Export limit exceeded: 11943 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-12868 | 1 Cybertutor | 1 New Site Server | 2026-04-15 | 9.8 Critical |
| New Site Server developed by CyberTutor has a Use of Client-Side Authentication vulnerability, allowing unauthenticated remote attackers to modify the frontend code to gain administrator privileges on the website. | ||||
| CVE-2025-0337 | 2026-04-15 | 6.5 Medium | ||
| ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise would not be entitled to access. This issue is addressed in the listed patches and family release, which have been made available to hosted and self-hosted customers, as well as partners. | ||||
| CVE-2025-30075 | 2 Microsoft, Mindmanager | 2 Windows, Mindmanager | 2026-04-15 | 2.2 Low |
| In Alludo MindManager before 25.0.208 on Windows, attackers could potentially execute code as other local users on the same machine if they could write DLL files to directories within victims' DLL search paths. | ||||
| CVE-2024-53995 | 2026-04-15 | N/A | ||
| SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter. | ||||
| CVE-2024-4843 | 2026-04-15 | 4.3 Medium | ||
| ePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged user to manipulate the client task and client task assignments, hence escalating his/her privilege. | ||||
| CVE-2025-41688 | 2 Helmholz, Mbconnectline | 4 Rex 200, Rex 300, Mbnet Hw1 and 1 more | 2026-04-15 | 7.2 High |
| A high privileged remote attacker can execute arbitrary OS commands using an undocumented method allowing to escape the implemented LUA sandbox. | ||||
| CVE-2025-54992 | 1 Telstra | 1 Openkilda | 2026-04-15 | N/A |
| OpenKilda is an open-source OpenFlow controller. Prior to version 1.164.0, an XML external entity (XXE) injection vulnerability was found in OpenKilda which in combination with GHSL-2025-024 allows unauthenticated attackers to exfiltrate information from the instance where the OpenKilda UI is running. This issue may lead to Information disclosure. This issue has been patched in version 1.164.0. | ||||
| CVE-2025-12351 | 1 Honeywell | 1 S35 Camera | 2026-04-15 | 6.8 Medium |
| Honeywell S35 Series Cameras contains an authorization bypass Vulnerability through User controller key. An attacker could potentially exploit this vulnerability, leading to Privilege Escalation to admin privileged functionalities . Honeywell also recommends updating to the most recent version of this product, service or offering (S35 Pinhole/Kit Camera to version 2025.08.28, S35 AI Fisheye & Dual Sensor/Micro Dome/Full Color Eyeball & Bullet Camera to version 2025.08.22, S35 Thermal Camera to version 2025.08.26). | ||||
| CVE-2024-46528 | 1 Kubesphere | 1 Kubesphere | 2026-04-15 | 4.3 Medium |
| An Insecure Direct Object Reference (IDOR) vulnerability in KubeSphere 4.x before 4.1.3 and 3.x through 3.4.1 and KubeSphere Enterprise 4.x before 4.1.3 and 3.x through 3.5.0 allows low-privileged authenticated attackers to access sensitive resources without proper authorization checks. | ||||
| CVE-2024-56969 | 2026-04-15 | 6.5 Medium | ||
| An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56966 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56965 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56964 | 2026-04-15 | 6.5 Medium | ||
| An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56963 | 2026-04-15 | 6.5 Medium | ||
| An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2025-0575 | 2026-04-15 | 3.9 Low | ||
| A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-56962 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56960 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-11318 | 1 Baratz Innovacion | 1 Absysnet | 2026-04-15 | 7.5 High |
| An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint. | ||||
| CVE-2024-56959 | 2026-04-15 | 6.5 Medium | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56955 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tencent Technology (Shenzhen) Company Limited QQMail iOS 6.6.4 allows attackers to access sensitive user information via supplying a crafted link. | ||||