Export limit exceeded: 366403 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 26436 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (26436 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-2786 | 1 Redhat | 1 Openshift Distributed Tracing | 2026-04-15 | 4.3 Medium |
| A flaw was found in Tempo Operator, where it creates a ServiceAccount, ClusterRole, and ClusterRoleBinding when a user deploys a TempoStack or TempoMonolithic instance. This flaw allows a user with full access to their namespace to extract the ServiceAccount token and use it to submit TokenReview and SubjectAccessReview requests, potentially revealing information about other users' permissions. While this does not allow privilege escalation or impersonation, it exposes information that could aid in gathering information for further attacks. | ||||
| CVE-2024-9042 | 1 Redhat | 1 Windows Machine Config | 2026-04-15 | 5.9 Medium |
| This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below. | ||||
| CVE-2024-52975 | 1 Elastic | 1 Fleet Server | 2026-04-15 | 9 Critical |
| An issue was identified in Fleet Server where Fleet policies that could contain sensitive information were logged on INFO and ERROR log levels. The nature of the sensitive information largely depends on the integrations enabled. | ||||
| CVE-2023-46809 | 2 Nodejs, Redhat | 3 Nodejs, Enterprise Linux, Rhel Eus | 2026-04-15 | 7.4 High |
| Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key. | ||||
| CVE-2025-27244 | 2026-04-15 | N/A | ||
| AssetView and AssetView CLOUD contain an issue with acquiring sensitive information from sent data to the developer. If exploited, sensitive information may be obtained by a remote unauthenticated attacker. | ||||
| CVE-2011-20001 | 1 Siemens | 3 Simatic, Simatic S7-1200, Simatic S7-1200 Cpu | 2026-04-15 | 7.5 High |
| A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.3), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.3). The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate. This could allow an unauthenticated remote attacker to force the device entering the stop/defect state, thus creating a denial of service condition. | ||||
| CVE-2025-64295 | 2 Syed Balkhi, Wordpress | 2 All In One Seo Pack, Wordpress | 2026-04-15 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in Syed Balkhi All In One SEO Pack all-in-one-seo-pack allows Retrieve Embedded Sensitive Data.This issue affects All In One SEO Pack: from n/a through <= 4.8.6.1. | ||||
| CVE-2025-13762 | 1 Cyberark | 1 Secure Web Sessions Extension | 2026-04-15 | N/A |
| Improper Input Validation vulnerability in CyberArk CyberArk Secure Web Sessions Extension on Chrome, Edge allows Denial of Service when trying to starting new SWS sessions.This issue affects CyberArk Secure Web Sessions Extension: before 2.2.30305. | ||||
| CVE-2024-35341 | 2026-04-15 | 7.5 High | ||
| Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all devices). This affects IPC-D250, IPC-D260, IPC-B850, IPC-D850, IPC-D350, IPC-D3150, IPC-D4250, IPC-D380, IPC-D880, IPC-D280, IPC-D3180, MC800N, YM500L, YM800N_N2, YMF50B, YM800SV2, YM500L8, and YM200E10 firmware v3.2.2.2 and lower and possibly more vendors/models of IP camera. | ||||
| CVE-2024-11106 | 1 Wpchill | 1 Simple Restrict | 2026-04-15 | 5.3 Medium |
| The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2024-11008 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Members – Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | ||||
| CVE-2025-1098 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-15 | 8.8 High |
| A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2025-10281 | 1 Blsops | 1 Bbot | 2026-04-15 | 4.7 Medium |
| BBOT's git_clone module could be abused to disclose a GitHub API key to an attacker controlled server with a malicious formatted git URL. | ||||
| CVE-2023-47639 | 1 Api-platform | 1 Core | 2026-04-15 | 5.3 Medium |
| API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. From 3.2.0 until 3.2.4, exception messages, that are not HTTP exceptions, are visible in the JSON error response. This vulnerability is fixed in 3.2.5. | ||||
| CVE-2024-26290 | 2026-04-15 | N/A | ||
| Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0. | ||||
| CVE-2024-38828 | 1 Vmware | 1 Spring | 2026-04-15 | 5.3 Medium |
| Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | ||||
| CVE-2024-41701 | 2026-04-15 | 5.3 Medium | ||
| AccuPOS - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-36284 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 5.5 Medium |
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-31965 | 1 Mitel | 2 6800 Series Sip Phones, 6900 Series Sip Phones | 2026-04-15 | 4.2 Medium |
| A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct a path traversal attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information. | ||||
| CVE-2024-12637 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses. | ||||