Export limit exceeded: 26343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26343 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-60805 1 Bessystem 1 Application Server 2026-04-15 7.5 High
An issue was discovered in BESSystem BES Application Server thru 9.5.x allowing unauthorized attackers to gain sensitive information via the "pre-resource" option in bes-web.xml.
CVE-2025-1741 2026-04-15 4.7 Medium
A vulnerability classified as problematic was found in b1gMail up to 7.4.1-pl1. Affected by this vulnerability is an unknown functionality of the file src/admin/users.php of the component Admin Page. The manipulation of the argument query/q leads to deserialization. The attack can be launched remotely. Upgrading to version 7.4.1-pl2 is able to address this issue. The identifier of the patch is 4816c8b748f6a5b965c8994e2cf10861bf6e68aa. It is recommended to upgrade the affected component. The vendor acted highly professional and even fixed this issue in the discontinued commercial edition as b1gMail 7.4.0-pl3.
CVE-2025-58353 1 Promptcraft-forge-studio Project 1 Promptcraft-forge-studio 2026-04-15 8.2 High
Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions of Promptcraft Forge Studio sanitize user input using regex blacklists such as r`eplace(/javascript:/gi, '')`. Because the package uses multi-character tokens and each replacement is applied only once, removing one occurrence can create a new dangerous token due to overlap. The “sanitized” value may still contain an executable payload when used in href/src (or injected into the DOM). There is currently no fix for this issue.
CVE-2025-3898 2026-04-15 6.5 Medium
CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends HTTPS request containing invalid data type to the webserver.
CVE-2024-38760 1 Sumanbhattarai 1 Send Users Email 2026-04-15 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in David Maucher Send Users Email allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Send Users Email: from n/a through 1.5.1.
CVE-2025-27517 2026-04-15 N/A
Volt is an elegantly crafted functional API for Livewire. Malicious, user-crafted request payloads could potentially lead to remote code execution within Volt components. This vulnerability is fixed in 1.7.0.
CVE-2024-4142 1 Jfrog 1 Artifactory 2026-04-15 9 Critical
An Improper input validation vulnerability that could potentially lead to privilege escalation was discovered in JFrog Artifactory. Due to this vulnerability, users with low privileges may gain administrative access to the system. This issue can also be exploited in Artifactory platforms with anonymous access enabled.
CVE-2024-11280 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator.
CVE-2024-10083 2026-04-15 5.5 Medium
CWE-20: Improper Input Validation vulnerability exists that could cause denial of service of engineering workstation when specific driver interface is invoked locally by an authenticated user with crafted input.
CVE-2024-31219 1 Discourse 2 Discourse, Discourse Reactions 2026-04-15 4.3 Medium
Discourse-reactions is a plugin that allows user to add their reactions to the post. When whispers are enabled on a site via `whispers_allowed_groups` and reactions are made on whispers on public topics, the contents of the whisper and the reaction data are shown on the `/u/:username/activity/reactions` endpoint.
CVE-2024-32669 1 Samsung Open Source 1 Escargot 2026-04-15 5.3 Medium
Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0.
CVE-2024-32670 1 Samsung 1 Galaxy Smarttag2 2026-04-15 N/A
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.
CVE-2024-32672 1 Samsung Open Source 1 Escargot 2026-04-15 5.3 Medium
A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0.
CVE-2024-42410 1 Intel 1 Graphics Drivers 2026-04-15 6.5 Medium
Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-35232 1 Facebook 1 Facebook 2026-04-15 3.7 Low
github.com/huandu/facebook is a Go package that fully supports the Facebook Graph API with file upload, batch request and marketing API. access_token can be exposed in error message on fail in HTTP request. This issue has been patched in version 2.7.2.
CVE-2024-31154 1 Intel 1 S2600bpbr Firmware 2026-04-15 7.5 High
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-38747 1 Hitpay 1 Payment Gateway For Woocommerce 2026-04-15 7.5 High
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in HitPay Payment Solutions Pte Ltd HitPay Payment Gateway for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects HitPay Payment Gateway for WooCommerce: from n/a through 4.1.3.
CVE-2024-3870 1 Arshidkv12 1 Contact Form Addon 2026-04-15 5.3 Medium
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users.
CVE-2024-12896 2026-04-15 5.3 Medium
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user".
CVE-2024-32754 2026-04-15 3.1 Low
Under certain circumstances, when the controller is in factory reset mode waiting for initial setup, it will broadcast its MAC address, serial number, and firmware version. Once configured, the controller will no longer broadcast this information.