Export limit exceeded: 348208 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348208 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-57423 | 1 Myclub | 1 Myclub | 2026-04-15 | 6.5 Medium |
| A SQL injection vulnerability was discovered in the /articles endpoint of MyClub 0.5, affecting the query parameters Content, GroupName, PersonName, lastUpdate, pool, and title. Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database. | ||||
| CVE-2025-24505 | 2026-04-15 | N/A | ||
| This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by uploading a specially crafted upgrade file. | ||||
| CVE-2025-5742 | 2026-04-15 | 5.4 Medium | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server | ||||
| CVE-2025-2406 | 2026-04-15 | 7.6 High | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Verisay Communication and Information Technology Industry and Trade Ltd. Co. Trizbi allows Cross-Site Scripting (XSS).This issue affects Trizbi: before 2.144.4. | ||||
| CVE-2025-57457 | 1 Curo | 1 Uc300 | 2026-04-15 | 8.8 High |
| An OS Command Injection vulnerability in the Admin panel in Curo UC300 5.42.1.7.1.63R1 allows local attackers to inject arbitrary OS Commands via the "IP Addr" parameter. | ||||
| CVE-2025-57515 | 2026-04-15 | 9.8 Critical | ||
| A SQL injection vulnerability has been identified in Uniclare Student Portal v2. This flaw allows remote attackers to inject arbitrary SQL commands via vulnerable input fields, enabling the execution of time-delay functions to infer database responses. | ||||
| CVE-2025-20059 | 2026-04-15 | 9.1 Critical | ||
| Relative Path Traversal vulnerability in Ping Identity PingAM Java Policy Agent allows Parameter Injection.This issue affects PingAM Java Policy Agent: through 5.10.3, through 2023.11.1, through 2024.9. | ||||
| CVE-2025-20057 | 2026-04-15 | 3.5 Low | ||
| Uncontrolled resource consumption for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow an authenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2025-41023 | 1 Thesamur | 1 Autogpt | 2026-04-15 | N/A |
| An authentication bypass vulnerability has been found in Thesamur's AutoGPT. This vulnerability allows an attacker to bypass authentication mechanisms. Once inside the web application, the attacker can use any of its features regardless of the authorisation method used. | ||||
| CVE-2025-55398 | 1 Asn1c Project | 1 Asn1c | 2026-04-15 | 9.8 Critical |
| An issue was discovered in mouse07410 asn1c thru 0.9.29 (2025-03-20) - a fork of vlm asn1c. In UPER (Unaligned Packed Encoding Rules), asn1c-generated decoders fail to enforce INTEGER constraints when the bound is positive and exceeds 32 bits in length, potentially allowing incorrect or malicious input to be processed. | ||||
| CVE-2025-20048 | 1 Intel | 1 Trace Analyzer And Collector | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path for the Intel(R) Trace Analyzer and Collector software all verions may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-55346 | 1 Flowiseai | 1 Flowise | 2026-04-15 | 9.8 Critical |
| User-controlled input flows to an unsafe implementation of a dynamic Function constructor, allowing network attackers to run arbitrary unsandboxed JS code in the context of the host, by sending a simple POST request. | ||||
| CVE-2025-20047 | 2026-04-15 | 5.7 Medium | ||
| Improper locking in the Intel(R) Integrated Connectivity I/O interface (CNVi) for some Intel(R) Core™ Ultra Processors may allow an unauthenticated user to potentially enable escalation of privilege via physical access. | ||||
| CVE-2025-20055 | 2026-04-15 | 9.8 Critical | ||
| OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command. | ||||
| CVE-2025-20043 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) RealSense™ SDK software before version 2.56.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-4437 | 1 Redhat | 1 Openshift | 2026-04-15 | 5.7 Medium |
| There's a vulnerability in the CRI-O application where when container is launched with securityContext.runAsUser specifying a non-existent user, CRI-O attempts to create the user, reading the container's entire /etc/passwd file into memory. If this file is excessively large, it can cause the a high memory consumption leading applications to be killed due to out-of-memory. As a result a denial-of-service can be achieved, possibly disrupting other pods and services running in the same host. | ||||
| CVE-2025-20052 | 2026-04-15 | 7.3 High | ||
| Improper access control for some Intel(R) Graphics software may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-20041 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path for some Intel(R) Graphics software for Intel(R) Arc™ graphics and Intel(R) Iris(R) Xe graphics before version 32.0.101.6325/32.0.101.6252 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-55306 | 2026-04-15 | 9.8 Critical | ||
| GenX_FX is an advance IA trading platform that will focus on forex trading. A vulnerability was identified in the GenX FX backend where API keys and authentication tokens may be exposed if environment variables are misconfigured. Unauthorized users could gain access to cloud resources (Google Cloud, Firebase, GitHub, etc.). | ||||
| CVE-2025-55047 | 2026-04-15 | 8.4 High | ||
| CWE-798 Use of Hard-coded Credentials | ||||