Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3427 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2011-10013 | 1 Traq | 1 Traq | 2026-04-15 | N/A |
| Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php to inject and execute arbitrary PHP code. | ||||
| CVE-2022-50979 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | ||||
| CVE-2025-49596 | 2026-04-15 | N/A | ||
| The MCP inspector is a developer tool for testing and debugging MCP servers. Versions of MCP Inspector below 0.14.1 are vulnerable to remote code execution due to lack of authentication between the Inspector client and proxy, allowing unauthenticated requests to launch MCP commands over stdio. Users should immediately upgrade to version 0.14.1 or later to address these vulnerabilities. | ||||
| CVE-2025-20700 | 1 Airoha | 6 Ab156x, Ab157x, Ab158x and 3 more | 2026-04-15 | 8.8 High |
| In the Airoha Bluetooth audio SDK, there is a possible permission bypass that allows access critical data of RACE protocol through Bluetooth LE GATT service. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2025-41656 | 1 Nodered | 1 Node-red | 2026-04-15 | 10 Critical |
| An unauthenticated remote attacker can run arbitrary commands on the affected devices with high privileges because the authentication for the Node_RED server is not configured by default. | ||||
| CVE-2025-40771 | 1 Siemens | 6 Simatic Cp 1542sp-1, Simatic Cp 1542sp-1 Irc, Simatic Cp 1543sp-1 and 3 more | 2026-04-15 | 9.8 Critical |
| A vulnerability has been identified in SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.4.24), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.4.24), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.4.24). Affected devices do not properly authenticate configuration connections. This could allow an unauthenticated remote attacker to access the configuration data. | ||||
| CVE-2022-50977 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | ||||
| CVE-2024-10205 | 1 Hitachi | 2 Infrastructure Analytics Advisor, Ops Center Analyzer | 2026-04-15 | 9.4 Critical |
| Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00. | ||||
| CVE-2025-0355 | 2026-04-15 | 7.5 High | ||
| Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | ||||
| CVE-2025-48994 | 2026-04-15 | N/A | ||
| SignXML is an implementation of the W3C XML Signature standard in Python. When verifying signatures with X509 certificate validation turned off and HMAC shared secret set (`signxml.XMLVerifier.verify(require_x509=False, hmac_key=...`), versions of SignXML prior to 4.0.4 are vulnerable to a potential algorithm confusion attack. Unless the user explicitly limits the expected signature algorithms using the `signxml.XMLVerifier.verify(expect_config=...)` setting, an attacker may supply a signature unexpectedly signed with a key other than the provided HMAC key, using a different (asymmetric key) signature algorithm. Starting with SignXML 4.0.4, specifying `hmac_key` causes the set of accepted signature algorithms to be restricted to HMAC only, if not already restricted by the user. | ||||
| CVE-2023-7329 | 2 Cisco, Tinycontrol | 2 Wireless Lan Controller Software Firmware, Lan Controller | 2026-04-15 | N/A |
| Tinycontrol LAN Controller v3 (LK3) firmware versions up to 1.58a (hardware v3.8) contain a missing authentication vulnerability in the stm.cgi endpoint. A remote, unauthenticated attacker can send crafted requests to forcibly reboot the device or restore factory settings, leading to a denial of service and configuration loss. | ||||
| CVE-2025-48397 | 1 Eaton | 1 Brightlayer Software Suite | 2026-04-15 | 7.1 High |
| The privileged user could log in without sufficient credentials after enabling an application protocol. This security issue has been fixed in the latest script patch latest version of of Eaton BLSS (7.3.0.SCP004). | ||||
| CVE-2024-3219 | 1 Python Software Foundation | 1 Cpython | 2026-04-15 | N/A |
| The “socket” module provides a pure-Python fallback to the socket.socketpair() function for platforms that don’t support AF_UNIX, such as Windows. This pure-Python implementation uses AF_INET or AF_INET6 to create a local connected pair of sockets. The connection between the two sockets was not verified before passing the two sockets back to the user, which leaves the server socket vulnerable to a connection race from a malicious local peer. Platforms that support AF_UNIX such as Linux and macOS are not affected by this vulnerability. Versions prior to CPython 3.5 are not affected due to the vulnerable API not being included. | ||||
| CVE-2024-9832 | 1 Baxter | 1 Life2000 Ventilator Firmware | 2026-04-15 | 9.3 Critical |
| There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the function of the device and/or result in unauthorized information disclosure. | ||||
| CVE-2025-24924 | 2026-04-15 | 9.8 Critical | ||
| Certain functionality within GMOD Apollo does not require authentication when passed with an administrative username | ||||
| CVE-2025-53534 | 1 Ratpanel Project | 1 Ratpanel | 2026-04-15 | N/A |
| RatPanel is a server operation and maintenance management panel. In versions 2.3.19 through 2.5.5, when an attacker obtains the backend login path of RatPanel (including but not limited to weak default paths, brute-force cracking, etc.), they can execute system commands or take over hosts managed by the panel without logging in. In addition to this remote code execution (RCE) vulnerability, the flawed code also leads to unauthorized access. RatPanel uses the CleanPath middleware provided by github.com/go-chi/chi package to clean URLs, but but the middleware does not process r.URL.Path, which can cause the paths to be misinterpreted. This is fixed in version 2.5.6. | ||||
| CVE-2023-6215 | 1 Hp | 2 Hp, Sure Start Ifd Protection | 2026-04-15 | N/A |
| A potential security vulnerability has been identified in HP Sure Start’s protection of the Intel Flash Descriptor in certain HP PC products, which might allow security bypass, arbitrary code execution, loss of integrity or confidentiality, or denial of service. HP is releasing BIOS updates to mitigate the potential vulnerability. | ||||
| CVE-2025-5187 | 1 Kubernetes | 1 Kubernetes | 2026-04-15 | 6.7 Medium |
| A vulnerability exists in the NodeRestriction admission controller in Kubernetes clusters where node users can delete their corresponding node object by patching themselves with an OwnerReference to a cluster-scoped resource. If the OwnerReference resource does not exist or is subsequently deleted, the given node object will be deleted via garbage collection. | ||||
| CVE-2025-5310 | 2026-04-15 | 9.8 Critical | ||
| Dover Fueling Solutions ProGauge MagLink LX Consoles expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution. | ||||
| CVE-2025-13483 | 1 Sircom | 1 Smart Alert | 2026-04-15 | N/A |
| SiRcom SMART Alert (SiSA) allows unauthorized access to backend APIs. This allows an unauthenticated attacker to bypass the login screen using browser developer tools, gaining access to restricted parts of the application. | ||||