Export limit exceeded: 357024 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2304 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-14892 | 2 Prime Listing Manager, Wordpress | 2 Prime Listing Manager, Wordpress | 2026-04-27 | 9.8 Critical |
| The Prime Listing Manager WordPress plugin through 1.1 allows an attacker to gain administrative access without having any kind of account on the targeted site and perform unauthorized actions due to a hardcoded secret. | ||||
| CVE-2026-31646 | 1 Linux | 1 Linux Kernel | 2026-04-27 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: net: lan966x: fix page_pool error handling in lan966x_fdma_rx_alloc_page_pool() page_pool_create() can return an ERR_PTR on failure. The return value is used unconditionally in the loop that follows, passing the error pointer through xdp_rxq_info_reg_mem_model() into page_pool_use_xdp_mem(), which dereferences it, causing a kernel oops. Add an IS_ERR check after page_pool_create() to return early on failure. | ||||
| CVE-2026-34065 | 1 Nimiq | 2 Nimiq-primitives, Nimiq Proof-of-stake | 2026-04-27 | 7.5 High |
| nimiq-primitives contains primitives (e.g., block, account, transaction) to be used in Nimiq's Rust implementation. Prior to version 1.3.0, an untrusted p2p peer can cause a node to panic by announcing an election macro block whose `validators` set contains an invalid compressed BLS voting key. Hashing an election macro header hashes `validators` and reaches `Validators::voting_keys()`, which calls `validator.voting_key.uncompress().unwrap()` and panics on invalid bytes. The patch for this vulnerability is included as part of v1.3.0. No known workarounds are available. | ||||
| CVE-2026-40225 | 2 Systemd, Systemd Project | 2 Systemd, Systemd | 2026-04-27 | 6.4 Medium |
| In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output. | ||||
| CVE-2025-1790 | 1 Genetec Inc. | 1 Genetec Sipelia | 2026-04-26 | N/A |
| Local privilege escalation in Genetec Sipelia Plugin. An authenticated low-privileged Windows user could exploit this vulnerability to gain elevated privileges on the affected system. | ||||
| CVE-2026-23370 | 1 Linux | 1 Linux Kernel | 2026-04-24 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Don't hex dump plaintext password data set_new_password() hex dumps the entire buffer, which contains plaintext password data, including current and new passwords. Remove the hex dump to avoid leaking credentials. | ||||
| CVE-2026-4993 | 1 Wandb | 1 Openui | 2026-04-24 | 3.3 Low |
| A vulnerability has been found in wandb OpenUI up to 0.0.0.0/1.0. This impacts an unknown function of the file backend/openui/config.py. The manipulation of the argument LITELLM_MASTER_KEY leads to hard-coded credentials. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-5042 | 1 Redhat | 2 Acm, Openshift Data Foundation | 2026-04-24 | 6.6 Medium |
| A flaw was found in the Submariner project. Due to unnecessary role-based access control permissions, a privileged attacker can run a malicious container on a node that may allow them to steal service account tokens and further compromise other nodes and potentially the entire cluster. | ||||
| CVE-2026-22008 | 1 Oracle | 3 Java Se, Jdk, Jre | 2026-04-23 | 3.7 Low |
| Vulnerability in Oracle Java SE (component: Libraries). The supported version that is affected is Oracle Java SE: 25.0.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N). | ||||
| CVE-2008-5188 | 2 Ecryptfs, Redhat | 2 Ecryptfs Utils, Enterprise Linux | 2026-04-23 | N/A |
| The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process. | ||||
| CVE-2008-6524 | 1 Cale Dunlap | 1 Openinvoice | 2026-04-23 | N/A |
| resetpass.php in openInvoice 0.90 beta and earlier allows remote authenticated users to change the passwords of arbitrary users via a modified uid parameter. NOTE: this can be leveraged with a separate vulnerability in auth.php to modify passwords without authentication. | ||||
| CVE-2009-1000 | 1 Oracle | 1 E-business Suite | 2026-04-23 | N/A |
| The Oracle Applications Framework component in Oracle E-Business Suite 12.0.6 and 11i10CU2 uses default passwords for unspecified "FND Applications Users (not DB users)," which has unknown impact and attack vectors. | ||||
| CVE-2008-3617 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Remote Management and Screen Sharing in Apple Mac OS X 10.5 through 10.5.4, when used to set a password for a VNC viewer, displays additional input characters beyond the maximum password length, which might make it easier for attackers to guess passwords that the user believed were longer. | ||||
| CVE-2007-1068 | 2 Cisco, Meetinghouse | 4 Secure Services Client, Security Agent, Trust Agent and 1 more | 2026-04-23 | N/A |
| The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423. | ||||
| CVE-2008-3067 | 1 Suse | 1 Opensuse | 2026-04-23 | N/A |
| sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits. | ||||
| CVE-2009-3180 | 1 Anantasoft | 1 Gazelle Cms | 2026-04-23 | N/A |
| Anantasoft Gazelle CMS 1.0 allows remote attackers to conduct a password reset for other users via a modified user parameter to renew.php. | ||||
| CVE-2009-3710 | 1 Riorey | 1 Rios | 2026-04-23 | N/A |
| RioRey RIOS 4.6.6 and 4.7.0 uses an undocumented, hard-coded username (dbadmin) and password (sq!us3r) for an SSH tunnel, which allows remote attackers to gain privileges via port 8022. | ||||
| CVE-2010-0227 | 1 Verbatim | 1 Corporate Secure | 2026-04-23 | N/A |
| Verbatim Corporate Secure and Corporate Secure FIPS Edition USB flash drives validate passwords with a program running on the host computer rather than the device hardware, which allows physically proximate attackers to access the cleartext drive contents via a modified program. | ||||
| CVE-2009-4463 | 1 Intellicom | 3 Netbiter Webscada Firmware, Netbiter Webscada Ws100, Netbiter Webscada Ws200 | 2026-04-23 | N/A |
| Intellicom NetBiter WebSCADA devices use default passwords for the HICP network configuration service, which makes it easier for remote attackers to modify network settings and cause a denial of service. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: this issue was originally reported to be hard-coded passwords, not default passwords. | ||||
| CVE-2009-0015 | 1 Apple | 2 Mac Os X, Mac Os X Server | 2026-04-23 | N/A |
| Unspecified vulnerability in fseventsd in the FSEvents framework in Apple Mac OS X 10.5.6 allows local users to obtain sensitive information (filesystem activities and directory names) via unknown vectors related to "credential management." | ||||