Export limit exceeded: 12023 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12023 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-65100 | 1 Ilbers | 1 Isar | 2026-04-15 | N/A |
| Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb. | ||||
| CVE-2024-9044 | 2026-04-15 | N/A | ||
| A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. | ||||
| CVE-2024-12447 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. | ||||
| CVE-2024-39642 | 1 Thimpress | 1 Learnpress | 2026-04-15 | 6.5 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in ThimPress LearnPress allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LearnPress: from n/a through 4.2.6.8.2. | ||||
| CVE-2025-10728 | 1 Qt | 1 Qt | 2026-04-15 | 4.0 Medium |
| When the module renders a Svg file that contains a <pattern> element, it might end up rendering it recursively leading to stack overflow DoS | ||||
| CVE-2025-7344 | 2026-04-15 | 8.8 High | ||
| The EAI developed by Digiwin has a Privilege Escalation vulnerability, allowing remote attackers with regular privileges to elevate their privileges to administrator level via a specific API. | ||||
| CVE-2024-8988 | 2026-04-15 | 5.3 Medium | ||
| The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to download files uploaded by others users and expose potentially sensitive information. | ||||
| CVE-2024-12827 | 2026-04-15 | 9.8 Critical | ||
| The DWT - Directory & Listing WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.3.6. This is due to the plugin not properly checking for an empty token value prior to resetting a user's password through the dwt_listing_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | ||||
| CVE-2025-24305 | 1 Intel | 3 Processors, Xeon, Xeon Processors | 2026-04-15 | 7.2 High |
| Insufficient control flow management in the Alias Checking Trusted Module (ACTM) firmware for some Intel(R) Xeon(R) processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-40777 | 1 Isc | 1 Bind | 2026-04-15 | 7.5 High |
| If a `named` caching resolver is configured with `serve-stale-enable` `yes`, and with `stale-answer-client-timeout` set to `0` (the only allowable value other than `disabled`), and if the resolver, in the process of resolving a query, encounters a CNAME chain involving a specific combination of cached or authoritative records, the daemon will abort with an assertion failure. This issue affects BIND 9 versions 9.20.0 through 9.20.10, 9.21.0 through 9.21.9, and 9.20.9-S1 through 9.20.10-S1. | ||||
| CVE-2023-6096 | 2026-04-15 | 7.4 High | ||
| Vladimir Kononovich, a Security Researcher has found a flaw that using a inappropriate encryption logic on the DVR. firmware encryption is broken and allows to decrypt. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2025-66431 | 1 Plesk | 1 Plesk | 2026-04-15 | 7.8 High |
| WebPros Plesk before 18.0.73.5 and 18.0.74 before 18.0.74.2 on Linux allows remote authenticated users to execute arbitrary code as root via domain creation. The attacker needs "Create and manage sites" with "Domains management" and "Subdomains management." | ||||
| CVE-2024-7409 | 1 Redhat | 4 Advanced Virtualization, Enterprise Linux, Openshift and 1 more | 2026-04-15 | N/A |
| A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | ||||
| CVE-2025-14303 | 1 Msi | 2 Intel 600, Intel 700 | 2026-04-15 | 6.8 Medium |
| Certain motherboard models developed by MSI has a Protection Mechanism Failure vulnerability. Because IOMMU was not properly enabled, unauthenticated physical attackers can use a DMA-capable PCIe device to read and write arbitrary physical memory before the OS kernel and its security features are loaded. | ||||
| CVE-2024-9138 | 2026-04-15 | 7.2 High | ||
| Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. | ||||
| CVE-2025-12866 | 1 Hundredplus | 1 Eip Plus | 2026-04-15 | 9.8 Critical |
| EIP Plus developed by Hundred Plus has a Weak Password Recovery Mechanism vulnerability, allowing unauthenticated remote attacker to predict or brute-force the 'forgot password' link, thereby successfully resetting any user's password. | ||||
| CVE-2025-56675 | 1 Eken | 1 Video Doorbell T6 | 2026-04-15 | 3.5 Low |
| The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password. | ||||
| CVE-2025-47241 | 2026-04-15 | 4 Medium | ||
| In browser-use (aka Browser Use) before 0.1.45, URL parsing of allowed_domains is mishandled because userinfo can be placed in the authority component. | ||||
| CVE-2024-47515 | 2026-04-15 | 8.1 High | ||
| A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance. | ||||
| CVE-2025-32942 | 1 Ssh | 1 Tectia Server | 2026-04-15 | 7.2 High |
| SSH Tectia Server before 6.6.6 sometimes allows attackers to read and alter a user's session traffic. | ||||