Export limit exceeded: 347776 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347776 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22185 | 1 Intel | 2 4th Generation Intel Xeon Processor Scalable Family, 5th Generation Intel Xeon Processor Scalable Family | 2026-04-15 | 7.2 High |
| Time-of-check Time-of-use Race Condition in some Intel(R) processors with Intel(R) ACTM may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21871 | 1 Intel | 153 Celeron G3900 Firmware, Celeron G3900te Firmware, Core I3-6100 Firmware and 150 more | 2026-04-15 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-57848 | 1 Redhat | 1 Container Native Virtualization | 2026-04-15 | 6.4 Medium |
| A container privilege escalation flaw was found in certain Container-native Virtualization images. This issue stems from the /etc/passwd file being created with group-writable permissions during build time. In certain conditions, an attacker who can execute commands within an affected container, even as a non-root user, can leverage their membership in the root group to modify the /etc/passwd file. This could allow the attacker to add a new user with any arbitrary UID, including UID 0, leading to full root privileges within the container. | ||||
| CVE-2025-67971 | 2 Wordpress, Wpmanageninja | 2 Wordpress, Fluentcart | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja FluentCart fluent-cart allows Reflected XSS.This issue affects FluentCart: from n/a through < 1.3.0. | ||||
| CVE-2024-21829 | 1 Intel | 1 Processors | 2026-04-15 | 7.5 High |
| Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-13635 | 2 Vektor-inc, Wordpress | 2 Vk Blocks, Wordpress | 2026-04-15 | 4.3 Medium |
| The VK Blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.94.2.2 via the page content block. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including the content of private posts and pages. | ||||
| CVE-2025-5688 | 1 Amazon | 1 Freertos | 2026-04-15 | N/A |
| We have identified a buffer overflow issue allowing out-of-bounds write when processing LLMNR or mDNS queries with very long DNS names. This issue only affects systems using Buffer Allocation Scheme 1 with LLMNR or mDNS enabled. Users should upgrade to the latest version and ensure any forked or derivative code is patched to incorporate the new fixes. | ||||
| CVE-2025-5690 | 1 Dalibo | 1 Postgresql Anonymizer | 2026-04-15 | 6.5 Medium |
| PostgreSQL Anonymizer v2.0 and v2.1 contain a vulnerability that allows a masked user to bypass the masking rules defined on a table and read the original data using a database cursor or the --insert option of pg_dump. This problem occurs only when dynamic masking is enabled, which is not the default setting. The problem is resolved in version 2.2.1 | ||||
| CVE-2024-53542 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger via a crafted GET request. | ||||
| CVE-2023-40747 | 1 Aki | 5 Pmman.exe\/enterprise Edition\/, Pmman.exe\/pro Edition\/, Pmman.exe\/pro Plus Imap4 Edition\/ and 2 more | 2026-04-15 | 7.5 High |
| Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. | ||||
| CVE-2025-57176 | 2026-04-15 | 6.5 Medium | ||
| On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption (metadata only) with file contents transmitted in cleartext. No authentication or path validation is performed. | ||||
| CVE-2025-5719 | 2026-04-15 | N/A | ||
| The wallet has an authentication bypass vulnerability that allows access to specific pages. | ||||
| CVE-2025-12721 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The g-FFL Cockpit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.1 via the /server_status REST API endpoint due to a lack of capability checks. This makes it possible for unauthenticated attackers to extract information about the server. | ||||
| CVE-2024-6545 | 1 Coffee2code | 1 Admin Trim Interface | 2026-04-15 | 5.3 Medium |
| The Admin Trim Interface plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 3.5.1. This is due to the plugin utilizing bootstrap and leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-57079 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.deepMerge function of @zag-js/core v0.50.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2023-47232 | 2 Mojofywp, Wordpress | 2 Wp Affiliate Disclosure, Wordpress | 2026-04-15 | 4.3 Medium |
| Vulnerability in mojofywp WP Affiliate Disclosure wp-affiliate-disclosure.This issue affects WP Affiliate Disclosure: from n/a through 1.2.6. | ||||
| CVE-2023-42772 | 1 Intel | 112 Core I9-10900x X-series Firmware, Core I9-10920x X-series Firmware, Core I9-10940x X-series Firmware and 109 more | 2026-04-15 | 8.2 High |
| Untrusted pointer dereference in UEFI firmware for some Intel(R) reference processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-30234 | 2026-04-15 | 8.3 High | ||
| SmartOS, as used in Triton Data Center and other products, has static host SSH keys in the 60f76fd2-143f-4f57-819b-1ae32684e81b image (a Debian 12 LX zone image from 2024-07-26). | ||||
| CVE-2025-57266 | 1 Thrivex | 1 Blog | 2026-04-15 | 9.8 Critical |
| An issue was discovered in file AssistantController.java in ThriveX Blogging Framework 2.5.9 thru 3.1.3 allowing unauthenticated attackers to gain sensitive information such as API Keys via the /api/assistant/list endpoint. | ||||
| CVE-2024-53933 | 2026-04-15 | 6.3 Medium | ||
| The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component. | ||||