Export limit exceeded: 26412 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26412 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-41694 2026-04-15 5.3 Medium
Cybonet - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-52280 1 Suse 1 Rancher 2026-04-15 7.7 High
A Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SUSE rancher which allows users to watch resources they are not allowed to access, when they have at least some generic permissions on the type. This issue affects rancher: before 2175e09, before 6e30359, before c744f0b.
CVE-2024-3780 2026-04-15 7.8 High
A vulnerability of Information Exposure has been found on Technicolor CGA2121 affecting the version 1.01, this vulnerability allows a local attacker to obtain sensitive information stored on the device such as wifi network's SSID and their respective passwords.
CVE-2025-6625 1 Schneider-electric 12 Bmxngd0100, Bmxngd0100 Firmware, Bmxnoc0401 and 9 more 2026-04-15 7.5 High
CWE-20: Improper Input Validation vulnerability exists that could cause a Denial Of Service when specific crafted FTP command is sent to the device.
CVE-2025-0051 1 Purestorage 1 Flasharray 2026-04-15 N/A
Improper input validation performed during the authentication process of FlashArray could lead to a system Denial of Service.
CVE-2025-27211 1 Ui 1 Edgeswitch 2026-04-15 7.5 High
An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
CVE-2024-8884 1 Schneider Electric 1 System Monitor Application In Harmony Industrial Pc Hmibmo Hmibmi Hmipso Hmibmp Hmibmu Hmipsp Hmipep Series 2026-04-15 9.8 Critical
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause exposure of credentials when attacker has access to application on network over http
CVE-2025-8915 1 Kiloview 1 N30 2026-04-15 N/A
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
CVE-2025-34098 2026-04-15 N/A
A path traversal vulnerability exists in Riverbed SteelHead VCX appliances (confirmed in VCX255U 9.6.0a) due to improper input validation in the log filtering functionality exposed via the management web interface. An authenticated attacker can exploit this flaw by submitting crafted filter expressions to the log_filter endpoint using the filterStr parameter. This input is processed by a backend parser that permits execution of file expansion syntax, allowing the attacker to retrieve arbitrary system files via the log viewing interface.
CVE-2024-47923 2026-04-15 5.3 Medium
Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-0710 2 Gravity Wiz, Wordpress 2 Gp Unique Id, Wordpress 2026-04-15 5.3 Medium
The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.
CVE-2025-48045 2026-04-15 N/A
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
CVE-2025-68006 1 Wordpress 1 Wordpress 2026-04-15 6.5 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Retrieve Embedded Sensitive Data.This issue affects Booking Ultra Pro: from n/a through <= 1.1.23.
CVE-2025-6386 1 Parisneo 1 Lollms 2026-04-15 N/A
The parisneo/lollms repository is affected by a timing attack vulnerability in the `authenticate_user` function within the `lollms_authentication.py` file. This vulnerability allows attackers to enumerate valid usernames and guess passwords incrementally by analyzing response time differences. The affected version is the latest, and the issue is resolved in version 20.1. The vulnerability arises from the use of Python's default string equality operator for password comparison, which compares characters sequentially and exits on the first mismatch, leading to variable response times based on the number of matching initial characters.
CVE-2023-28911 2026-04-15 6.5 Medium
A specific flaw exists within the Bluetooth stack of the MIB3 infotainment. The issue results from the lack of proper validation of user-supplied data, which can result in an arbitrary channel disconnection. An attacker can leverage this vulnerability to cause a denial-of-service attack for every connected client of the infotainment device. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources.
CVE-2025-21086 2 Intel, Linux 2 Ethernet 700 Series Software, Linux Kernel 2026-04-15 7.5 High
Improper input validation in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege.
CVE-2025-11149 2 @nubosoftware/node-static Project, Node-static Project 2 @nubosoftware/node-static, Node-static 2026-04-15 7.5 High
This affects all versions of the package node-static; all versions of the package @nubosoftware/node-static. The package fails to catch an exception when user input includes null bytes. This allows attackers to access http://host/%00 and crash the server.
CVE-2025-26318 2026-04-15 5.8 Medium
hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application.
CVE-2025-6593 2 Mediawiki, Wikimedia 2 Mediawiki, Mediawiki 2026-04-15 N/A
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/user/User.Php. This issue affects MediaWiki: from 1.27.0 before 1.39.13, 1.42.7 1.43.2, 1.44.0.
CVE-2024-3928 2026-04-15 4.3 Medium
A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367.