not accept this as a valid vulnerability report against their product. | ||||
| CVE-2025-11743 | 1 Rockwellautomation | 1 Compactlogix 5370 | 2026-04-15 | N/A |
| A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover. | ||||
| CVE-2025-11679 | 1 Warmcat | 1 Libwebsockets | 2026-04-15 | 3.1 Low |
| Out-of-bounds Read in lws_upng_emit_next_line in warmcat libwebsockets allows, when the LWS_WITH_UPNG flag is enabled during compilation and the HTML display stack is used, to read past a heap allocated buffer possibly causing a crash, when the user visits an attacker controlled website that contains a crafted PNG file with a big height dimension. | ||||
| CVE-2025-11678 | 1 Warmcat | 1 Libwebsockets | 2026-04-15 | 7.6 High |
| Stack-based Buffer Overflow in lws_adns_parse_label in warmcat libwebsockets allows, when the LWS_WITH_SYS_ASYNC_DNS flag is enabled during compilation, to overflow the label_stack, when the attacker is able to sniff a DNS request in order to craft a response with a matching id containing a label longer than the maximum. | ||||
| CVE-2025-67897 | 1 Sequoia-pgp | 1 Sequoia | 2026-04-15 | 5.3 Medium |
| In Sequoia before 2.1.0, aes_key_unwrap panics if passed a ciphertext that is too short. A remote attacker can take advantage of this issue to crash an application by sending a victim an encrypted message with a crafted PKESK or SKESK packet. | ||||
| CVE-2025-49112 | 2026-04-15 | 3.1 Low | ||
| setDeferredReply in networking.c in Valkey through 8.1.1 has an integer underflow for prev->size - prev->used. | ||||