Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30404 | 1 Meta | 1 Executorch | 2026-04-15 | 9.8 Critical |
| An integer overflow vulnerability in the loading of ExecuTorch models can cause overlapping allocations, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit d158236b1dc84539c1b16843bc74054c9dcba006. | ||||
| CVE-2025-30410 | 1 Acronis | 3 Acronis Cyber Protect 15, Acronis Cyber Protect 16, Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Sensitive data disclosure and manipulation due to missing authentication. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 39870, Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39938, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 41800. | ||||
| CVE-2025-30405 | 1 Meta | 1 Executorch | 2026-04-15 | 9.8 Critical |
| An integer overflow vulnerability in the loading of ExecuTorch models can cause objects to be placed outside their allocated memory area, potentially resulting in code execution or other undesirable effects. This issue affects ExecuTorch prior to commit 0830af8207240df8d7f35b984cdf8bc35d74fa73. | ||||
| CVE-2025-3043 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2025-30407 | 2026-04-15 | N/A | ||
| Local privilege escalation due to a binary hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 39713. | ||||
| CVE-2025-7039 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 3.7 Low |
| A flaw was found in glib. An integer overflow during temporary file creation leads to an out-of-bounds memory access, allowing an attacker to potentially perform path traversal or access private temporary file content by creating symbolic links. This vulnerability allows a local attacker to manipulate file paths and access unauthorized data. The core issue stems from insufficient validation of file path lengths during temporary file operations. | ||||
| CVE-2025-3047 | 2026-04-15 | 6.5 Medium | ||
| When running the AWS Serverless Application Model Command Line Interface (SAM CLI) build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A user could leverage the elevated permissions to access restricted files via symlinks and copy them to a more permissive location on the container. Users should upgrade to v1.133.0 or newer and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2025-3048 | 2026-04-15 | 6.5 Medium | ||
| After completing a build with AWS Serverless Application Model Command Line Interface (SAM CLI) which include symlinks, the content of those symlinks are copied to the cache of the local workspace as regular files or directories. As a result, a user who does not have access to those symlinks outside of the Docker container would now have access via the local workspace. Users should upgrade to version 1.134.0 and ensure any forked or derivative code is patched to incorporate the new fixes. After upgrading, users must re-build their applications using the sam build --use-container to update the symlinks. | ||||
| CVE-2025-30485 | 2026-04-15 | N/A | ||
| UNIX symbolic link (Symlink) following issue exists in FutureNet NXR series, VXR series and WXR series routers. Attaching to the affected product an external storage containing malicious symbolic link files, a logged-in administrative user may obtain and/or destroy internal files. | ||||
| CVE-2025-70758 | 1 Chetans9 | 1 Core-php-admin-panel | 2026-04-15 | 7.5 High |
| chetans9 core-php-admin-panel through commit a94a780d6 contains an authentication bypass vulnerability in includes/auth_validate.php. The application sends an HTTP redirect via header(Location:login.php) when a user is not authenticated but fails to call exit() afterward. This allows remote unauthenticated attackers to access protected pages.customer database. | ||||
| CVE-2025-30508 | 1 Intel | 1 Intel Platforms | 2026-04-15 | 6.5 Medium |
| Improper authorization in the Intel(R) Quick Assist Technology for some Intel(R) Platforms within Ring 0: Kernel may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-3051 | 2026-04-15 | 6.5 Medium | ||
| Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory ('.') to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may be loaded instead of the intended file, potentially leading to arbitrary code execution. Linux::Statm::Tiny uses Mite to produce the affected code section due to CVE-2025-30672 | ||||
| CVE-2025-30521 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top gp-back-to-top allows Cross Site Request Forgery.This issue affects GP Back To Top: from n/a through <= 3.0. | ||||
| CVE-2025-30522 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in Damian Orzol Contact Form 7 Material Design cf7-material-design allows Stored XSS.This issue affects Contact Form 7 Material Design: from n/a through <= 1.0.0. | ||||
| CVE-2025-30523 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Marcel-NL Super Simple Subscriptions super-simple-subscriptions allows SQL Injection.This issue affects Super Simple Subscriptions: from n/a through <= 1.1.0. | ||||
| CVE-2025-40231 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduced by commit 687aa0c5581b ("vsock: Fix transport_* TOCTOU") which added vsock_register_mutex locking in vsock_assign_transport() around the transport->release() call, that can call vsock_linger(). vsock_assign_transport() can be called with sk_lock held. vsock_linger() calls sk_wait_event() that temporarily releases and re-acquires sk_lock. During this window, if another thread hold vsock_register_mutex while trying to acquire sk_lock, a circular dependency is created. Fix this by releasing vsock_register_mutex before calling transport->release() and vsock_deassign_transport(). This is safe because we don't need to hold vsock_register_mutex while releasing the old transport, and we ensure the new transport won't disappear by obtaining a module reference first via try_module_get(). | ||||
| CVE-2025-30524 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog displayproduct allows SQL Injection.This issue affects Product Catalog: from n/a through <= 1.0.4. | ||||
| CVE-2025-40232 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: rv: Fully convert enabled_monitors to use list_head as iterator The callbacks in enabled_monitors_seq_ops are inconsistent. Some treat the iterator as struct rv_monitor *, while others treat the iterator as struct list_head *. This causes a wrong type cast and crashes the system as reported by Nathan. Convert everything to use struct list_head * as iterator. This also makes enabled_monitors consistent with available_monitors. | ||||
| CVE-2024-36137 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 3.9 Low |
| A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file. | ||||
| CVE-2024-53007 | 2026-04-15 | 6.4 Medium | ||
| Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call. | ||||