Export limit exceeded: 11982 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (11982 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-1494 1 Cisco 2 Firepower Threat Defense Software, Utd Snort Ips Engine Software 2026-04-15 5.8 Medium
Multiple Cisco products are affected by a vulnerability in the Snort detection engine that could allow an unauthenticated, remote attacker to bypass a configured file policy for HTTP. The vulnerability is due to incorrect handling of specific HTTP header parameters. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass a configured file policy for HTTP packets and deliver a malicious payload.
CVE-2021-27700 2026-04-15 7.6 High
SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc.
CVE-2025-62292 1 Sonarsource 1 Sonarqube 2026-04-15 4.3 Medium
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
CVE-2021-37577 2026-04-15 6.8 Medium
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558.
CVE-2025-4044 2 Lexmark, Microsoft 2 Universal Print Driver, Windows 2026-04-15 8.2 High
Improper Restriction of XML External Entity Reference in various Lexmark printer drivers for Windows allows attacker to disclose sensitive information to an arbitrary URL.
CVE-2025-53969 1 Cognex 2 In-sight Camera Firmware, In-sight Explorer 2026-04-15 8.8 High
Cognex In-Sight Explorer and In-Sight Camera Firmware expose a service implementing a proprietary protocol on TCP port 1069 to allow the client-side software, such as the In-Sight Explorer tool, to perform management operations such as changing network settings or modifying users' access to the device.
CVE-2025-52389 2026-04-15 8.8 High
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.
CVE-2024-56968 2026-04-15 6.5 Medium
An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload.
CVE-2025-66384 1 Misp 1 Misp 2026-04-15 8.2 High
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name.
CVE-2024-3019 1 Redhat 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more 2026-04-15 8.8 High
A flaw was found in PCP. The default pmproxy configuration exposes the Redis server backend to the local network, allowing remote command execution with the privileges of the Redis user. This issue can only be exploited when pmproxy is running. By default, pmproxy is not running and needs to be started manually. The pmproxy service is usually started from the 'Metrics settings' page of the Cockpit web interface. This flaw affects PCP versions 4.3.4 and newer.
CVE-2025-20317 1 Cisco 3 Integrated Management Controller, Ucs Manager, Virtual Keyboard Video Monitor 2026-04-15 7.1 High
A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an unauthenticated, remote attacker to redirect a user to a malicious website. This vulnerability is due to insufficient verification of vKVM endpoints. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious webpage and potentially capture user credentials. Note: The affected vKVM client is also included in Cisco UCS Manager.
CVE-2025-65100 1 Ilbers 1 Isar 2026-04-15 N/A
Isar is an integration system for automated root filesystem generation. In versions 0.11-rc1 and 0.11, defining ISAR_APT_SNAPSHOT_DATE alone does not set the correct timestamp value for security distribution, leading to missed security updates. This issue has been patched via commit 738bcbb.
CVE-2025-3114 2026-04-15 N/A
Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls.
CVE-2024-56948 2026-04-15 6.5 Medium
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56947 2026-04-15 6.5 Medium
An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-21813 2026-04-15 7.9 High
Exposure of resource to wrong sphere in some Intel(R) DTT software installers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-46455 2026-04-15 9.8 Critical
unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser.
CVE-2024-52807 1 Hl7 1 Fhir Ig Publisher 2026-04-15 8.6 High
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.publisher is being used to within a host where external clients can submit XML. A previous release provided an incomplete solution revealed by new testing. This issue has been patched as of version 1.7.4. No known workarounds are available.
CVE-2024-22248 2026-04-15 7.1 High
VMware SD-WAN Orchestrator contains an open redirect vulnerability. A malicious actor may be able to redirect a victim to an attacker controlled domain due to improper path handling leading to sensitive information disclosure.
CVE-2024-31157 1 Redhat 1 Enterprise Linux 2026-04-15 5.3 Medium
Improper initialization in UEFI firmware OutOfBandXML module in some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access.