Export limit exceeded: 11890 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11890 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20263 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense Software | 2026-04-15 | 8.6 High |
| A vulnerability in the web services interface of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause a buffer overflow on an affected system. This vulnerability is due to insufficient boundary checks for specific data that is provided to the web services interface of an affected system. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected system. A successful exploit could allow the attacker to cause a buffer overflow condition on the affected system, which could cause the system to reload, resulting in a denial of service (DoS) condition. | ||||
| CVE-2025-61977 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 7 High |
| A weak password recovery mechanism for forgotten password vulnerability was discovered in Productivity Suite software version v4.4.1.19. The vulnerability allows an attacker to decrypt an encrypted project by answering just one recovery question. | ||||
| CVE-2025-5455 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.3 Medium |
| An issue was found in the private API function qDecodeDataUrl() in QtCore, which is used in QTextDocument and QNetworkReply, and, potentially, in user code. If the function was called with malformed data, for example, an URL that contained a "charset" parameter that lacked a value (such as "data:charset,"), and Qt was built with assertions enabled, then it would hit an assertion, resulting in a denial of service (abort). This impacts Qt up to 5.15.18, 6.0.0->6.5.8, 6.6.0->6.8.3 and 6.9.0. This has been fixed in 5.15.19, 6.5.9, 6.8.4 and 6.9.1. | ||||
| CVE-2024-4340 | 1 Redhat | 5 Ansible Automation Platform, Openstack, Rhui and 2 more | 2026-04-15 | 7.5 High |
| Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError. | ||||
| CVE-2025-2068 | 2026-04-15 | 5 Medium | ||
| An open redirect vulnerability was reported in the FileZ client that could allow information disclosure if a crafted url is visited by a local user. | ||||
| CVE-2024-25066 | 1 Rsa | 1 Authentication Manager | 2026-04-15 | 4.3 Medium |
| RSA Authentication Manager before 8.7 SP2 Patch 1 allows XML External Entity (XXE) attacks via a license file, resulting in attacker-controlled files being stored on the product's server. Data exfiltration cannot occur. | ||||
| CVE-2024-2635 | 2026-04-15 | 7.3 High | ||
| The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality | ||||
| CVE-2024-1693 | 2026-04-15 | 4.3 Medium | ||
| The SP Project & Document Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cdm_save_category AJAX action in all versions up to, and including, 4.70. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary folder name that do not belong to them. | ||||
| CVE-2019-19755 | 1 Ethos | 1 Ethos | 2026-04-15 | 9.1 Critical |
| ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this. | ||||
| CVE-2024-56959 | 2026-04-15 | 6.5 Medium | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-64716 | 1 Techarohq | 1 Anubis | 2026-04-15 | N/A |
| Anubis is a Web AI Firewall Utility that challenges users' connections in order to protect upstream resources from scraper bots. Prior to version 1.23.0, when using subrequest authentication, Anubis did not perform validation of the redirect URL and redirects user to any URL scheme. While most modern browsers do not allow a redirect to `javascript:` URLs, it could still trigger dangerous behavior in some cases. Anybody with a subrequest authentication may be affected. Version 1.23.0 contains a fix for the issue. | ||||
| CVE-2024-6831 | 2026-04-15 | 4.4 Medium | ||
| Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-47784 | 2026-04-15 | 2.6 Low | ||
| Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. | ||||
| CVE-2024-22374 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 6.5 Medium |
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-23191 | 2026-04-15 | 3.1 Low | ||
| Cached values belonging to the SAP OData endpoint in SAP Fiori for SAP ERP could be poisoned by modifying the Host header value in an HTTP GET request. An attacker could alter the `atom:link` values in the returned metadata redirecting them from the SAP server to a malicious link set by the attacker. Successful exploitation could cause low impact on integrity of the application. | ||||
| CVE-2025-15241 | 1 Mgt-commerce | 1 Cloudpanel | 2026-04-15 | 3.5 Low |
| A security vulnerability has been detected in CloudPanel Community Edition up to 2.5.1. The affected element is an unknown function of the file /admin/users of the component HTTP Header Handler. Such manipulation of the argument Referer leads to open redirect. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. Upgrading to version 2.5.2 is sufficient to fix this issue. Upgrading the affected component is recommended. | ||||
| CVE-2025-7766 | 1 Lantronix | 1 Provisioning Manager | 2026-04-15 | 8 High |
| Lantronix Provisioning Manager is vulnerable to XML external entity attacks in configuration files supplied by network devices, leading to unauthenticated remote code execution on hosts with Provisioning Manager installed. | ||||
| CVE-2025-12110 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 5.4 Medium |
| A flaw was found in Keycloak. An offline session continues to be valid when the offline_access scope is removed from the client. The refresh token is accepted and you can continue to request new tokens for the session. As it can lead to a situation where an administrator removes the scope, and assumes that offline sessions are no longer available, but they are. | ||||
| CVE-2025-60511 | 1 Moodle | 1 Moodle | 2026-04-15 | 4.3 Medium |
| Moodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficient validation of the blockId parameter in /blocks/openai_chat/api/completion.php. An authenticated student can impersonate another user's block (e.g., administrator) and send queries that are executed with that block's configuration. This can expose administrator-only Source of Truth entries, alter model behavior, and potentially misuse API resources. | ||||
| CVE-2025-12866 | 1 Hundredplus | 1 Eip Plus | 2026-04-15 | 9.8 Critical |
| EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password. | ||||