Export limit exceeded: 11990 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11990 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-46826 2026-04-15 N/A
insa-auth is an authentication server for INSA Rouen. A minor issue allowed third-party websites to access the server's secondary authentication bridge, potentially revealing basic student information (name and number). However, the issue posed minimal risk, was never exploited, and had limited impact. A fix was implemented promptly on May 3, 2025.
CVE-2025-46741 2026-04-15 5.7 Medium
A suspended or recently logged-out user could continue to interact with Blueframe until the time-out period occurred.
CVE-2024-39642 1 Thimpress 1 Learnpress 2026-04-15 6.5 Medium
Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2.
CVE-2024-10796 2026-04-15 4.3 Medium
The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to.
CVE-2025-54568 2026-04-15 3.7 Low
Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node.
CVE-2025-10728 1 Qt 1 Qt 2026-04-15 4.0 Medium
When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS
CVE-2025-53757 2026-04-15 N/A
This vulnerability exists in Digisol DG-GR6821AC Router due to misconfiguration of both Secure and HttpOnly flags on session cookies associated with the router web interface. A remote attacker could exploit this vulnerability by capturing the session cookies transmitted over an unsecure HTTP connection. Successful exploitation of this vulnerability could allow the attacker to obtain sensitive information from the targeted device.
CVE-2024-31995 2026-04-15 4.3 Medium
`@digitalbazaar/zcap` provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the `expires` property is not properly checked against the current date or other `date` param. This can allow invocations outside of the original intended time period. A zcap still cannot be invoked without being able to use the associated private key material. `@digitalbazaar/zcap` v9.0.1 fixes expiration checking. As a workaround, one may revoke a zcap at any time.
CVE-2024-43704 1 Imaginationtech 1 Ddk 2026-04-15 8.4 High
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process.
CVE-2024-43350 1 Propovoice 1 Propovoice Crm 2026-04-15 5.3 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Propovoice Propovoice CRM.This issue affects Propovoice CRM: from n/a through 1.7.6.4.
CVE-2025-58449 2026-04-15 N/A
Maho is a free and open source ecommerce platform. In Maho prior to 25.9.0, an authenticated staff user with access to the `Dashboard` and `Catalog\Manage Products` permissions can create a custom option on a listing with a file input field. By allowing file uploads with a `.php` extension, the user can use the filed to upload malicious PHP files, gaining remote code execution. Version 25.9.0 fixes the issue.
CVE-2025-54992 1 Telstra 1 Openkilda 2026-04-15 N/A
OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0.
CVE-2025-40777 1 Isc 1 Bind 2026-04-15 7.5 High
If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1.
CVE-2025-59343 1 Tar-fs Project 1 Tar-fs 2026-04-15 7.5 High
tar-fs provides filesystem bindings for tar-stream. Versions prior to 3.1.1, 2.1.3, and 1.16.5 are vulnerable to symlink validation bypass if the destination directory is predictable with a specific tarball. This issue has been patched in version 3.1.1, 2.1.4, and 1.16.6. A workaround involves using the ignore option on non files/directories.
CVE-2023-6096 2026-04-15 7.4 High
Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds.
CVE-2025-13803 1 Mediacrush 1 Mediacrush 2026-04-15 7.3 High
A vulnerability was identified in MediaCrush 1.0.0/1.0.1. The affected element is an unknown function of the file /mediacrush/paths.py of the component Header Handler. Such manipulation of the argument Host leads to improper neutralization of http headers for scripting syntax. The attack can be launched remotely.
CVE-2025-29995 2026-04-15 N/A
This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users.
CVE-2025-54870 2 Leakingmemory, Rust-lang 2 Vtun-ng, Vtun-ng 2026-04-15 N/A
VTun-ng is a Virtual Tunnel over TCP/IP network. In versions 3.0.17 and below, failure to initialize encryption modules might cause reversion to plaintext due to insufficient error handling. The bug was first introduced in VTun-ng version 3.0.12. This is fixed in version 3.0.18. To workaround this issue, avoid blowfish-256.
CVE-2025-0036 2026-04-15 3.2 Low
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
CVE-2023-5751 2026-04-15 7.8 High
A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere.