Export limit exceeded: 344819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20061 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to perform an SQL injection attack against an affected device. To exploit this vulnerability, the attacker must have valid user credentials on the affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP(S) request to the web-based management interface of an affected device. A successful exploit could allow the attacker to view data on the affected device. | ||||
| CVE-2026-20060 | 2026-04-15 | 4.7 Medium | ||
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious web page. | ||||
| CVE-2026-20059 | 2026-04-15 | 6.1 Medium | ||
| A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a reflected XSS attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | ||||
| CVE-2025-63029 | 2026-04-15 | 7.6 High | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Lovers WCFM Marketplace allows SQL Injection.This issue affects WCFM Marketplace: from n/a through 3.7.1. | ||||
| CVE-2025-15635 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Zaytech Smart Online Order for Clover allows Cross Site Request Forgery.This issue affects Smart Online Order for Clover: from n/a through 1.6.0. | ||||
| CVE-2026-33119 | 1 Microsoft | 1 Edge | 2026-04-15 | 5.4 Medium |
| User interface (ui) misrepresentation of critical information in Microsoft Edge (Chromium-based) allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33118 | 1 Microsoft | 1 Edge Chromium | 2026-04-15 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2026-32214 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 5.5 Medium |
| Improper access control in Universal Plug and Play (upnp.dll) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-33829 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 4.3 Medium |
| Exposure of sensitive information to an unauthorized actor in Windows Snipping Tool allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33824 | 1 Microsoft | 24 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 21 more | 2026-04-15 | 9.8 Critical |
| Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-33827 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 8.1 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows TCP/IP allows an unauthorized attacker to execute code over a network. | ||||
| CVE-2026-33115 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-15 | 8.4 High |
| Use after free in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33114 | 1 Microsoft | 5 365 Apps, Office 2021, Office 2024 and 2 more | 2026-04-15 | 8.4 High |
| Untrusted pointer dereference in Microsoft Office Word allows an unauthorized attacker to execute code locally. | ||||
| CVE-2026-33104 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 7 High |
| Concurrent execution using shared resource with improper synchronization ('race condition') in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33103 | 1 Microsoft | 1 Dynamics 365 | 2026-04-15 | 5.5 Medium |
| Improper access control in Microsoft Dynamics 365 (on-premises) allows an authorized attacker to disclose information locally. | ||||
| CVE-2026-33101 | 1 Microsoft | 11 Windows 11 24h2, Windows 11 24h2, Windows 11 25h2 and 8 more | 2026-04-15 | 7.8 High |
| Use after free in Windows Print Spooler Components allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33100 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-33099 | 1 Microsoft | 25 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 22 more | 2026-04-15 | 7 High |
| Use after free in Windows Ancillary Function Driver for WinSock allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2026-32225 | 1 Microsoft | 29 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 26 more | 2026-04-15 | 8.8 High |
| Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. | ||||
| CVE-2026-32203 | 1 Microsoft | 2 .net, Visual Studio 2022 | 2026-04-15 | 7.5 High |
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||||