Export limit exceeded: 351377 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 80909 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80909 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64129 | 1 Zenitel | 1 Tciv-3+ | 2026-04-15 | 7.6 High |
| Zenitel TCIV-3+ is vulnerable to an out-of-bounds write vulnerability, which could allow a remote attacker to crash the device. | ||||
| CVE-2025-6978 | 1 Arista | 1 Ng Firewall | 2026-04-15 | 7.2 High |
| Diagnostics command injection vulnerability | ||||
| CVE-2023-5401 | 1 Honeywell | 1 Experion Server | 2026-04-15 | 8.1 High |
| Server receiving a malformed message based on a using the specified key values can cause a stack overflow vulnerability which could lead to an attacker performing remote code execution or causing a failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2025-6974 | 2026-04-15 | 7.8 High | ||
| Use of Uninitialized Variable vulnerability exists in the JT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted JT file. | ||||
| CVE-2025-6972 | 2026-04-15 | 7.8 High | ||
| Use After Free vulnerability exists in the CATPRODUCT file reading procedure in SOLIDWORKS eDrawings on Release SOLIDWORKS Desktop 2025. This vulnerability could allow an attacker to execute arbitrary code while opening a specially crafted CATPRODUCT file. | ||||
| CVE-2025-5117 | 2026-04-15 | 8.8 High | ||
| The Property plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the use of the property_package_user_role metadata in versions 1.0.5 to 1.0.6. This makes it possible for authenticated attackers, with Author‐level access and above, to elevate their privileges to that of an administrator by creating a package post whose property_package_user_role is set to administrator and then submitting the PayPal registration form. | ||||
| CVE-2024-39904 | 2026-04-15 | 8.8 High | ||
| VNote is a note-taking platform. Prior to 3.18.1, a code execution vulnerability existed in VNote, which allowed an attacker to execute arbitrary programs on the victim's system. A crafted URI can be used in a note to perform this attack using file:/// as a link. For example, file:///C:/WINDOWS/system32/cmd.exe. This allows attackers to execute arbitrary programs by embedding a reference to a local executable file such as file:///C:/WINDOWS/system32/cmd.exe and file:///C:/WINDOWS/system32/calc.exe. This vulnerability can be exploited by creating and sharing specially crafted notes. An attacker could send a crafted note file and perform further attacks. This vulnerability is fixed in 3.18.1. | ||||
| CVE-2025-11130 | 2 Apple, Ihongren | 2 Macos, Pptp-vpn | 2026-04-15 | 8.4 High |
| A weakness has been identified in iHongRen pptp-vpn 1.0/1.0.1 on macOS. This issue affects the function shouldAcceptNewConnection of the file HelpTool/HelperTool.m of the component XPC Service. This manipulation causes missing authentication. The attack can only be executed locally. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-69674 | 1 Cdatatec | 1 Fd614gs3-r850 | 2026-04-15 | 8.8 High |
| Buffer Overflow vulnerability in CDATA FD614GS3-R850 V3.2.7_P161006 (Build.0333.250211) allows an attacker to execute arbitrary code via the node_mac, node_opt, opt_param, and domainblk parameters of the mesh_node_config and domiainblk_config modules | ||||
| CVE-2025-11223 | 1 Panasonic | 1 Autodownloader | 2026-04-15 | 7.8 High |
| Installer of Panasonic AutoDownloader version 1.2.8 contains an issue with the DLL search path, which may lead to loading a crafted DLL file in the same directory. | ||||
| CVE-2023-48280 | 2026-04-15 | 7.5 High | ||
| Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1. | ||||
| CVE-2025-5279 | 2026-04-15 | 7.5 High | ||
| When the Amazon Redshift Python Connector is configured with the BrowserAzureOAuth2CredentialsProvider plugin, the driver skips the SSL certificate validation step for the Identity Provider. An insecure connection could allow an actor to intercept the token exchange process and retrieve an access token. This issue has been addressed in driver version 2.1.7. Users should upgrade to address this issue and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2025-5105 | 2026-04-15 | 7.3 High | ||
| A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2019-25266 | 1 Wondershare | 1 Application Framework Service | 2026-04-15 | 7.8 High |
| Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context. | ||||
| CVE-2022-50723 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: bnxt_en: fix memory leak in bnxt_nvm_test() Free the kzalloc'ed buffer before returning in the success path. | ||||
| CVE-2024-39894 | 1 Openssh | 1 Openssh | 2026-04-15 | 7.5 High |
| OpenSSH 9.5 through 9.7 before 9.8 sometimes allows timing attacks against echo-off password entry (e.g., for su and Sudo) because of an ObscureKeystrokeTiming logic error. Similarly, other timing attacks against keystroke entry could occur. | ||||
| CVE-2024-57076 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.post function of ajax-request v1.2.3 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-64104 | 2 Langchain, Langchain-ai | 2 Langchain, Langchain | 2026-04-15 | 7.3 High |
| LangGraph SQLite Checkpoint is an implementation of LangGraph CheckpointSaver that uses SQLite DB (both sync and async, via aiosqlite). Prior to 2.0.11, LangGraph's SQLite store implementation contains SQL injection vulnerabilities using direct string concatenation without proper parameterization, allowing attackers to inject arbitrary SQL and bypass access controls. This vulnerability is fixed in 2.0.11. | ||||
| CVE-2025-69408 | 2 Mikado-themes, Wordpress | 2 Healthfirst, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes HealthFirst healthfirst allows PHP Local File Inclusion.This issue affects HealthFirst: from n/a through <= 1.0.1. | ||||
| CVE-2025-20160 | 1 Cisco | 2 Ios, Ios Xe Software | 2026-04-15 | 8.1 High |
| A vulnerability in the implementation of the TACACS+ protocol in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to view sensitive data or bypass authentication. This vulnerability exists because the system does not properly check whether the required TACACS+ shared secret is configured. A machine-in-the-middle attacker could exploit this vulnerability by intercepting and reading unencrypted TACACS+ messages or impersonating the TACACS+ server and falsely accepting arbitrary authentication requests. A successful exploit could allow the attacker to view sensitive information in a TACACS+ message or bypass authentication and gain access to the affected device. | ||||