Export limit exceeded: 357375 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357375 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3116 | 2026-04-15 | 6.5 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | ||||
| CVE-2023-32256 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 7.5 High |
| A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue. | ||||
| CVE-2025-2595 | 2026-04-15 | 5.3 Medium | ||
| An unauthenticated remote attacker can bypass the user management in CODESYS Visualization and read visualization template files or static elements by means of forced browsing. | ||||
| CVE-2025-25273 | 2 Intel, Linux | 2 Ethernet 700 Series Software, Linux Kernel | 2026-04-15 | 7.8 High |
| Insufficient control flow management in the Linux kernel-mode driver for some Intel(R) 700 Series Ethernet before version 2.28.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-26127 | 1 Filecloud | 1 Filecloud | 2026-04-15 | 5 Medium |
| A stored cross-site scripting (XSS) vulnerability in the Send for Approval function of FileCloud v23.241.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2025-31160 | 1 Atop Project | 1 Atop | 2026-04-15 | 2.9 Low |
| atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. | ||||
| CVE-2025-4754 | 1 Team-alembic | 1 Ash Authentication Phoenix | 2026-04-15 | N/A |
| Insufficient Session Expiration vulnerability in ash-project ash_authentication_phoenix allows Session Hijacking. This vulnerability is associated with program files lib/ash_authentication_phoenix/controller.ex. This issue affects ash_authentication_phoenix until 2.10.0. | ||||
| CVE-2025-26153 | 1 Chamilo | 1 Chamilo Lms | 2026-04-15 | 5.4 Medium |
| A Stored XSS vulnerability exists in the message compose feature of Chamilo LMS 1.11.28. Attackers can inject malicious scripts into messages, which execute when victims, such as administrators, reply to the message. | ||||
| CVE-2024-21885 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.8 High |
| A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. | ||||
| CVE-2025-26169 | 2026-04-15 | 8.1 High | ||
| IXON VPN Client before 1.4.4 on Windows allows Local Privilege Escalation to SYSTEM because there is code execution from a configuration file that can be controlled by a low-privileged user. There is a race condition in which a temporary configuration file, in a world-writable directory, can be overwritten. | ||||
| CVE-2025-20093 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-04-15 | 8.2 High |
| Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-26202 | 2026-04-15 | 4.3 Medium | ||
| Cross-Site Scripting (XSS) vulnerability exists in the WPA/WAPI Passphrase field of the Wireless Security settings (2.4GHz & 5GHz bands) in DZS Router Web Interface. An authenticated attacker can inject malicious JavaScript into the passphrase field, which is stored and later executed when an administrator views the passphrase via the "Click here to display" option on the Status page | ||||
| CVE-2025-31165 | 2026-04-15 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature. | ||||
| CVE-2024-21953 | 1 Amd | 3 Epyc 8004 Series Processors, Epyc 9004 Series Processors, Epyc Embedded 9004 Series Processors | 2026-04-15 | N/A |
| Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | ||||
| CVE-2025-26262 | 2026-04-15 | 6.5 Medium | ||
| An issue in the component /internals/functions of R-fx Networks Linux Malware Detect v1.6.5 allows attackers to escalate privileges and execute arbitrary code via supplying a file that contains a crafted filename. | ||||
| CVE-2025-26263 | 2026-04-15 | 5.1 Medium | ||
| GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process. | ||||
| CVE-2024-2199 | 1 Redhat | 4 Directory Server, Directory Server E4s, Enterprise Linux and 1 more | 2026-04-15 | 5.7 Medium |
| A denial of service vulnerability was found in 389-ds-base ldap server. This issue may allow an authenticated user to cause a server crash while modifying `userPassword` using malformed input. | ||||
| CVE-2025-26318 | 2026-04-15 | 5.8 Medium | ||
| hb.exe in TSplus Remote Access before 17.30 2024-10-30 allows remote attackers to retrieve a list of all domain accounts currently connected to the application. | ||||
| CVE-2025-26312 | 2026-04-15 | N/A | ||
| SendQuick Entera devices before 11HF5 are vulnerable to CAPTCHA bypass by removing the Captcha parameter. | ||||
| CVE-2024-23184 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-04-15 | 5 Medium |
| Having a large number of address headers (From, To, Cc, Bcc, etc.) becomes excessively CPU intensive. With 100k header lines CPU usage is already 12 seconds, and in a production environment we observed 500k header lines taking 18 minutes to parse. Since this can be triggered by external actors sending emails to a victim, this is a security issue. An external attacker can send specially crafted messages that consume target system resources and cause outage. One can implement restrictions on address headers on MTA component preceding Dovecot. No publicly available exploits are known. | ||||