Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363437 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-29943 1 Amd 6 Epyc, Epyc 8004, Epyc 9004 and 3 more 2026-04-15 3.2 Low
Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.
CVE-2025-1338 1 Nuuo 1 Camera 2026-04-15 7.3 High
A vulnerability was found in NUUO Camera up to 20250203. It has been declared as critical. This vulnerability affects the function print_file of the file /handle_config.php. The manipulation of the argument log leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-0014 2026-04-15 7.3 High
Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution.
CVE-2024-36347 2026-04-15 6.4 Medium
Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious microcode, potentially resulting in loss of integrity of x86 instruction execution, loss of confidentiality and integrity of data in x86 CPU privileged context and compromise of SMM execution environment.
CVE-2025-23202 2026-04-15 N/A
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2025-13249 1 Jiusi 1 Jiusi Oa 2026-04-15 6.3 Medium
A security vulnerability has been detected in Jiusi OA up to 20251102. This affects an unknown function of the file /OfficeServer?isAjaxDownloadTemplate=false of the component OfficeServer Interface. Such manipulation of the argument FileData leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
CVE-2023-49748 2 Wordpress, Wpserveur 2 Wordpress, Wps Hide Login 2026-04-15 3.7 Low
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPServeur, NicolasKulka, wpformation WPS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPS Hide Login: from n/a through 1.9.11.
CVE-2025-43717 2026-04-15 5.4 Medium
In PEAR HTTP_Request2 before 2.7.0, multiple files in the tests directory, notably tests/_network/getparameters.php and tests/_network/postparameters.php, reflect any GET or POST parameters, leading to XSS.
CVE-2025-24313 2 Intel, Kubernetes 2 Device Plugins For Kubernetes, Kubernetes 2026-04-15 4.4 Medium
Improper access control for some Device Plugins for Kubernetes software maintained by Intel before version 0.32.0 may allow a privileged user to potentially enable denial of service via local access.
CVE-2025-24306 2026-04-15 N/A
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in +F FS010M versions prior to V2.0.0_1101. If this vulnerability is exploited, an arbitrary OS command may be executed by a remote authenticated attacker with an administrative privilege.
CVE-2025-24305 1 Intel 3 Processors, Xeon, Xeon Processors 2026-04-15 7.2 High
Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-24303 2 Intel, Linux 2 Ethernet 800 Series Software, Linux Kernel 2026-04-15 7.8 High
Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-24302 1 Intel 1 Tinycbor 2026-04-15 6.7 Medium
Uncontrolled recursion for some TinyCBOR libraries maintained by Intel(R) before version 0.6.1 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-41658 1 Codesys 1 Control 2026-04-15 5.5 Medium
CODESYS Runtime Toolkit-based products may expose sensitive files to local low-privileged operating system users due to default file permissions.
CVE-2025-41390 1 Trufflesecurity 1 Trufflehog 2026-04-15 7.8 High
An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability.
CVE-2023-49741 2 Wordpress, Wpdevart 2 Wordpress, Coming Soon And Maintenance Mode 2026-04-15 3.7 Low
Authentication Bypass by Spoofing vulnerability in wpdevart Coming soon and Maintenance mode allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Coming soon and Maintenance mode: from n/a through 3.7.3.
CVE-2025-21099 2026-04-15 6.7 Medium
Uncontrolled search path for some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-40015 1 Linux 1 Linux Kernel 2026-04-15 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: media: stm32-csi: Fix dereference before NULL check In 'stm32_csi_start', 'csidev->s_subdev' is dereferenced directly while assigning a value to the 'src_pad'. However the same value is being checked against NULL at a later point of time indicating that there are chances that the value can be NULL. Move the dereference after the NULL check.
CVE-2024-13975 1 Commvault 1 Commvault 2026-04-15 N/A
A local privilege escalation vulnerability exists in Commvault for Windows versions 11.20.0, 11.28.0, 11.32.0, 11.34.0, and 11.36.0. In affected configurations, a local attacker who owns a client system with the file server agent installed can compromise any assigned Windows access nodes. This may allow unauthorized access or lateral movement within the backup infrastructure. The issue has been resolved in versions 11.32.60, 11.34.34, and 11.36.8.
CVE-2025-40084 1 Linux 1 Linux Kernel 2026-04-15 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: ksmbd: transport_ipc: validate payload size before reading handle handle_response() dereferences the payload as a 4-byte handle without verifying that the declared payload size is at least 4 bytes. A malformed or truncated message from ksmbd.mountd can lead to a 4-byte read past the declared payload size. Validate the size before dereferencing. This is a minimal fix to guard the initial handle read.