Export limit exceeded: 346665 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346665 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2508 | 1 Freshlight | 1 Wp Mobile Menu | 2026-04-15 | 5.3 Medium |
| The WP Mobile Menu plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_menu_item_icon function in all versions up to, and including, 2.8.4.4. This makes it possible for unauthenticated attackers to add the '_mobmenu_icon' post meta to arbitrary posts with an arbitrary (but sanitized) value. NOTE: Version 2.8.4.4 contains a partial fix for this vulnerability. | ||||
| CVE-2025-6980 | 1 Arista | 1 Ng Firewall | 2026-04-15 | 7.5 High |
| Captive Portal can expose sensitive information | ||||
| CVE-2024-25080 | 2026-04-15 | 4.7 Medium | ||
| WebMail in Axigen 10.x before 10.3.3.62 allows XSS via the image attachment viewer. | ||||
| CVE-2025-68850 | 2 Codepeople, Wordpress | 2 Sell Downloads, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in codepeople Sell Downloads sell-downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sell Downloads: from n/a through <= 1.1.12. | ||||
| CVE-2025-6979 | 1 Arista | 1 Ng Firewall | 2026-04-15 | 8.8 High |
| Captive Portal can allow authentication bypass | ||||
| CVE-2024-25091 | 2026-04-15 | 9.1 Critical | ||
| Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment. | ||||
| CVE-2024-25102 | 1 Cdac | 1 Appsamvid Software | 2026-04-15 | 7.8 High |
| This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. | ||||
| CVE-2025-7433 | 2026-04-15 | 8.8 High | ||
| A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2025.1 and older allows arbitrary code execution. | ||||
| CVE-2024-25103 | 1 Cdac | 1 Appsamvid Software | 2026-04-15 | 6.3 Medium |
| This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system. | ||||
| CVE-2024-47812 | 1 Mediawiki | 1 Mediawiki | 2026-04-15 | 6 Medium |
| ImportDump is an extension for mediawiki designed to automate user import requests. Anyone who can edit the interface strings of a wiki (typically administrators and interface admins) can embed XSS payloads in the messages for dates, and thus XSS anyone who views Special:RequestImportQueue. This issue has been patched in commit `d054b95` and all users are advised to apply this commit to their branch. Users unable to upgrade may either Prevent access to Special:RequestImportQueue on all wikis, except for the global wiki; and If an interface administrator (or equivalent) level protection is available (which is not provided by default) on the global wiki, protect the affected messages up to that level. This causes the XSS to be virtually useless as users with those rights can already edit Javascript pages. Or Prevent access to Special:RequestImportQueue altogether. | ||||
| CVE-2025-8351 | 2 Apple, Avast | 2 Macos, Antivirus | 2026-04-15 | 9 Critical |
| Heap-based Buffer Overflow, Out-of-bounds Read vulnerability in Avast Antivirus on MacOS when scanning a malformed file may allow Local Execution of Code or Denial-of-Service of the anitvirus engine process.This issue affects Antivirus: from 8.3.70.94 before 8.3.70.98. | ||||
| CVE-2024-47817 | 1 Lara Zeus | 1 Dynamic Dashboard | 2026-04-15 | 6.1 Medium |
| Lara-zeus Dynamic Dashboard simple way to manage widgets for your website landing page, and filament dashboard and Lara-zeus artemis is a collection of themes for the lara-zeus ecosystem. If values passed to a paragraph widget are not valid and contain a specific set of characters, applications are vulnerable to XSS attack against a user who opens a page on which a paragraph widget is rendered. Users are advised to upgrade to the appropriate fix versions detailed in the advisory metadata. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-9316 | 1 N-able | 1 N-central | 2026-04-15 | N/A |
| N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4. | ||||
| CVE-2024-4783 | 2026-04-15 | 6.4 Medium | ||
| The jQuery T(-) Countdown Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's tminus shortcode in all versions up to, and including, 2.3.25 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-37247 may be a duplicate of this issue. | ||||
| CVE-2024-47848 | 1 Wikimedia | 1 Pagetriage | 2026-04-15 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - PageTriage allows Authentication Bypass.This issue affects Mediawiki - PageTriage: from 1.39.X before 1.39.9, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | ||||
| CVE-2024-47850 | 2 Cups, Redhat | 7 Cups, Enterprise Linux, Rhel Aus and 4 more | 2026-04-15 | 7.5 High |
| CUPS cups-browsed before 2.5b1 will send an HTTP POST request to an arbitrary destination and port in response to a single IPP UDP packet requesting a printer to be added, a different vulnerability than CVE-2024-47176. (The request is meant to probe the new printer but can be used to create DDoS amplification attacks.) | ||||
| CVE-2024-25115 | 2026-04-15 | 7 High | ||
| RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, specially crafted `CF.LOADCHUNK` commands may be used by authenticated users to perform heap overflow, which may lead to remote code execution. The problem is fixed in RedisBloom 2.4.7 and 2.6.10. | ||||
| CVE-2024-47857 | 2026-04-15 | 9.8 Critical | ||
| SSH Communication Security PrivX versions between 18.0-36.0 implement insufficient validation on public key signatures when using native SSH connections via a proxy port. This allows an existing PrivX "account A" to impersonate another existing PrivX "account B" and gain access to SSH target hosts to which the "account B" has access. | ||||
| CVE-2024-25131 | 2026-04-15 | 8.8 High | ||
| A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment. | ||||
| CVE-2024-47874 | 1 Encode | 1 Starlette | 2026-04-15 | 7.5 High |
| Starlette is an Asynchronous Server Gateway Interface (ASGI) framework/toolkit. Prior to version 0.40.0, Starlette treats `multipart/form-data` parts without a `filename` as text form fields and buffers those in byte strings with no size limit. This allows an attacker to upload arbitrary large form fields and cause Starlette to both slow down significantly due to excessive memory allocations and copy operations, and also consume more and more memory until the server starts swapping and grinds to a halt, or the OS terminates the server process with an OOM error. Uploading multiple such requests in parallel may be enough to render a service practically unusable, even if reasonable request size limits are enforced by a reverse proxy in front of Starlette. This Denial of service (DoS) vulnerability affects all applications built with Starlette (or FastAPI) accepting form requests. Verison 0.40.0 fixes this issue. | ||||