Export limit exceeded: 34903 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25152 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-15566 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-15 | 8.8 High |
| A security issue was discovered in ingress-nginx where the `nginx.ingress.kubernetes.io/auth-proxy-set-headers` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||
| CVE-2024-33624 | 2026-04-15 | 4.3 Medium | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2025-1868 | 2026-04-15 | 6.8 Medium | ||
| Vulnerability of unauthorized exposure of confidential information affecting Advanced IP Scanner and Advanced Port Scanner. It occurs when these applications initiate a network scan, inadvertently sending the NTLM hash of the user performing the scan. This vulnerability can be exploited by intercepting network traffic to a legitimate server or by setting up a fake server, in both local and remote scenarios. This exposure is relevant for both HTTP/HTTPS and SMB protocols. | ||||
| CVE-2025-15065 | 2026-04-15 | 6.3 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared File.This issue affects KESS Enterprise: before *.25.9.19.exe | ||||
| CVE-2025-24884 | 2026-04-15 | N/A | ||
| kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16. | ||||
| CVE-2025-24882 | 2026-04-15 | 5.2 Medium | ||
| regclient is a Docker and OCI Registry Client in Go. A malicious registry could return a different digest for a pinned manifest without detection. This vulnerability is fixed in 0.7.1. | ||||
| CVE-2025-15033 | 1 Automattic | 1 Woocommerce | 2026-04-15 | 6.5 Medium |
| A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting from 8.1, where it has been fixed in 8.1.3. It does not affect WooCommerce 8.0 or earlier. | ||||
| CVE-2025-40760 | 1 Siemens | 1 Altair Grid Engine | 2026-04-15 | 5.5 Medium |
| A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly handle error messages and discloses sensitive password hash information when processing user authentication requests. This could allow a local attacker to extract password hashes for privileged accounts, which can then be subjected to offline brute-force attacks. | ||||
| CVE-2024-52309 | 2026-04-15 | N/A | ||
| SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. To avoid this confusion, running system commands is disabled by default in 2.6.3, and an allow list has been added so that system administrators configuring SFTPGo must explicitly define which commands are allowed to be configured from the WebAdmin UI. | ||||
| CVE-2024-38798 | 1 Tianocore | 1 Edk2 | 2026-04-15 | 5.2 Medium |
| EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality. | ||||
| CVE-2024-27909 | 2026-04-15 | 4.9 Medium | ||
| A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. | ||||
| CVE-2024-52337 | 1 Redhat | 9 Enterprise Linux, Rhel Aus, Rhel E4s and 6 more | 2026-04-15 | 5.5 Medium |
| A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | ||||
| CVE-2024-34991 | 2026-04-15 | 7.5 High | ||
| In the module "Axepta" (axepta) before 1.3.4 from Quadra Informatique for PrestaShop, a guest can download partial credit card information (expiry date) / postal address / email / etc. without restriction due to a lack of permissions control. | ||||
| CVE-2024-21544 | 1 Spatie | 1 Browsershot | 2026-04-15 | 8.6 High |
| Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation in the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. | ||||
| CVE-2024-31074 | 2026-04-15 | 5.9 Medium | ||
| Observable timing discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | ||||
| CVE-2025-4742 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in XU-YIJIE grpo-flat up to 9024b43f091e2eb9bac65802b120c0b35f9ba856. Affected is the function main of the file grpo_vanilla.py. The manipulation leads to deserialization. Local access is required to approach this attack. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-0615 | 2 Codeatlantic, Wordpress | 2 Content Control, Wordpress | 2026-04-15 | 5.3 Medium |
| The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only. | ||||
| CVE-2021-26281 | 2026-04-15 | 5.5 Medium | ||
| Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | ||||
| CVE-2024-35165 | 2026-04-15 | 5.3 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gutenify.This issue affects Gutenify: from n/a through 1.4.0. | ||||
| CVE-2024-51163 | 1 Vegam Solutions | 1 Vegam 4i | 2026-04-15 | 7.5 High |
| A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. | ||||