Export limit exceeded: 348191 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348191 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20041 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-55306 | 2026-04-15 | 9.8 Critical | ||
| GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.). | ||||
| CVE-2025-55047 | 2026-04-15 | 8.4 High | ||
| CWE-798 Use of Hard-coded Credentials | ||||
| CVE-2025-55060 | 2026-04-15 | 6.1 Medium | ||
| CWE-601 URL Redirection to Untrusted Site ('Open Redirect') | ||||
| CVE-2025-55061 | 2026-04-15 | 8.8 High | ||
| CWE-434 Unrestricted Upload of File with Dangerous Type | ||||
| CVE-2025-55072 | 1 Neojapan | 1 Desknet Neo | 2026-04-15 | N/A |
| Stored cross-site scripting (XSS) vulnerability in desknet's NEO V2.0R1.0 to V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser. | ||||
| CVE-2025-1968 | 2026-04-15 | 7.7 High | ||
| Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429. | ||||
| CVE-2025-55118 | 1 Bmc | 1 Control-m/agent | 2026-04-15 | 8.9 High |
| Memory corruptions can be remotely triggered in the Control-M/Agent when SSL/TLS communication is configured. The issue occurs in the following cases: * Control-M/Agent 9.0.20: SSL/TLS configuration is set to the non-default setting "use_openssl=n"; * Control-M/Agent 9.0.21 and 9.0.22: Agent router configuration uses the non-default settings "JAVA_AR=N" and "use_openssl=n" | ||||
| CVE-2025-1979 | 2026-04-15 | 6.4 Medium | ||
| Versions of the package ray before 2.43.0 are vulnerable to Insertion of Sensitive Information into Log File where the redis password is being logged in the standard logging. If the redis password is passed as an argument, it will be logged and could potentially leak the password. This is only exploitable if: 1) Logging is enabled; 2) Redis is using password authentication; 3) Those logs are accessible to an attacker, who can reach that redis instance. **Note:** It is recommended that anyone who is running in this configuration should update to the latest version of Ray, then rotate their redis password. | ||||
| CVE-2025-1981 | 2026-04-15 | N/A | ||
| Improper neutralization of input provided by a low-privileged user into a file search functionality in Ready_'s Invoices module allows for SQL Injection attacks. | ||||
| CVE-2025-1982 | 2026-04-15 | N/A | ||
| Local File Inclusion vulnerability in Ready's attachment upload panel allows low privileged user to provide link to a local file using the file:// protocol thus allowing the attacker to read content of the file. This vulnerability can be use to read content of system files. | ||||
| CVE-2025-10360 | 1 Puppet | 1 Puppet Enterprise | 2026-04-15 | N/A |
| In Puppet Enterprise versions 2025.4.0 and 2025.5, the encryption key used for encrypting content in the Infra Assistant database was not excluded from the files gathered by Puppet backup. The key is only present on the system if the user has a Puppet Enterprise Advanced license and has enabled the Infra Assistant feature. The key is used for encrypting one particular bit of data in the Infra Assistant database: the API key for their AI provider account. This has been fixed in Puppet Enterprise version 2025.6, and release notes for 2025.6 have remediation steps for users of affected versions who can't update to the latest version. | ||||
| CVE-2025-1983 | 2026-04-15 | N/A | ||
| A cross-site scripting (XSS) vulnerability in Ready_'s File Explorer upload functionality allows injection of arbitrary JavaScript code in filename. Injected content is stored on server and is executed every time a user interacts with the uploaded file. | ||||
| CVE-2025-55178 | 1 Meta Platforms Inc | 1 Llama Stack | 2026-04-15 | 5.3 Medium |
| Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. | ||||
| CVE-2025-1984 | 2026-04-15 | 5.2 Medium | ||
| Xerox Desktop Print Experience application contains a Local Privilege Escalation (LPE) vulnerability, which allows a low-privileged user to gain SYSTEM-level access. | ||||
| CVE-2025-20003 | 2026-04-15 | 8.2 High | ||
| Improper link resolution before file access ('Link Following') for some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20004 | 2026-04-15 | 7.2 High | ||
| Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20008 | 2026-04-15 | 7.7 High | ||
| Insecure inherited permissions for some Intel(R) Simics(R) Package Manager software before version 1.12.0 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-20012 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 4.9 Medium |
| Incorrect behavior order for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable information disclosure via physical access. | ||||
| CVE-2025-20013 | 2026-04-15 | 5.5 Medium | ||
| Exposure of sensitive information to an unauthorized actor for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable information disclosure via local access. | ||||