Export limit exceeded: 345795 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345795 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-50240 | 2026-04-15 | 9.8 Critical | ||
| nbcio-boot v1.0.3 was discovered to contain a SQL injection vulnerability via the userIds parameter at /sys/user/deleteRecycleBin. | ||||
| CVE-2025-11008 | 2 Ce21, Wordpress | 2 Ce21-suite, Wordpress | 2026-04-15 | 9.8 Critical |
| The CE21 Suite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.3.1 via the log file. This makes it possible for unauthenticated attackers to extract sensitive data including authentication credentials, which can be used to log in as other users as long as they have used the plugin's custom authentication feature before. This may include administrators, which makes a complete site takeover possible. | ||||
| CVE-2025-11009 | 1 Mitsubishielectric | 1 Gt Designer3 | 2026-04-15 | 5.1 Medium |
| Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric GT Designer3 Version1 (GOT2000) all versions and Mitsubishi Electric GT Designer3 Version1 (GOT1000) all versions allows a local unauthenticated attacker to obtain plaintext credentials from the project file for GT Designer3. This could allow the attacker to operate illegally GOT2000 series or GOT1000 series by using the obtained credentials. | ||||
| CVE-2025-11016 | 1 Kalcaddle | 1 Kodbox | 2026-04-15 | 4.3 Medium |
| A security vulnerability has been detected in kalcaddle kodbox up to 1.61.09. The affected element is the function fileOut of the file app/controller/explorer/index.class.php. Such manipulation of the argument path leads to path traversal. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-11022 | 2026-04-15 | 9.6 Critical | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Personal Project Panilux allows Cross Site Request Forgery. This CSRF vulnerability resulting in Command Injection has been identified. This issue affects Panilux: before v.0.10.0. NOTE: The vendor was contacted and responded that they deny ownership of the mentioned product. | ||||
| CVE-2025-11025 | 1 Vimesoft | 1 Vimesoft | 2026-04-15 | 5.3 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Vimesoft Information Technologies and Software Inc. Vimesoft Corporate Messaging Platform allows Retrieve Embedded Sensitive Data.This issue affects Vimesoft Corporate Messaging Platform: from V1.3.0 before V2.0.0. | ||||
| CVE-2025-50434 | 2026-04-15 | 5.3 Medium | ||
| A security issue has been identified in Appian Enterprise Business Process Management version 25.3. The vulnerability is related to incorrect access control, which under certain conditions could allow unauthorized access to information. NOTE: this has been disputed because the CVE Record information does not originate from the Supplier, and the report lacks specificity about why a problem exists, how the behavior could be reproduced, and whether any action could be taken to resolve the problem. | ||||
| CVE-2025-13819 | 1 Mir | 2 Fleet, Robot | 2026-04-15 | 6.1 Medium |
| Open redirect in the web server component of MiR Robot and Fleet software allows a remote attacker to redirect users to arbitrary external websites via a crafted parameter, facilitating phishing or social engineering attacks. | ||||
| CVE-2025-11030 | 1 Tutorials-website | 1 Employee Management System | 2026-04-15 | 7.3 High |
| A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The attack may be performed from remote. The exploit is now public and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. | ||||
| CVE-2025-11034 | 1 Dibo | 1 Data Decision Making System | 2026-04-15 | 4.3 Medium |
| A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/common_dep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2025-11043 | 1 Br-automation | 2 Automation Studio, Studio | 2026-04-15 | 7.4 High |
| An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges. | ||||
| CVE-2025-11044 | 1 Br-automation | 1 Automation Runtime | 2026-04-15 | 6.8 Medium |
| An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices. | ||||
| CVE-2025-50690 | 2026-04-15 | 6.1 Medium | ||
| A Cross-Site Scripting (XSS) vulnerability exists in SpatialReference.org (OSGeo/spatialreference.org) versions prior to 2025-05-17 (commit 2120adfa17ddd535bd0f539e6c4988fa3a2cb491). The vulnerability is caused by improper handling of user input in the search query parameter. An attacker can craft a specially formed URL with malicious JavaScript code, which is then reflected back and executed in the victim's browser. This flaw allows an attacker to execute arbitrary JavaScript in the context of the victim's session, potentially leading to session hijacking, phishing attacks, data theft, or redirection to malicious sites. The issue is exposed on publicly accessible pages, making it exploitable by an unauthenticated attacker. | ||||
| CVE-2025-50708 | 2026-04-15 | 7.5 High | ||
| An issue in Perplexity AI GPT-4 v.2.51.0 allows a remote attacker to obtain sensitive information via the token component in the shared chat URL | ||||
| CVE-2025-13824 | 1 Rockwellautomation | 3 Micro820, Micro850, Micro870 | 2026-04-15 | N/A |
| A security issue exists due to improper handling of malformed CIP packets during fuzzing. The controller enters a hard fault with solid red Fault LED and becomes unresponsive. Upon power cycle, the controller will enter recoverable fault where the MS LED and Fault LED become flashing red and reports fault code 0xF019. To recover, clear the fault. | ||||
| CVE-2025-11045 | 1 Wayos | 5 Lq-04, Lq-05, Lq-06 and 2 more | 2026-04-15 | 7.3 High |
| A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-11060 | 1 Redhat | 1 Service Mesh | 2026-04-15 | 5.7 Medium |
| A flaw was found in the live query subscription mechanism of the database engine. This vulnerability allows record or guest users to observe unauthorized records within the same table, bypassing access controls, via crafted LIVE SELECT subscriptions when other users alter or delete records. | ||||
| CVE-2025-11065 | 1 Redhat | 13 Acm, Advanced Cluster Security, Certifications and 10 more | 2026-04-15 | 5.3 Medium |
| A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts. | ||||
| CVE-2025-1107 | 2026-04-15 | 9.9 Critical | ||
| Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a specific POST request and send it to the endpoint ‘/public/cgi/Gateway.php’. | ||||
| CVE-2025-13827 | 1 Mautic | 1 Mautic | 2026-04-15 | N/A |
| Summary Arbitrary files can be uploaded via the GrapesJS Builder, as the types of files that can be uploaded are not restricted. ImpactIf the media folder is not restricted from running files this can lead to a remote code execution. | ||||