Export limit exceeded: 359925 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359925 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-5469 | 2 Apple, Yandex | 2 Macos, Messenger | 2026-04-15 | N/A |
| Uncontrolled Search Path Element vulnerability in Yandex Messenger on MacOS allows Search Order Hijacking.This issue affects Telemost: before 2.245 | ||||
| CVE-2025-54315 | 1 Matrix | 1 Specification | 2026-04-15 | 7.1 High |
| The Matrix specification before 1.16 (i.e., with a room version before 12) lacks create event uniqueness. | ||||
| CVE-2025-11085 | 1 Rockwellautomation | 1 Factorytalk | 2026-04-15 | N/A |
| A security issue exists within DataMosaix™ Private Cloud allowing for Persistent XSS. This vulnerability can result in the execution of malicious JavaScript, allowing for account takeover, credential theft, or redirection to a malicious website. | ||||
| CVE-2025-11084 | 1 Rockwellautomation | 1 Factorytalk | 2026-04-15 | N/A |
| A security issue exists within DataMosaix™ Private Cloud, allowing attackers to bypass MFA during setup and obtain a valid login-token cookie without knowing the users password. This vulnerability occurs when MFA is enabled but not completed within a 7-day period. | ||||
| CVE-2025-11080 | 1 Zhuimengshaonian | 1 Wisdom-education | 2026-04-15 | 4.3 Medium |
| A security vulnerability has been detected in zhuimengshaonian wisdom-education up to 1.0.4. This vulnerability affects the function selectStudentExamInfoList of the file src/main/java/com/education/api/controller/student/ExamInfoController.java. Such manipulation of the argument subjectId leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used. | ||||
| CVE-2025-32283 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| Deserialization of Untrusted Data vulnerability in designthemes Solar Energy solar allows Object Injection.This issue affects Solar Energy: from n/a through <= 3.5. | ||||
| CVE-2025-3450 | 1 Br-automation | 1 Automation Runtime | 2026-04-15 | 10 Critical |
| An Improper Resource Locking vulnerability in the SDM component of B&R Automation Runtime versions before 6.3 and before Q4.93 may allow an unauthenticated network-based attacker to delete data causing denial of service conditions. | ||||
| CVE-2025-3442 | 2026-04-15 | N/A | ||
| This vulnerability exists in TP-Link Tapo H200 V1 IoT Smart Hub due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the Wi-Fi credentials stored on the vulnerable device. | ||||
| CVE-2025-26661 | 2026-04-15 | 8.8 High | ||
| Due to missing authorization check, SAP NetWeaver (ABAP Class Builder) allows an attacker to gain higher access levels than they should have, resulting in escalation of privileges. On successful exploitation, this could result in disclosure of highly sensitive information. It could also have a high impact on the integrity and availability of the application. | ||||
| CVE-2025-25235 | 1 Omnissa | 1 Secure Email Gateway | 2026-04-15 | 8.6 High |
| Server-Side Request Forgery (SSRF) in Omnissa Secure Email Gateway (SEG) in SEG prior to 2.32 running on Windows and SEG prior to 2503 running on UAG allows routing of network traffic such as HTTP requests to internal networks. | ||||
| CVE-2025-34300 | 2026-04-15 | N/A | ||
| A template injection vulnerability exists in Sawtooth Software’s Lighthouse Studio versions prior to 9.16.14 via the ciwweb.pl http://ciwweb.pl/ Perl web application. Exploitation allows an unauthenticated attacker can execute arbitrary commands. | ||||
| CVE-2025-15581 | 1 Orthanc-server | 1 Orthanc | 2026-04-15 | N/A |
| Orthanc versions before 1.12.10 are affected by an authorisation logic flaw in the application's HTTP Basic Authentication implementation. Successful exploitation could result in Privilege Escalation, potentially allowing full administrative access. | ||||
| CVE-2025-1076 | 2026-04-15 | 4.8 Medium | ||
| A Stored Cross-Site Scripting (Stored XSS) vulnerability has been found in the Holded application. This vulnerability could allow an attacker to store a JavaScript payload within the editable ‘name’ and ‘icon’ parameters of the Activities functionality. | ||||
| CVE-2025-21615 | 2026-04-15 | 5.5 Medium | ||
| AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. | ||||
| CVE-2025-48962 | 2026-04-15 | N/A | ||
| Sensitive information disclosure due to SSRF. The following products are affected: Acronis Cyber Protect 16 (Windows, Linux) before build 39938. | ||||
| CVE-2025-66055 | 2 Icegram, Wordpress | 2 Email Subscribers & Newsletters, Wordpress | 2026-04-15 | 7.2 High |
| Deserialization of Untrusted Data vulnerability in Icegram Email Subscribers & Newsletters email-subscribers allows Object Injection.This issue affects Email Subscribers & Newsletters: from n/a through <= 5.9.10. | ||||
| CVE-2025-11044 | 1 Br-automation | 1 Automation Runtime | 2026-04-15 | 6.8 Medium |
| An Allocation of Resources Without Limits or Throttling vulnerability in the ANSL-Server component of B&R Automation Runtime versions prior to 6.5 and prior to R4.93 could be exploited by an unauthenti-cated attacker on the network to win a race condition, resulting in permanent denial-of-service (DoS) conditions on affected devices. | ||||
| CVE-2025-11043 | 1 Br-automation | 2 Automation Studio, Studio | 2026-04-15 | 7.4 High |
| An Improper Certificate Validation vulnerability in the OPC-UA client and ANSL over TLS client used in Automation Studio versions before 6.5 could allow an unauthenticated attacker on the network to position themselves to intercept and interfere with data exchanges. | ||||
| CVE-2025-3462 | 2026-04-15 | N/A | ||
| "This issue is limited to motherboards and does not affect laptops, desktop computers, or other endpoints." An insufficient validation in ASUS DriverHub may allow unauthorized sources to interact with the software's features via crafted HTTP requests. Refer to the 'Security Update for ASUS DriverHub' section on the ASUS Security Advisory for more information. | ||||
| CVE-2025-25242 | 2026-04-15 | 6.1 Medium | ||
| SAP NetWeaver Application Server ABAP allows malicious scripts to be executed in the application, potentially leading to a Cross-Site Scripting (XSS) vulnerability. This has no impact on the availability of the application, but it can have some minor impact on its confidentiality and integrity. | ||||