Search Results (26345 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-13481 2026-04-15 6.1 Medium
Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information.
CVE-2020-12487 2026-04-15 7 High
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege.
CVE-2025-29089 1 Tp-link 3 Ax10, Ax1500, Tp-link 2026-04-15 7.5 High
An issue in TP-Link AX10 Ax1500 v.1.3.10 Build (20230130) allows a remote attacker to obtain sensitive information
CVE-2025-8414 1 Silabs 2 Gecko Sdk, Simplicity Sdk 2026-04-15 N/A
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.
CVE-2024-8936 1 Schneider-electric 1 Modicon M340 2026-04-15 6.5 Medium
CWE-20: Improper Input Validation vulnerability exists that could lead to loss of confidentiality of controller memory after a successful Man-In-The-Middle attack followed by sending a crafted Modbus function call used to tamper with memory.
CVE-2024-12532 2026-04-15 4.3 Medium
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVE-2025-11697 1 Rockwellautomation 1 Studio 5000 Simulation Interface 2026-04-15 N/A
A local code execution security issue exists within Studio 5000® Simulation Interface™ via the API. This vulnerability allows any Windows user on the system to extract files using path traversal sequences, resulting in execution of scripts with Administrator privileges on system reboot.
CVE-2025-41415 2026-04-15 6.5 Medium
The vulnerability, if exploited, could allow an authenticated miscreant (with privileges to access publication targets) to retrieve sensitive information that could then be used to gain additional access to downstream resources.
CVE-2025-14553 3 Apple, Google, Tp-link 4 Ios, Android, Tapo and 1 more 2026-04-15 N/A
Exposure of password hashes through an unauthenticated API response in TP-Link Tapo app on iOS and Android for Tapo cameras, allowing attackers to brute force the password in the local network. Issue can be mitigated through mobile application updates. Device firmware remains unchanged.
CVE-2025-27845 1 Espec 1 North America Web Controller 2026-04-15 9.8 Critical
In ESPEC North America Web Controller 3 before 3.3.4, /api/v4/auth/ with any invalid authentication request results in exposing a JWT secret. This allows for elevated permissions to the UI.
CVE-2025-27388 1 Oppo 1 Health App 2026-04-15 N/A
Loading arbitrary external URLs through WebView components introduces malicious JS code that can steal arbitrary user tokens.
CVE-2024-25116 2026-04-15 5.5 Medium
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVE-2023-28402 2026-04-15 7.2 High
Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-12984 2026-04-15 5.3 Medium
A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3262 1 Best Practical Solutions 1 Request Tracker 2026-04-15 5.5 Medium
Information exposure vulnerability in RT software affecting version 4.4.1. This vulnerability allows an attacker with local access to the device to retrieve sensitive information about the application, such as vulnerability tickets, because the application stores the information in the browser cache, leading to information exposure despite session termination.
CVE-2025-43986 1 Kuwfi 1 Gc111 2026-04-15 9.8 Critical
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.
CVE-2025-8305 1 Checkpoint 1 Identity Agent 2026-04-15 6.5 Medium
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
CVE-2024-52975 1 Elastic 1 Fleet Server 2026-04-15 9 Critical
An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled.
CVE-2024-57716 2026-04-15 7.5 High
An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function.
CVE-2024-30171 1 Redhat 6 Amq Broker, Apache Camel Spring Boot, Camel Quarkus and 3 more 2026-04-15 5.9 Medium
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.