Export limit exceeded: 351971 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81116 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81116 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-10941 | 2026-04-15 | 7.8 High | ||
| A vulnerability was determined in Topaz SERVCore Teller 2.14.0-RC2/2.14.1. Affected by this issue is some unknown functionality of the file SERVCoreTeller_2.0.40D.msi of the component Installer. Executing manipulation can lead to permission issues. The attack needs to be launched locally. You should upgrade the affected component. The vendor explains, that "this vulnerability was detected at the beginning of 2025, it was remediated because the latest published version of the installer no longer uses "nssm," which is responsible for this vulnerability". | ||||
| CVE-2024-37855 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2026-04-15 | 8.4 High |
| An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. | ||||
| CVE-2024-3780 | 2026-04-15 | 7.8 High | ||
| A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords. | ||||
| CVE-2025-9986 | 1 Vadi Corporate Information Systems | 1 Digikent | 2026-04-15 | 8.2 High |
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vadi Corporate Information Systems Ltd. Co. DIGIKENT allows Excavation.This issue affects DIGIKENT: through 13092025. | ||||
| CVE-2024-37795 | 1 Cvc5 | 1 Cvc5 | 2026-04-15 | 7.5 High |
| A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors. | ||||
| CVE-2024-37794 | 1 Cvc5 | 1 Cvc5 | 2026-04-15 | 7.5 High |
| Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. | ||||
| CVE-2024-37742 | 1 Ethz | 1 Safe Exam Browser | 2026-04-15 | 8.2 High |
| Insecure Access Control in Safe Exam Browser (SEB) = 3.5.0 on Windows. The vulnerability allows an attacker to share clipboard data between the SEB kiosk mode and the underlying system, compromising exam integrity. By exploiting this flaw, an attacker can bypass exam controls and gain an unfair advantage during exams. | ||||
| CVE-2025-10932 | 1 Progress | 1 Moveit Transfer | 2026-04-15 | 8.2 High |
| Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module).This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16. | ||||
| CVE-2024-37676 | 1 Htop | 1 Htop | 2026-04-15 | 8.4 High |
| An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. | ||||
| CVE-2024-55272 | 2026-04-15 | 7.5 High | ||
| An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function. | ||||
| CVE-2024-55195 | 2026-04-15 | 7.5 High | ||
| An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO v3.1.0.0dev may cause a Denial of Service (DoS) when the program to requests to allocate too much space. | ||||
| CVE-2025-12779 | 2 Amazon, Linux | 2 Workspaces, Linux | 2026-04-15 | 8.8 High |
| Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract another local user's authentication token from the shared client machine and access their WorkSpace. To mitigate this issue, users should upgrade to the Amazon WorkSpaces client for Linux version 2025.0 or later. | ||||
| CVE-2025-10239 | 1 Progress | 1 Flowmon | 2026-04-15 | 7.2 High |
| In Flowmon versions prior to 12.5.5, a vulnerability has been identified that allows a user with administrator privileges and access to the management interface to execute additional unintended commands within scripts intended for troubleshooting purposes. | ||||
| CVE-2024-32807 | 2026-04-15 | 8.5 High | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brevo Sendinblue for WooCommerce allows Relative Path Traversal, Manipulating Web Input to File System Calls.This issue affects Sendinblue for WooCommerce: from n/a through 4.0.17. | ||||
| CVE-2025-14459 | 1 Redhat | 1 Container Native Virtualization | 2026-04-15 | 8.5 High |
| A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism. | ||||
| CVE-2024-37232 | 1 Toddnestor | 1 Hercules Core | 2026-04-15 | 8.8 High |
| Missing Authorization vulnerability in Hercules Design Hercules Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hercules Core: from n/a through 6.5. | ||||
| CVE-2024-54453 | 2026-04-15 | 7.5 High | ||
| An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code. | ||||
| CVE-2024-52547 | 1 Lorextechnology | 1 W461asc-e Firmware | 2026-04-15 | 7.2 High |
| An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | ||||
| CVE-2024-54909 | 2026-04-15 | 8.1 High | ||
| A vulnerability has been identified in GoldPanKit eva-server v4.1.0. It affects the path parameter of the /api/resource/local/download endpoint, where manipulation of this parameter can lead to arbitrary file download. | ||||
| CVE-2025-10729 | 1 Qt | 1 Qt | 2026-04-15 | 8.6 High |
| The module will parse a <pattern> node which is not a child of a structural node. The node will be deleted after creation but might be accessed later leading to a use after free. | ||||