Export limit exceeded: 352579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 352579 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81326 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81326 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29019 | 1 Esphome | 1 Esphome | 2026-04-15 | 8.1 High |
| ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. | ||||
| CVE-2024-32469 | 1 Decidim | 1 Decidim | 2026-04-15 | 7.1 High |
| Decidim is a participatory democracy framework. The pagination feature used in searches and filters is subject to potential XSS attack through a malformed URL using the GET parameter `per_page`. This vulnerability is fixed in 0.27.6 and 0.28.1. | ||||
| CVE-2024-32368 | 2026-04-15 | 7.3 High | ||
| Insecure Permission vulnerability in Agasta Sanketlife 2.0 Pocket 12-Lead ECG Monitor FW Version 3.0 allows a local attacker to cause a denial of service via the Bluetooth Low Energy (BLE) component. | ||||
| CVE-2025-68838 | 2 Expresstechsoftware, Wordpress | 2 Memberpress Discord Addon, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in expresstechsoftware MemberPress Discord Addon expresstechsoftwares-memberpress-discord-add-on allows Reflected XSS.This issue affects MemberPress Discord Addon: from n/a through <= 1.1.4. | ||||
| CVE-2024-31446 | 2026-04-15 | 7.7 High | ||
| OpenComputers is a Minecraft mod that adds programmable computers and robots to the game. A user can use OpenComputers to get a Computer thread stuck in the Lua VM, which eventually blocks the Server thread, requiring the server to be forcibly shut down. This can be accomplished using any device in the mod and can be performed by anyone who can execute Lua code on them. This occurs while using the native Lua library. LuaJ appears to not have this issue. This vulnerability is fixed in 1.8.4. The GregTech: New Horizons modpack uses its own modified version of OpenComputers. They have applied the relevant patch in version 1.10.10-GTNH. | ||||
| CVE-2024-31556 | 1 Reportico | 1 Reportico | 2026-04-15 | 7.8 High |
| An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid function. | ||||
| CVE-2024-31406 | 1 Roamwifi | 1 R10 | 2026-04-15 | 8.8 High |
| Active debug code vulnerability exists in RoamWiFi R10 prior to 4.8.45. If this vulnerability is exploited, a network-adjacent unauthenticated attacker with access to the device may perform unauthorized operations. | ||||
| CVE-2025-69071 | 2 Ancorathemes, Wordpress | 2 Tantum, Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes TanTum tantum allows PHP Local File Inclusion.This issue affects TanTum: from n/a through <= 1.1.13. | ||||
| CVE-2025-8941 | 1 Redhat | 13 Cert Manager, Confidential Compute Attestation, Discovery and 10 more | 2026-04-15 | 7.8 High |
| A flaw was found in linux-pam. The pam_namespace module may improperly handle user-controlled paths, allowing local users to exploit symlink attacks and race conditions to elevate their privileges to root. This CVE provides a "complete" fix for CVE-2025-6020. | ||||
| CVE-2025-62363 | 1 Ytgrabber-tui | 1 Ytgrabber-tui | 2026-04-15 | 7.8 High |
| yt-grabber-tui is a terminal user interface application for downloading videos. In versions before 1.0-rc, the application allows users to configure the path to the yt-dlp executable via the path_to_yt_dlp configuration setting. An attacker with write access to the configuration file or the filesystem location of the configured executable can replace the executable with malicious code or create a symlink to an arbitrary executable. When the application invokes yt-dlp, the malicious code is executed with the privileges of the user running yt-grabber-tui. This vulnerability has been patched in version 1.0-rc. | ||||
| CVE-2024-30527 | 2026-04-15 | 7.5 High | ||
| Improper Validation of Specified Quantity in Input vulnerability in Tips and Tricks HQ WP Express Checkout (Accept PayPal Payments) allows Manipulating Hidden Fields.This issue affects WP Express Checkout (Accept PayPal Payments): from n/a through 2.3.7. | ||||
| CVE-2024-30516 | 2 Saasproject, Wordpress | 2 Booking Package, Wordpress | 2026-04-15 | 7.5 High |
| Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27. | ||||
| CVE-2024-3052 | 2026-04-15 | 7.5 High | ||
| Malformed S2 Nonce Get command classes can be sent to crash the gateway. A hard reset is required to recover the gateway. | ||||
| CVE-2024-3051 | 1 Silabs | 1 Z\/ip Gateway Sdk | 2026-04-15 | 7.5 High |
| Malformed Device Reset Locally command classes can be sent to temporarily deny service to an end device. Any frames sent by the end device will not be acknowledged by the gateway during this time. | ||||
| CVE-2025-69068 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Muji muji allows PHP Local File Inclusion.This issue affects Muji: from n/a through <= 1.2.0. | ||||
| CVE-2025-69065 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Snow Mountain snowmountain allows PHP Local File Inclusion.This issue affects Snow Mountain: from n/a through <= 1.4.3. | ||||
| CVE-2025-33233 | 1 Nvidia | 1 Merlin Transformers4rec | 2026-04-15 | 7.8 High |
| NVIDIA Merlin Transformers4Rec for all platforms contains a vulnerability where an attacker could cause code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-14101 | 1 Gg Soft | 1 Paperwork | 2026-04-15 | 7.1 High |
| Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers.This issue affects PaperWork: from 5.2.0.9427 before 6.0. | ||||
| CVE-2025-40140 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); } rtl8150_set_multicast() { netif_stop_queue(); netif_wake_queue(); <-- wakes up TX queue before URB is done } rtl8150_start_xmit() { netif_stop_queue(); usb_submit_urb(dev->tx_urb); <-- double submission } rtl8150_set_multicast being the ndo_set_rx_mode callback should not be calling netif_stop_queue and notif_start_queue as these handle TX queue synchronization. The net core function dev_set_rx_mode handles the synchronization for rtl8150_set_multicast making it safe to remove these locks. | ||||
| CVE-2025-14097 | 1 Radiometer | 5 Abl800 Basic Analyzer, Abl800 Flex Analyzer, Abl90 Flex Analyzer and 2 more | 2026-04-15 | 7.2 High |
| A vulnerability in the application software of multiple Radiometer products may allow remote code execution and unauthorized device management when specific internal conditions are met. Exploitation requires that a remote connection is established with additional information obtained through other means. The issue is caused by a weakness in the analyzer’s application software. Other related CVE's are CVE-2025-14095 & CVE-2025-14096. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required Configuration for Exposure: Affected application software version is in use and remote support feature is enabled in the analyzer. Temporary work Around: If the network is not considered secure, please remove the analyzer from the network. Permanent solution: Customers should ensure the following: • The network is secure, and access follows best practices. Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept (PoC). Radiometer is not aware of any publicly available exploits at the time of this publication. | ||||