Export limit exceeded: 348749 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46737 | 2026-04-15 | 7.4 High | ||
| SEL-5037 Grid Configurator contains an overly permissive Cross Origin Resource Sharing (CORS) configuration for a data gateway service in the application. This gateway service includes an API which is not properly configured to reject requests from unexpected sources. | ||||
| CVE-2024-5343 | 2026-04-15 | 8.8 High | ||
| The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link. | ||||
| CVE-2024-12133 | 1 Redhat | 5 Discovery, Enterprise Linux, Openshift and 2 more | 2026-04-15 | 5.3 Medium |
| A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can slow down or even crash the system. This flaw allows an attacker to send a specially crafted certificate, causing a denial of service attack. | ||||
| CVE-2024-5345 | 1 Thenahidul | 1 Responsive Owl Carousel For Elementor | 2026-04-15 | 8.8 High |
| The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files. | ||||
| CVE-2025-36625 | 1 Tenable | 1 Nessus | 2026-04-15 | 4.3 Medium |
| In Nessus versions prior to 10.8.4, a non-authenticated attacker could alter Nessus logging entries by manipulating http requests to the application. | ||||
| CVE-2025-42876 | 1 Sap | 2 Hana, S/4 Hana | 2026-04-15 | 7.1 High |
| Due to a Missing Authorization Check vulnerability in SAP S/4 HANA Private Cloud (Financials General Ledger), an authenticated attacker with authorization limited to a single company code could read sensitive data and post or modify documents across all company codes. Successful exploitation could result in a high impact to confidentiality and a low impact to integrity, while availability remains unaffected. | ||||
| CVE-2025-46738 | 1 Schweitzer Engineering Laboratories | 1 Sel-5033 Acselerator Rtac Software | 2026-04-15 | 6.6 Medium |
| An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code. | ||||
| CVE-2024-12137 | 2026-04-15 | 7.6 High | ||
| Authentication Bypass by Capture-replay vulnerability in Elfatek Elektronics ANKA JPD-00028 allows Session Hijacking.This issue affects ANKA JPD-00028: before V.01.01. | ||||
| CVE-2025-4675 | 1 Abb | 2 Webpro Snmp Card Powervalue, Webpro Snmp Card Powervalue Ul | 2026-04-15 | 6.5 Medium |
| Improper Check for Unusual or Exceptional Conditions vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | ||||
| CVE-2025-0642 | 1 Poscube | 1 Assist | 2026-04-15 | 6.3 Medium |
| Use of Hard-coded Credentials, Authorization Bypass Through User-Controlled Key vulnerability in PosCube Hardware Software and Consulting Ltd. Co. Assist allows Excavation, Authentication Bypass.This issue affects Assist: through 10.02.2025. | ||||
| CVE-2025-7338 | 2026-04-15 | 7.5 High | ||
| Multer is a node.js middleware for handling `multipart/form-data`. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.2 allows an attacker to trigger a Denial of Service (DoS) by sending a malformed multi-part upload request. This request causes an unhandled exception, leading to a crash of the process. Users should upgrade to version 2.0.2 to receive a patch. No known workarounds are available. | ||||
| CVE-2024-21961 | 1 Amd | 21 Epyc 7002 Series Processors, Epyc Embedded 7002 Series Processors, Ryzen 4000 Series Desktop Processors and 18 more | 2026-04-15 | N/A |
| Improper restriction of operations within the bounds of a memory buffer in PCIe® Link could allow an attacker with access to a guest virtual machine to potentially perform a denial of service attack against the host resulting in loss of availability. | ||||
| CVE-2024-12158 | 2026-04-15 | 5.3 Medium | ||
| The Popup – MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin. | ||||
| CVE-2024-2201 | 1 Redhat | 4 Enterprise Linux, Rhel Els, Rhel Eus and 1 more | 2026-04-15 | 4.7 Medium |
| A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | ||||
| CVE-2025-7385 | 2026-04-15 | N/A | ||
| Input from search query parameter in GOV CMS is not sanitized properly, leading to a Blind SQL injection vulnerability, which might be exploited by an unauthenticated remote attacker. Versions 4.0 and above are not affected. | ||||
| CVE-2025-11175 | 1 Wikimedia | 1 Mediawiki-discussiontools Extension | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection') vulnerability in The Wikimedia Foundation Mediawiki - DiscussionTools Extension allows Regular Expression Exponential Blowup.This issue affects Mediawiki - DiscussionTools Extension: 1.44, 1.43. | ||||
| CVE-2025-4676 | 1 Abb | 2 Webpro Snmp Card Powervalue, Webpro Snmp Card Powervalue Ul | 2026-04-15 | 8.8 High |
| Incorrect Implementation of Authentication Algorithm vulnerability in ABB WebPro SNMP Card PowerValue, ABB WebPro SNMP Card PowerValue UL.This issue affects WebPro SNMP Card PowerValue: through 1.1.8.K; WebPro SNMP Card PowerValue UL: through 1.1.8.K. | ||||
| CVE-2025-7405 | 1 Mitsubishi Electric | 1 Melsec Iq-f Series | 2026-04-15 | 7.3 High |
| Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not have authentication features. | ||||
| CVE-2024-22243 | 1 Redhat | 1 Jboss Fuse | 2026-04-15 | 8.1 High |
| Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. | ||||
| CVE-2023-52169 | 1 7-zip | 1 7-zip | 2026-04-15 | 8.2 High |
| The NtfsHandler.cpp NTFS handler in 7-Zip before 24.01 (for 7zz) contains an out-of-bounds read that allows an attacker to read beyond the intended buffer. The bytes read beyond the intended buffer are presented as a part of a filename listed in the file system image. This has security relevance in some known web-service use cases where untrusted users can upload files and have them extracted by a server-side 7-Zip process. | ||||