Export limit exceeded: 346329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346329 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346329 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6544 | 1 Redhat | 3 Build Keycloak, Red Hat Single Sign On, Rhosemc | 2026-04-15 | 5.4 Medium |
| A flaw was found in the Keycloak package. This issue occurs due to a permissive regular expression hardcoded for filtering which allows hosts to register a dynamic client. A malicious user with enough information about the environment could jeopardize an environment with this specific Dynamic Client Registration and TrustedDomain configuration previously unauthorized. | ||||
| CVE-2024-41655 | 2026-04-15 | 7.5 High | ||
| TF2 Item Format helps users format TF2 items to the community standards. Versions of `tf2-item-format` since at least `4.2.6` and prior to `5.9.14` are vulnerable to a Regular Expression Denial of Service (ReDoS) attack when parsing crafted user input. This vulnerability can be exploited by an attacker to perform DoS attacks on any service that uses any `tf2-item-format` to parse user input. Version `5.9.14` contains a fix for the issue. | ||||
| CVE-2023-6596 | 1 Redhat | 1 Openshift | 2026-04-15 | 7.5 High |
| An incomplete fix was shipped for the Rapid Reset (CVE-2023-44487/CVE-2023-39325) vulnerability for an OpenShift Containers. | ||||
| CVE-2023-6597 | 2 Python Software Foundation, Redhat | 8 Cpython, Enterprise Linux, Openshift and 5 more | 2026-04-15 | 7.8 High |
| An issue was found in the CPython `tempfile.TemporaryDirectory` class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The tempfile.TemporaryDirectory class would dereference symlinks during cleanup of permissions-related errors. This means users which can run privileged programs are potentially able to modify permissions of files referenced by symlinks in some circumstances. | ||||
| CVE-2024-41660 | 1 Openbmc-project | 1 Slpd-lite | 2026-04-15 | 9.8 Critical |
| slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository. | ||||
| CVE-2024-6000 | 1 Fooevents | 1 Fooevents | 2026-04-15 | 7.1 High |
| The FooEvents for WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary file uploads due to an improper capability setting on the 'display_ticket_themes_page' function in versions up to, and including, 1.19.20. This makes it possible for authenticated attackers with contributor-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This was partially patched in 1.19.20, and fully patched in 1.19.21. | ||||
| CVE-2025-11242 | 1 Teknolist Computer Systems Software Publishing Industry And Trade Inc. | 1 Okulistik | 2026-04-15 | 9.8 Critical |
| Server-Side Request Forgery (SSRF) vulnerability in Teknolist Computer Systems Software Publishing Industry and Trade Inc. Okulistik allows Server Side Request Forgery.This issue affects Okulistik: through 21102025. | ||||
| CVE-2023-6717 | 1 Redhat | 15 Amq Broker, Build Keycloak, Jboss Data Grid and 12 more | 2026-04-15 | 6 Medium |
| A flaw was found in the SAML client registration in Keycloak that could allow an administrator to register malicious JavaScript URIs as Assertion Consumer Service POST Binding URLs (ACS), posing a Cross-Site Scripting (XSS) risk. This issue may allow a malicious admin in one realm or a client with registration access to target users in different realms or applications, executing arbitrary JavaScript in their contexts upon form submission. This can enable unauthorized access and harmful actions, compromising the confidentiality, integrity, and availability of the complete KC instance. | ||||
| CVE-2024-41663 | 1 Thinkst | 1 Canarytokens | 2026-04-15 | 3.5 Low |
| Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of their slow redirect token. When the creator later browses the management page for their own Canarytoken, the Javascript executes. This is a self-XSS. An attacker could create a Canarytoken with this self-XSS, and send the management link to a victim. When they click on it, the Javascript would execute. However, no sensitive information (ex. session information) will be disclosed to the malicious actor. This issue is now patched on Canarytokens.org. Users of self-hosted Canarytokens installations can update by pulling the latest Docker image, or any Docker image after `sha-097d91a`. | ||||
| CVE-2024-6001 | 1 Lenovo | 1 Accessories And Display Manager | 2026-04-15 | 8.1 High |
| An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. | ||||
| CVE-2023-6728 | 2026-04-15 | 3.3 Low | ||
| Nokia SR OS bof.cfg file encryption is vulnerable to a brute force attack. This weakness allows an attacker in possession of the encrypted file to decrypt the bof.cfg file and obtain the BOF configuration content. | ||||
| CVE-2023-6814 | 1 Hitachi | 1 Cosminexus Component Container | 2026-04-15 | 5.6 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Cosminexus Component Container allows local users to gain sensitive information.This issue affects Cosminexus Component Container: from 11-30 before 11-30-05, from 11-20 before 11-20-07, from 11-10 before 11-10-10, from 11-00 before 11-00-12, All versions of V8 and V9. | ||||
| CVE-2025-8524 | 2 Boquan, Google | 2 Dotwalle App, Android | 2026-04-15 | 5.3 Medium |
| A vulnerability was found in Boquan DotWallet App 2.15.2 on Android and classified as problematic. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.boquanhash.dotwallet. The manipulation leads to improper export of android application components. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-8529 | 1 Favorites-web Project | 1 Favorites-web | 2026-04-15 | 6.3 Medium |
| A vulnerability classified as critical was found in cloudfavorites favorites-web up to 1.3.0. Affected by this vulnerability is the function getCollectLogoUrl of the file app/src/main/java/com/favorites/web/CollectController.java. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-6833 | 1 Hitachi | 1 Ops Center Administrator | 2026-04-15 | 4.4 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator allows local users to gain sensitive information.This issue affects Hitachi Ops Center Administrator: before 11.0.1. | ||||
| CVE-2024-41692 | 1 Syrotech | 1 Sy-gpon-1110-wdont Firmware | 2026-04-15 | N/A |
| This vulnerability exists in SyroTech SY-GPON-1110-WDONT Router due to presence of root terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the root shell on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary commands with root privileges on the targeted system. | ||||
| CVE-2023-6948 | 2026-04-15 | 3 Low | ||
| A Buffer Copy without Checking Size of Input issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the sdk_printf function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||
| CVE-2024-41694 | 2026-04-15 | 5.3 Medium | ||
| Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-6003 | 2026-04-15 | 7.3 High | ||
| A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-268692. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-7004 | 1 Sciener | 1 Ttlock App | 2026-04-15 | 6.5 Medium |
| The TTLock App does not employ proper verification procedures to ensure that it is communicating with the expected device, allowing for connection to a device that spoofs the MAC address of a lock, which compromises the legitimate locks integrity. | ||||