Export limit exceeded: 363423 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363423 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-57839 1 Honor 1 Magicos 2026-04-15 4 Medium
Photo module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-57837 1 Honor 2 Fcp-an10, Tileservice 2026-04-15 2.9 Low
Tileservice module is affected by information leak vulnerability, successful exploitation of this vulnerability may affect service confidentiality.
CVE-2025-57227 2 Kingosoft, Root 2 Kingo Root, Root 2026-04-15 7.8 High
An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to escalate privileges via placing a crafted executable file into a parent folder.
CVE-2024-12782 2026-04-15 7.3 High
A vulnerability has been found in Fujifilm Business Innovation Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The vendor explains that "during technical verification it is not possible to reproduce any active actions like reboots which were mentioned in the original researcher disclosure."
CVE-2025-55068 1 Doverfuelingsolutions 1 Progauge Maglink Lx Console 2026-04-15 8.2 High
Dover Fueling Solutions ProGauge MagLink LX4 Devices fail to handle Unix time values beyond a certain point. An attacker can manually change the system time to exploit this limitation, potentially causing errors in authentication and leading to a denial-of-service condition.
CVE-2025-23205 2026-04-15 N/A
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of `enable_subdomains = False`. #1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice's page is on the same Origin as the formgrader iframe, Javasript on Alice's page has _full access_ to the contents of the page served by formgrader using Bob's credentials. This issue has been addressed in release 0.9.5 and all users are advised to upgrade. Users unable to upgrade may disable `frame-ancestors: self`, or enable per-user and per-service subdomains with `JupyterHub.enable_subdomains = True` (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame).
CVE-2025-54957 1 Dolby 1 Udc 2026-04-15 9.8 Critical
An issue was discovered in Dolby UDC 4.5 through 4.13. A crash of the DD+ decoder process can occur when a malformed DD+ bitstream is processed. When Evolution data is processed by evo_priv.c from the DD+ bitstream, the decoder writes that data into a buffer. The length calculation for a write can overflow due to an integer wraparound. This can lead to the allocated buffer being too small, and the out-of-bounds check of the subsequent write to be ineffective, leading to an out-of-bounds write.
CVE-2025-2119 2026-04-15 2 Low
A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been declared as problematic. This vulnerability affects unknown code of the component Device Registration Handler. The manipulation leads to use of default credentials. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-54730 2026-04-15 7.5 High
Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function.
CVE-2024-36349 2026-04-15 3.8 Low
A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.
CVE-2025-13589 1 Otsuka 1 Fms 2026-04-15 N/A
FMS developed by Otsuka Information Technology has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-54547 1 Arista 1 Danz Monitoring Fabric 2026-04-15 5.3 Medium
On affected platforms, if SSH session multiplexing was configured on the client side, SSH sessions (e.g, scp, sftp) multiplexed onto the same channel could perform file-system operations after a configured session timeout expired
CVE-2024-49385 1 Acronis 1 True Image 2026-04-15 N/A
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736, Acronis True Image OEM (Windows) before build 42575.
CVE-2024-35563 1 Cdg 1 Server 2026-04-15 9.8 Critical
CDG-Server-V5.6.2.126.139 and earlier was discovered to contain a SQL injection vulnerability via the permissionId parameter in CDGTempPermissions.
CVE-2025-54384 1 Ckan 1 Ckan 2026-04-15 6.3 Medium
CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages (plus any page provided by an extension that used that helper function), leading to a potential XSS vector. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4.
CVE-2025-54064 2026-04-15 N/A
Rucio is a software framework that provides functionality to organize, manage, and access large volumes of scientific data using customizable policies. The common Rucio helm-charts for the `rucio-server`, `rucio-ui`, and `rucio-webui` define the log format for the apache access log of these components. The `X-Rucio-Auth-Token`, which is part of each request header sent to Rucio, is part of this log format. Thus, each access log line potentially exposes the credentials (Internal Rucio token, or JWT in case of OIDC authentication) of the user. Due to the length of the token (Especially for a JWT) the tokens are often truncated, and thus not usable as credential; nevertheless, the (partial) credential should not be part of the logfile. The impact of this issue is amplified if the access logs are made available to a larger group of people than the instance administrators themselves. An updated release has been supplied for the `rucio-server`, `rucio-ui` and `rucio-webui` helm-chart. The change was also retrofitted for the currently supported Rucio LTS releases. The patched versions are rucio-server 37.0.2, 35.0.1, and 32.0.1; rucio-ui 37.0.4, 35.0.1, and 32.0.2; and rucio-webui 37.0.2, 35.1.1, and 32.0.1. As a workaround, one may update the `logFormat` variable and remove the `X-Rucio-Auth-Token`.
CVE-2024-53563 2026-04-15 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload.
CVE-2025-61554 1 Bitvisor 1 Bitvisor 2026-04-15 5.5 Medium
A divide-by-zero in VirtIO network device emulation in BitVisor from commit 108df6 (2020-05-20) to commit 480907 (2025-07-06) allows local attackers to cause a denial of service (host hypervisor crash) via a crafted PCI configuration space access.
CVE-2025-31496 2026-04-15 7.5 High
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in some cases during query validation, leading to exponential resource usage when deeply nested and reused fragments were involved. This could lead to excessive resource consumption and denial of service in applications. This vulnerability is fixed in 1.27.0.
CVE-2025-53941 2026-04-15 6.1 Medium
Hollo is a federated single-user microblogging software designed to be federated through ActivityPub. Versions prior to 0.6.5 allow HTML form elements to be submitted, making the software vulnerable to HTML injection. Version 0.6.5 fixes the issue.