Export limit exceeded: 26228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26228 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-27909 2026-04-15 4.9 Medium
A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot.
CVE-2024-31154 1 Intel 1 S2600bpbr Firmware 2026-04-15 7.5 High
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-27912 1 Lenovo 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more 2026-04-15 7.5 High
A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets.
CVE-2024-48798 1 Hubble Connected 1 Hubble Connected 2026-04-15 7.5 High
An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-28028 1 Intel 1 Neural Compressor Software 2026-04-15 7.5 High
Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVE-2024-48799 2026-04-15 7.5 High
An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process.
CVE-2024-48824 1 Automatic Systems 1 Maintenance Slimlane 2026-04-15 7.5 High
An issue in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to obtain sensitive information via the Racine & FileName parameters in the download-file.php component.
CVE-2025-59058 2026-04-15 5.9 Medium
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.
CVE-2024-52309 2026-04-15 N/A
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. To avoid this confusion, running system commands is disabled by default in 2.6.3, and an allow list has been added so that system administrators configuring SFTPGo must explicitly define which commands are allowed to be configured from the WebAdmin UI.
CVE-2025-23290 1 Nvidia 2 Gpu Display Driver, Virtual Gpu Manager 2026-04-15 2.5 Low
NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a guest could get global GPU metrics which may be influenced by work in other VMs. A successful exploit of this vulnerability might lead to information disclosure.
CVE-2024-5230 2026-04-15 5.3 Medium
A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability.
CVE-2024-28047 1 Redhat 1 Enterprise Linux 2026-04-15 5.3 Medium
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-6586 1 Lightdash 1 Lightdash 2026-04-15 7.3 High
Lightdash version 0.1024.6 allows users with the necessary permissions, such as Administrator or Editor, to create and share dashboards. A dashboard that contains HTML elements which point to a threat actor controlled source can trigger an SSRF request when exported, via a POST request to /api/v1/dashboards//export. The forged request contains the value of the exporting user’s session token. A threat actor could obtain the session token of any user who exports the dashboard. The obtained session token can be used to perform actions as the victim on the application, resulting in session takeover.
CVE-2024-22390 2026-04-15 4.4 Medium
Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service.
CVE-2025-2882 2026-04-15 5.3 Medium
The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
CVE-2024-32653 1 Skylot 1 Jadx 2026-04-15 6.1 Medium
jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability.
CVE-2024-28188 1 Jupyter 1 Scheduler 2026-04-15 5.3 Medium
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.
CVE-2024-5202 2026-04-15 7.7 High
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
CVE-2024-3296 1 Redhat 1 Enterprise Linux 2026-04-15 5.9 Medium
A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.
CVE-2025-23387 1 Suse 1 Rancher 2026-04-15 5.3 Medium
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher allowed unauthenticated users to list all CLI authentication tokens and delete them before the CLI is able to get the token value.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.