Export limit exceeded: 344819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 344819 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (344819 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46475 | 1 Metronic | 1 Metronic | 2026-04-15 | 4.8 Medium |
| A reflected cross-site scripting (XSS) vulnerability on the homepage of Metronic Admin Dashboard Template v2.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | ||||
| CVE-2025-26167 | 2026-04-15 | 7.5 High | ||
| Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files. | ||||
| CVE-2025-26169 | 2026-04-15 | 8.1 High | ||
| IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten. | ||||
| CVE-2025-2413 | 1 Akinsoft | 1 Prokuafor | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft ProKuafor allows Authentication Bypass.This issue affects ProKuafor: from s1.02.08 before v1.02.08. | ||||
| CVE-2025-9031 | 1 Netdatasoft | 1 Divvy Drive | 2026-04-15 | 4.3 Medium |
| Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing.This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15. | ||||
| CVE-2025-26201 | 2026-04-15 | 9.1 Critical | ||
| Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. | ||||
| CVE-2025-26263 | 2026-04-15 | 5.1 Medium | ||
| GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | ||||
| CVE-2025-26278 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-39460 | 1 Thimpress | 1 Eduma | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ThimPress Eduma eduma allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eduma: from n/a through <= 5.6.4. | ||||
| CVE-2025-2414 | 1 Akinsoft | 1 Octocloud | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft OctoCloud allows Authentication Bypass.This issue affects OctoCloud: from s1.09.03 before v1.11.01. | ||||
| CVE-2025-39461 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nawawi Jamili Docket Cache docket-cache allows PHP Local File Inclusion.This issue affects Docket Cache: from n/a through <= 24.07.02. | ||||
| CVE-2025-26326 | 2026-04-15 | 8.8 High | ||
| A vulnerability was identified in the NVDA Remote (version 2.6.4) and Tele NVDA Remote (version 2025.3.3) remote connection add-ons, which allows an attacker to obtain total control of the remote system by guessing a weak password. The problem occurs because these add-ons accept any password entered by the user and do not have an additional authentication or computer verification mechanism. Tests indicate that more than 1,000 systems use easy-to-guess passwords, many with less than 4 to 6 characters, including common sequences. This allows brute force attacks or trial-and-error attempts by malicious invaders. The vulnerability can be exploited by a remote attacker who knows or can guess the password used in the connection. As a result, the attacker gains complete access to the affected system and can execute commands, modify files, and compromise user security. | ||||
| CVE-2025-39463 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Select-Themes Dessau dessau allows PHP Local File Inclusion.This issue affects Dessau: from n/a through < 1.9. | ||||
| CVE-2025-47651 | 1 Infility | 1 Infility Global | 2026-04-15 | N/A |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Infility Infility Global infility-global allows SQL Injection.This issue affects Infility Global: from n/a through <= 2.15.06. | ||||
| CVE-2025-8998 | 1 Axis | 1 Axis Os | 2026-04-15 | 3.1 Low |
| It was possible to upload files with a specific name to a temporary directory, which may result in process crashes and impact usability. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. | ||||
| CVE-2025-26381 | 1 Johnsoncontrols | 1 Openblue Workplace | 2026-04-15 | N/A |
| Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information. | ||||
| CVE-2024-46947 | 1 Northern.tech | 1 Mender | 2026-04-15 | 6.5 Medium |
| Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | ||||
| CVE-2025-39465 | 2 Flippercode, Wordpress | 2 Advanced Google Maps, Wordpress | 2026-04-15 | 8.1 High |
| Missing Authorization vulnerability in flippercode Advanced Google Maps wp-google-map-gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Google Maps: from n/a through <= 5.8.4. | ||||
| CVE-2025-26385 | 1 Johnsoncontrols | 1 Metasys | 2026-04-15 | N/A |
| Johnson Controls Metasys component listed below have Improper Neutralization of Special Elements used in a Command (Command Injection) Vulnerability . Successful exploitation of this vulnerability could allow remote SQL execution This issue affects * Metasys: Application and Data Server (ADS) installed with SQL Express deployed as part of the Metasys 14.1 and prior installation, * Extended Application and Data Server (ADX) installed with SQL Express deployed as part of the Metasys 14.1 installation, * LCS8500 or NAE8500 installed with SQL Express deployed as part of the Metasys installation Releases 12.0 through 14.1, * System Configuration Tool (SCT) installed with SQL Express deployed as part of the SCT installation 17.1 and prior, * Controller Configuration Tool (CCT) installed with SQL Express deployed as part of the CCT installation 17.0 and prior. | ||||
| CVE-2025-39470 | 2026-04-15 | N/A | ||
| Path Traversal: '.../...//' vulnerability in ThimPress Ivy School ivy-school allows PHP Local File Inclusion.This issue affects Ivy School: from n/a through <= 1.6.0. | ||||