Export limit exceeded: 348500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348500 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-64388 | 1 Circutor | 1 Tcprs1plus | 2026-04-15 | N/A |
| Denial of service of the web server through specific requests to this protocol | ||||
| CVE-2025-64389 | 1 Circutor | 1 Tcprs1plus | 2026-04-15 | N/A |
| The web server of the device performs exchanges of sensitive information in clear text through an insecure protocol. | ||||
| CVE-2025-3424 | 1 Philips | 1 Intellispace Portal | 2026-04-15 | N/A |
| The IntelliSpace portal application utilizes .NET Remoting for its functionality. The vulnerability arises from the exploitation of port 755 through the "Object Marshalling" technique, which allows an attacker to read internal files without any authentication. This is possible by crafting specific .NET Remoting URLs derived from information enumerated in the client-side configuration files. This issue affects IntelliSpace Portal: 12 and prior. | ||||
| CVE-2025-68922 | 1 Openops | 1 Openops | 2026-04-15 | 7.4 High |
| OpenOps before 0.6.11 allows remote code execution in the Terraform block. | ||||
| CVE-2025-23269 | 2026-04-15 | 4.7 Medium | ||
| NVIDIA Jetson Linux contains a vulnerability in the kernel where an attacker may cause an exposure of sensitive information due to a shared microarchitectural predictor state that influences transient execution. A successful exploit of this vulnerability may lead to information disclosure. | ||||
| CVE-2025-68920 | 2026-04-15 | 8.9 High | ||
| C-Kermit (aka ckermit) through 10.0 Beta.12 (aka 416-beta12) before 244644d allows a remote Kermit system to overwrite files on the local system, or retrieve arbitrary files from the local system. | ||||
| CVE-2025-23261 | 1 Nvidia | 2 Cumulus Linux, Nvs | 2026-04-15 | 5.5 Medium |
| NVIDIA Cumulus Linux and NVOS products contain a vulnerability, where hashed user passwords are not properly suppressed in log files, potentially disclosing information to unauthorized users. | ||||
| CVE-2025-23266 | 1 Nvidia | 1 Container Toolkit | 2026-04-15 | 9 Critical |
| NVIDIA Container Toolkit for all platforms contains a vulnerability in some hooks used to initialize the container, where an attacker could execute arbitrary code with elevated permissions. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, information disclosure, and denial of service. | ||||
| CVE-2025-34162 | 2026-04-15 | N/A | ||
| An unauthenticated SQL injection vulnerability exists in the GetLyfsByParams endpoint of Bian Que Feijiu Intelligent Emergency and Quality Control System, accessible via the /AppService/BQMedical/WebServiceForFirstaidApp.asmx interface. The backend fails to properly sanitize user-supplied input in the strOpid parameter, allowing attackers to inject arbitrary SQL statements. This can lead to data exfiltration, authentication bypass, and potentially remote code execution, depending on backend configuration. The vulnerability is presumed to affect builds released prior to June 2025 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2025-07-23 UTC. | ||||
| CVE-2025-23259 | 1 Nvidia | 2 Mellanox Os, Mellanox Os Firmware | 2026-04-15 | 6.5 Medium |
| NVIDIA Mellanox DPDK contains a vulnerability in Poll Mode Driver (PMD), where an attacker on a VM in the system might be able to cause information disclosure and denial of service on the network interface. | ||||
| CVE-2025-23263 | 2026-04-15 | 7.6 High | ||
| NVIDIA DOCA-Host and Mellanox OFED contain a vulnerability in the VGT+ feature, where an attacker on a VM might cause escalation of privileges and denial of service on the VLAN. | ||||
| CVE-2025-23258 | 1 Nvidia | 1 Doca | 2026-04-15 | 7.3 High |
| NVIDIA DOCA contains a vulnerability in the collectx-dpeserver Debian package for arm64 that could allow an attacker with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2025-23257 | 1 Nvidia | 1 Doca | 2026-04-15 | 7.3 High |
| NVIDIA DOCA contains a vulnerability in the collectx-clxapidev Debian package that could allow an actor with low privileges to escalate privileges. A successful exploit of this vulnerability might lead to escalation of privileges. | ||||
| CVE-2024-11749 | 2026-04-15 | 6.4 Medium | ||
| The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-68746 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer timeout is reached. While handling the timeouts, any pending transfers are cleaned up and the message that they correspond to is marked as failed, which leaves the curr_xfer field pointing at stale memory. To avoid this, clear curr_xfer to NULL upon timeout and check for this condition when the IRQ thread is finally run. While at it, also make sure to clear interrupts on failure so that new interrupts can be run. A better, more involved, fix would move the interrupt clearing into a hard IRQ handler. Ideally we would also want to signal that the IRQ thread no longer needs to be run after the timeout is hit to avoid the extra check for a valid transfer. | ||||
| CVE-2025-23256 | 1 Nvidia | 4 Bluefield, Bluefield 2 Ga, Bluefield 2 Lts and 1 more | 2026-04-15 | 8.7 High |
| NVIDIA BlueField contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorization to modify the configuration. A successful exploit of this vulnerability might lead to denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23246 | 2026-04-15 | 5.5 Medium | ||
| NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to consume uncontrolled resources. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23245 | 2026-04-15 | 5.5 Medium | ||
| NVIDIA vGPU software for Windows and Linux contains a vulnerability in the Virtual GPU Manager (vGPU plugin), where it allows a guest to access global resources. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23244 | 1 Nvidia | 1 Gpu Display Driver | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-23237 | 2026-04-15 | N/A | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in UD-LT2 firmware Ver.1.00.008_SE and earlier. If a user logs in to CLI of the affected product, an arbitrary OS command may be executed. | ||||