Export limit exceeded: 364916 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32005 | 2026-04-15 | 8.2 High | ||
| NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the `/_nicegui/{__version__}/resources/{key}/{path:path}` route. As a result any file on the backend filesystem which the web server has access to can be read by an attacker with access to the NiceUI leaflet website. This vulnerability has been addressed in version 1.4.21. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-36435 | 1 Supermicro | 355 B12dpe-6 Firmware, B12dpt-6 Firmware, B12spe-cpu-25g Firmware and 352 more | 2026-04-15 | 9.8 Critical |
| An issue was discovered on Supermicro BMC firmware in select X11, X12, H12, B12, X13, H13, and B13 motherboards (and CMM6 modules). An unauthenticated user can post crafted data to the interface that triggers a stack buffer overflow, and may lead to arbitrary remote code execution on a BMC. | ||||
| CVE-2025-26055 | 2026-04-15 | 6.5 Medium | ||
| An OS Command Injection vulnerability exists in the Infinxt iEdge 100 2.1.32 Troubleshoot module, specifically in the tracertVal parameter of the Tracert function. | ||||
| CVE-2024-12811 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The Traveler theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.9 via shortcodes. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | ||||
| CVE-2020-8007 | 1 Pwrstudio | 1 Ev Charger | 2026-04-15 | 9.8 Critical |
| The pwrstudio web application of EV Charger (in the server in Circontrol Raption through 5.6.2) is vulnerable to OS command injection via three fields of the configuration menu for ntpserver0, ntpserver1, and pingip. | ||||
| CVE-2023-5751 | 2026-04-15 | 7.8 High | ||
| A local attacker with low privileges can read and modify any users files and cause a DoS in the working directory of the affected products due to exposure of resource to wrong sphere. | ||||
| CVE-2020-6923 | 2026-04-15 | 5.7 Medium | ||
| The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | ||||
| CVE-2024-13062 | 2026-04-15 | 7.2 High | ||
| An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | ||||
| CVE-2023-5685 | 1 Redhat | 12 Apache-camel-spring-boot, Apache Camel Hawtio, Build Keycloak and 9 more | 2026-04-15 | 7.5 High |
| A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS). | ||||
| CVE-2020-6158 | 2026-04-15 | 4.7 Medium | ||
| Opera Mini for Android before version 52.2 is vulnerable to an address bar spoofing attack. The vulnerability allows a malicious page to trick the browser into showing an address of a different page. This may allow the malicious page to impersonate another page and trick a user into providing sensitive data. | ||||
| CVE-2025-6978 | 1 Arista | 1 Ng Firewall | 2026-04-15 | 7.2 High |
| Diagnostics command injection vulnerability | ||||
| CVE-2025-1888 | 2026-04-15 | 4.6 Medium | ||
| The Leica Web Viewer within the Aperio Eslide Manager Application is vulnerable to reflected cross-site scripting (XSS). An authenticated user can access the slides within a project and injecting malicious JavaScript into the "memo" field. The memo field has a hover over action that will display a Microsoft Tool Tip which a user can use to quickly view the memo associated with the slide and execute the JavaScript. | ||||
| CVE-2020-5200 | 2026-04-15 | 5.9 Medium | ||
| Minerbabe through V4.16 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. | ||||
| CVE-2025-68501 | 2 Mollie, Wordpress | 2 Mollie Payments For Woocommerce, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mollie Mollie Payments for WooCommerce mollie-payments-for-woocommerce allows Reflected XSS.This issue affects Mollie Payments for WooCommerce: from n/a through <= 8.1.1. | ||||
| CVE-2025-40057 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ptp: Add a upper bound on max_vclocks syzbot reported WARNING in max_vclocks_store. This occurs when the argument max is too large for kcalloc to handle. Extend the guard to guard against values that are too large for kcalloc | ||||
| CVE-2025-40056 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copy_to_iter return value check The return value of copy_to_iter can't be negative, check whether the copied length is equal to the requested length instead of checking for negative values. | ||||
| CVE-2025-40051 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Modify the return value check The return value of copy_from_iter and copy_to_iter can't be negative, check whether the copied lengths are equal. | ||||
| CVE-2025-5522 | 2026-04-15 | 7.3 High | ||
| A vulnerability was found in jack0240 魏 bskms 蓝天幼儿园管理系统 up to dffe6640b5b54d8e29da6f060e0493fea74b3fad. It has been rated as critical. Affected by this issue is some unknown functionality of the file /sa/addUser of the component User Creation Handler. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-12346 | 1 Talentera | 1 Talentera | 2026-04-15 | 3.5 Low |
| A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-12189 | 2026-04-15 | 6.4 Medium | ||
| The WDesignKit – Elementor & Gutenberg Starter Templates, Patterns, Cloud Workspace & Widget Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom widgets in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Please note that you may need to recreate any custom widgets or reinstall the plugin to ensure the issue is adequately patched. | ||||