Export limit exceeded: 363285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363285 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363285 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-1298 1 Tecno 1 Com.transsion.carlcare 2026-04-15 9.8 Critical
Logic vulnerability in the mobile application (com.transsion.carlcare) may lead to the risk of account takeover.
CVE-2025-12351 1 Honeywell 1 S35 Camera 2026-04-15 6.8 Medium
Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26).
CVE-2025-14095 2 Microsoft, Radiometer 7 Windows, Abl800 Basic Analyzer, Abl800 Flex Analyzer and 4 more 2026-04-15 5.7 Medium
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The vulnerability is due to weakness in the design of access control implementation in application software.  Other related CVE's are CVE-2025-14096 & CVE-2025-14097. Affected customers have been informed about this vulnerability. This CVE is being published to provide transparency. Required configuration for Exposure: Physical access to the analyzer is needed. Temporary work Around: Only authorized people can physically access the analyzer. Permanent solution: Local Radiometer representatives will contact all affected customers to discuss a permanent solution. Exploit Status: Researchers have provided working proof-of-concept. Radiometer is not aware of any publicly available exploit at the time of publication.                                                                                                                                                                                        Note: CVSS score 6.8 when underlying OS is Windows 7 or Windows XP Operating systems and CVSS score 5.7 when underlying OS is Windows 8 or Windows 10 operating systems.
CVE-2023-26526 1 Wordpress 1 Wordpress 2026-04-15 7.7 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Nota-Info Bookly allows Path Traversal, Manipulating Web Input to File System Calls.This issue affects Bookly: from n/a through 21.7.1.
CVE-2025-14510 1 Abb 1 Ability Optimax 2026-04-15 8.1 High
Incorrect Implementation of Authentication Algorithm vulnerability in ABB ABB Ability OPTIMAX.This issue affects ABB Ability OPTIMAX: 6.1, 6.2, from 6.3.0 before 6.3.1-251120, from 6.4.0 before 6.4.1-251120.
CVE-2025-67899 1 Uriparser Project 1 Uriparser 2026-04-15 2.9 Low
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
CVE-2025-0474 1 Invoiceninja 1 Invoice Ninja 2026-04-15 7.7 High
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23.
CVE-2024-57790 2026-04-15 5.4 Medium
IXON B.V. IXrouter IX2400 (Industrial Edge Gateway) v3.0 was discovered to contain hardcoded root credentials stored in the non-volatile flash memory. This vulnerability allows physically proximate attackers to gain root access via UART or SSH.
CVE-2024-57360 1 Gnu 1 Binutils 2026-04-15 5.5 Medium
https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.
CVE-2024-56973 2026-04-15 9.8 Critical
Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component.
CVE-2025-48825 2026-04-15 N/A
RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code.
CVE-2023-32194 1 Rancher 1 Rancher 2026-04-15 7.2 High
A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project.
CVE-2025-47245 2026-04-15 8.1 High
In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role.
CVE-2025-14089 1 Himool 1 Erp 2026-04-15 6.3 Medium
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-48930 1 Secp256k1-node Project 1 Secp256k1-node 2026-04-15 N/A
secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, `loadCompressedPublicKey` is missing that check. That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power. Other operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak. Versions 5.0.1, 4.0.4, and 3.8.1 contain a fix for the issue.
CVE-2024-38307 2026-04-15 7.7 High
Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access.
CVE-2025-54295 2026-04-15 N/A
A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered.
CVE-2023-31356 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 4.4 Medium
Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity.
CVE-2024-37372 2026-04-15 3.6 Low
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases.
CVE-2023-31342 2026-04-15 7.5 High
Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution.