Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350381 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350381 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-36759 | 1 Solax | 1 Solax Cloud | 2026-04-15 | N/A |
| Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers. | ||||
| CVE-2022-20655 | 1 Cisco | 8 Carrier Packet Transport, Catalyst Sd-wan Manager, Enterprise Nfv Infrastructure Software and 5 more | 2026-04-15 | 8.8 High |
| A vulnerability in the implementation of the CLI on a device that is running ConfD could allow an authenticated, local attacker to perform a command injection attack. The vulnerability is due to insufficient validation of a process argument on an affected device. An attacker could exploit this vulnerability by injecting commands during the execution of this process. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privilege level of ConfD, which is commonly root. | ||||
| CVE-2024-32730 | 2026-04-15 | 6.5 Medium | ||
| SAP Enable Now Manager does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker with the role 'Learner' could gain access to other user's data in manager which will lead to a high impact to the confidentiality of the application. | ||||
| CVE-2024-32752 | 1 Johnsoncontrols | 2 Icu, Software House Istar Pro Door Controller | 2026-04-15 | 9.1 Critical |
| The iSTAR door controllers running firmware prior to version 6.6.B, does not support authenticated communications with ICU, which may allow an attacker to gain unauthorized access | ||||
| CVE-2024-32754 | 2026-04-15 | 3.1 Low | ||
| Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information. | ||||
| CVE-2022-20845 | 2026-04-15 | 6 Medium | ||
| A vulnerability in the TL1 function of Cisco Network Convergence System (NCS) 4000 Series could allow an authenticated, local attacker to cause a memory leak in the TL1 process. This vulnerability is due to TL1 not freeing memory under some conditions. An attacker could exploit this vulnerability by connecting to the device and issuing TL1 commands after being authenticated. A successful exploit could allow the attacker to cause the TL1 process to consume large amounts of memory. When the memory reaches a threshold, the Resource Monitor (Resmon) process will begin to restart or shutdown the top five consumers of memory, resulting in a denial of service (DoS).Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2022 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see . | ||||
| CVE-2024-32809 | 1 Jumpdemand | 1 Activedemand | 2026-04-15 | 10 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in JumpDEMAND Inc. ActiveDEMAND allows Using Malicious Files.This issue affects ActiveDEMAND: from n/a through 0.2.41. | ||||
| CVE-2024-32821 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in TotalSuite Total Poll Lite.This issue affects Total Poll Lite: from n/a through 4.9.9. | ||||
| CVE-2022-20948 | 2026-04-15 | 5.4 Medium | ||
| A vulnerability in the web management interface of Cisco BroadWorks Hosted Thin Receptionist could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient user input validation. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | ||||
| CVE-2024-32850 | 1 Seiko-sol | 2 Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a110 Firmware | 2026-04-15 | 9.8 Critical |
| Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker with access to the product may execute an arbitrary command or login to the product with the administrator privilege. | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2026-04-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2022-25038 | 1 Waneditor | 1 Waneditor | 2026-04-15 | 6.1 Medium |
| wanEditor v4.7.11 was discovered to contain a cross-site scripting (XSS) vulnerability via the video upload function. | ||||
| CVE-2022-26327 | 2026-04-15 | N/A | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in OpenText Performance Center on Windows allows Retrieve Embedded Sensitive Data.This issue affects Performance Center: 12.63. | ||||
| CVE-2022-26328 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText Performance Center on Windows allows Cross-Site Scripting (XSS).This issue affects Performance Center: 12.63. | ||||
| CVE-2024-32944 | 2026-04-15 | 3.3 Low | ||
| Path traversal vulnerability exists in UTAU versions prior to v0.4.19. If a user of the product installs a crafted UTAU voicebank installer (.uar file, .zip file) to UTAU, an arbitrary file may be placed. | ||||
| CVE-2022-29946 | 1 Nats | 1 Nats Server | 2026-04-15 | 6.3 Medium |
| NATS.io NATS Server before 2.8.2 and Streaming Server before 0.24.6 could allow a remote attacker to bypass security restrictions, caused by the failure to enforce negative user permissions in one scenario. By using a queue subscription on the wildcard, an attacker could exploit this vulnerability to allow denied subjects. | ||||
| CVE-2025-43881 | 2026-04-15 | N/A | ||
| Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product. | ||||
| CVE-2022-29974 | 2026-04-15 | 4.3 Medium | ||
| AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | ||||
| CVE-2022-30636 | 2026-04-15 | 7.5 High | ||
| httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix. | ||||
| CVE-2022-31749 | 2026-04-15 | 6.5 Medium | ||
| An argument injection vulnerability in the diagnose and import pac commands in WatchGuard Fireware OS before 12.8.1, 12.1.4, and 12.5.10 allows an authenticated remote attacker with unprivileged credentials to upload or read files to limited, arbitrary locations on WatchGuard Firebox and XTM appliances | ||||