Export limit exceeded: 347976 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10236 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347976 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-6982 | 1 Parisneo | 1 Lollms | 2026-04-15 | N/A |
| A remote code execution vulnerability exists in the Calculate function of parisneo/lollms version 9.8. The vulnerability arises from the use of Python's `eval()` function to evaluate mathematical expressions within a Python sandbox that disables `__builtins__` and only allows functions from the `math` module. This sandbox can be bypassed by loading the `os` module using the `_frozen_importlib.BuiltinImporter` class, allowing an attacker to execute arbitrary commands on the server. The issue is fixed in version 9.10. | ||||
| CVE-2025-61739 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2026-04-15 | N/A |
| Due to Nonce reuse, attackers can perform reply attack or decrypt captured packets. | ||||
| CVE-2025-4878 | 1 Redhat | 2 Enterprise Linux, Openshift | 2026-04-15 | 3.6 Low |
| A vulnerability was found in libssh, where an uninitialized variable exists under certain conditions in the privatekey_from_file() function. This flaw can be triggered if the file specified by the filename doesn't exist and may lead to possible signing failures or heap corruption. | ||||
| CVE-2025-6814 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.5 High |
| The Booking X plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_now() function in versions 1.0 to 1.1.2. This makes it possible for unauthenticated attackers to download all plugin data, including user accounts, user meta, and PayPal credentials, by issuing a crafted POST request. | ||||
| CVE-2025-61738 | 1 Johnsoncontrols | 5 Iq Panels2, Iq Panels2+, Iqhub and 2 more | 2026-04-15 | N/A |
| Under certain circumstances, attacker can capture the network key, read or write encrypted packets on the PowerG network. | ||||
| CVE-2025-3096 | 2026-04-15 | N/A | ||
| Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page. | ||||
| CVE-2025-6172 | 1 Tecno | 1 Com.afmobi.boomplayer | 2026-04-15 | 9.8 Critical |
| Permission vulnerability in the mobile application (com.afmobi.boomplayer) may lead to the risk of unauthorized operation. | ||||
| CVE-2025-61689 | 2026-04-15 | N/A | ||
| HTTP.jl is an HTTP client and server functionality for the Julia programming language. Prior to version 1.10.19, HTTP.jl did not validate header names/values for illegal characters, allowing CRLF-based header injection and response splitting. This enables HTTP response splitting and header injection, leading to cache poisoning, XSS, session fixation, and more. This issue is fixed in HTTP.jl `v1.10.19`. | ||||
| CVE-2024-11229 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-61680 | 2 Jaketcooper, Minecraft | 2 Minecraft-rcon, Minecraft | 2026-04-15 | N/A |
| Minecraft RCON Terminal is a VS Code extension that streamlines Minecraft server management. Versions 0.1.0 through 2.0.6 stores passwords using VS Code's configuration API which writes to settings.json in plaintext. This issue is fixed in version 2.1.0. | ||||
| CVE-2025-61678 | 1 Freepbx | 1 Endpoint Manager | 2026-04-15 | N/A |
| FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions prior to 16.0.92 for FreePBX 16 and versions prior to 17.0.6 for FreePBX 17, the Endpoint Manager module contains an authenticated arbitrary file upload vulnerability affecting the fwbrand parameter. The fwbrand parameter allows an attacker to change the file path. Combined, these issues can result in a webshell being uploaded. Authentication with a known username is required to exploit this vulnerability. Successful exploitation allows authenticated users to upload arbitrary files to attacker-controlled paths on the server, potentially leading to remote code execution. This issue has been patched in version 16.0.92 for FreePBX 16 and version 17.0.6 for FreePBX 17. | ||||
| CVE-2024-6841 | 1 Vanna-ai | 1 Vanna | 2026-04-15 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability exists in the latest commit (56b782bcefd2e59b19cd7ba7878b95f54884f502) of the vanna-ai/vanna repository. Two endpoints in the built-in web app that provide SQL functionality are implemented as simple GET requests, making them susceptible to CSRF attacks. This vulnerability allows an attacker to run arbitrary SQL commands via CSRF without the target intending to expose the web app to the network or other users. The impact is limited to data alteration or deletion, as the attacker cannot read the results of the query. | ||||
| CVE-2025-2415 | 1 Akinsoft | 1 Myrezzta | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2024-58133 | 2026-04-15 | 4 Medium | ||
| In chainmaker-go (aka ChainMaker) before 2.4.0, when making frequent updates to a node's configuration file and restarting this node, concurrent writes by logger.go to a map are mishandled. Creating other logs simultaneously can lead to a read-write conflict and panic. | ||||
| CVE-2025-6090 | 1 H3c | 1 Gr-5400ax | 2026-04-15 | 8.8 High |
| A vulnerability was found in H3C GR-5400AX V100R009L50 and classified as critical. This issue affects the function UpdateWanparamsMulti/UpdateIpv6params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor confirms the existence of this issue. Because they assess the risk as low, they do not have immediate plans for remediation. | ||||
| CVE-2025-66479 | 1 Anthropic | 1 Sandbox-runtime | 2026-04-15 | N/A |
| Anthropic Sandbox Runtime is a lightweight sandboxing tool for enforcing filesystem and network restrictions on arbitrary processes at the OS level, without requiring a container. Prior to 0.0.16, due to a bug in sandboxing logic, sandbox-runtime did not properly enforce a network sandbox if the sandbox policy did not configure any allowed domains. This could allow sandboxed code to make network requests outside of the sandbox. A patch for this was released in v0.0.16. | ||||
| CVE-2025-20049 | 2026-04-15 | 5.8 Medium | ||
| The Dario Health portal service application is vulnerable to XSS, which could allow an attacker to obtain sensitive information. | ||||
| CVE-2023-7062 | 2026-04-15 | 8.8 High | ||
| The Advanced File Manager Shortcodes plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4. This makes it possible for attackers with contributor access or higher to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-20060 | 2026-04-15 | 7.5 High | ||
| An attacker could expose cross-user personal identifiable information (PII) and personal health information transmitted to the Android device via the Dario Health application database. | ||||
| CVE-2019-25361 | 1 Ayukov | 1 Ayukov Nftp Client | 2026-04-15 | 9.8 Critical |
| Ayukov NFTP client 1.71 contains a buffer overflow vulnerability in the SYST command handling that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted SYST command with oversized payload to trigger a buffer overflow and execute a bind shell on port 5150. | ||||