Export limit exceeded: 364886 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26343 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26343 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-41230 1 Vmware 1 Cloud Foundation 2026-04-15 7.5 High
VMware Cloud Foundation contains an information disclosure vulnerability. A malicious actor with network access to port 443 on VMware Cloud Foundation may exploit this issue to gain access to sensitive information.
CVE-2025-48464 1 Duckduckgo 1 Duckduckgo 2026-04-15 4.7 Medium
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
CVE-2025-64213 2 Stylemixthemes, Wordpress 2 Masterstudy Lms, Wordpress 2026-04-15 7.5 High
Insertion of Sensitive Information Into Sent Data vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Retrieve Embedded Sensitive Data.This issue affects MasterStudy LMS Pro: from n/a through < 4.7.16.
CVE-2025-32004 1 Intel 2 Edger8r Tool, Sgx Sdk 2026-04-15 3.9 Low
Improper input validation in the Intel Edger8r Tool for some Intel(R) SGX SDK may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2025-41378 2026-04-15 N/A
The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel.
CVE-2025-0052 2026-04-15 N/A
Improper input validation performed during the authentication process of FlashBlade could lead to a system Denial of Service.
CVE-2024-41696 2026-04-15 7.5 High
Priority PRI WEB Portal Add-On for Priority ERP on prem - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-20031 2026-04-15 6.5 Medium
Improper input validation for some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-68006 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
CVE-2025-52569 2026-04-15 N/A
GitForge.jl is a unified interface for interacting with Git "forges." Versions prior to 5.9.1 lack input validation of input validation for user-provided values in certain functions. In the `GitHub.repo()` function, the user can provide any string for the `repo_name` field. These inputs are not validated or safely encoded and are sent directly to the server. This means a user can add path traversal patterns like `../` in the input to access any other endpoints on `api.github.com` that were not intended. Users should upgrade immediately to v5.9.1 or later to receive a patch. All prior versions are vulnerable. No known workarounds are available.
CVE-2025-1088 1 Grafana 1 Grafana 2026-04-15 2.7 Low
In Grafana, an excessively long dashboard title or panel name will cause Chromium browsers to become unresponsive due to Improper Input Validation vulnerability in Grafana. This issue affects Grafana: before 11.6.2 and is fixed in 11.6.2 and higher.
CVE-2019-1815 1 Cisco 1 Meraki Mx Firmware 2026-04-15 N/A
A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device.
CVE-2025-8304 2 Checkpoint, Microsoft 2 Identity Agent, Windows 2026-04-15 6.5 Medium
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
CVE-2024-47923 2026-04-15 5.3 Medium
Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2025-1026 1 Spatie 1 Browsershot 2026-04-15 8.6 High
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023).
CVE-2025-21094 2026-04-15 7.5 High
Improper input validation in the UEFI firmware DXE module for the Intel(R) Server D50DNP and M50FCP boards may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-32080 2026-04-15 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Mobile Frontend Extension allows Shared Resource Manipulation.This issue affects Mediawiki - Mobile Frontend Extension: from 1.39 through 1.43.
CVE-2024-6915 1 Jfrog 1 Artifactory 2026-04-15 9.3 Critical
JFrog Artifactory versions below 7.90.6, 7.84.20, 7.77.14, 7.71.23, 7.68.22, 7.63.22, 7.59.23, 7.55.18 are vulnerable to Improper Input Validation that could potentially lead to cache poisoning.
CVE-2025-25333 2026-04-15 7.5 High
An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-8414 1 Silabs 2 Gecko Sdk, Simplicity Sdk 2026-04-15 N/A
Due to improper input validation, a buffer overflow vulnerability is present in Zigbee EZSP Host Applications. If the buffer overflows, stack corruption is possible. In certain conditions, this could lead to arbitrary code execution. Access to a network key is required to exploit this vulnerability.