Export limit exceeded: 26235 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26235 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-35710 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Podlove Podlove Web Player.This issue affects Podlove Web Player: from n/a through 5.7.3. | ||||
| CVE-2025-29628 | 2026-04-15 | 9.4 Critical | ||
| A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits. | ||||
| CVE-2025-46552 | 2026-04-15 | N/A | ||
| KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2. | ||||
| CVE-2024-5230 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability has been found in EnvaySoft FleetCart up to 4.1.1 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument razorpayKeyId leads to information disclosure. The attack can be launched remotely. It is recommended to upgrade the affected component. The identifier VDB-265981 was assigned to this vulnerability. | ||||
| CVE-2024-8884 | 1 Schneider Electric | 1 System Monitor Application In Harmony Industrial Pc Hmibmo Hmibmi Hmipso Hmibmp Hmibmu Hmipsp Hmipep Series | 2026-04-15 | 9.8 Critical |
| CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http | ||||
| CVE-2024-2371 | 2026-04-15 | 6.2 Medium | ||
| Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. | ||||
| CVE-2025-8866 | 1 Yugabyte | 1 Yugabytedb | 2026-04-15 | 5.3 Medium |
| YugabyteDB Anywhere web server does not properly enforce authentication for the /metamaster/universe API endpoint. An unauthenticated attacker could exploit this flaw to obtain server networking configuration details, including private and public IP addresses and DNS records. | ||||
| CVE-2024-4584 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in Faraday GM8181 and GM828x up to 20240429. Affected by this issue is some unknown functionality of the file /command_port.ini. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-263306 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-32672 | 1 Samsung Open Source | 1 Escargot | 2026-04-15 | 5.3 Medium |
| A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0. | ||||
| CVE-2025-0226 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /collect/PortV4/downLoad.html. The manipulation of the argument path leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-29897 | 1 Miraheze | 1 Createwiki | 2026-04-15 | 4.9 Medium |
| CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. It is possible for users with (delete) or (suppressrevision) on any wiki in the farm to access suppressed wiki requests by going to the request's entry on Special:RequestWikiQueue on the wiki where they have these rights. The same vulnerability was present briefly on the REST API before being quickly corrected in commit `6bc0685`. To our knowledge, the vulnerable commits of the REST API are not running in production anywhere. This vulnerability is fixed in 23415c17ffb4832667c06abcf1eadadefd4c8937. | ||||
| CVE-2025-0815 | 2026-04-15 | 6.5 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the product when malicious ICMPV6 packets are sent to the device. | ||||
| CVE-2025-0814 | 2026-04-15 | 5.3 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial-of-Service of the network services running on the product when malicious IEC61850-MMS packets are sent to the device. The core functionality of the breaker remains intact during the attack. | ||||
| CVE-2025-24308 | 2026-04-15 | 7.5 High | ||
| Improper input validation in the UEFI firmware error handler for the Intel(R) Server D50DNP and M50FCP may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-24010 | 2026-04-15 | 8.2 High | ||
| An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate’s validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | ||||
| CVE-2024-51123 | 2026-04-15 | 7.5 High | ||
| An issue in Zertificon Z1 SecureMail Z1 SecureMail Gateway 4.44.2-7240-debian12 allows a remote attacker to obtain sensitive information via the /compose-pdf.xhtml?convid=[id] component. | ||||
| CVE-2024-8518 | 1 Schneider-electric | 1 Zelio Soft 2 | 2026-04-15 | 3.3 Low |
| CWE-20: Improper Input Validation vulnerability exists that could cause a crash of the Zelio Soft 2 application when a specially crafted project file is loaded by an application user. | ||||
| CVE-2024-30263 | 1 Xwikisas | 1 Macro Pdfviewer | 2026-04-15 | 7.7 High |
| macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1. | ||||
| CVE-2024-9507 | 2026-04-15 | 4.9 Medium | ||
| The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 2.15.2 due to improper input validation within the iconUpload function. This makes it possible for authenticated attackers, with Administrator-level access and above, to leverage a PHP filter chain attack and read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-29089 | 1 Tp-link | 3 Ax10, Ax1500, Tp-link | 2026-04-15 | 7.5 High |
| An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information | ||||