Export limit exceeded: 347724 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347724 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24456 | 2026-04-15 | 5.9 Medium | ||
| An E-RAB Release Command packet containing a malformed NAS PDU will cause the Athonet MME to immediately crash, potentially due to a buffer overflow. | ||||
| CVE-2024-13710 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| The Estatebud – Properties & Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.0. This is due to missing or incorrect nonce validation on the 'estatebud_settings' page. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2025-54059 | 2026-04-15 | 4.4 Medium | ||
| melange allows users to build apk packages using declarative pipelines. Starting in version 0.23.0 and prior to version 0.29.5, SBOM files generated by melange in apks had file system permissions mode 666. This potentially allows an unprivileged user to tamper with apk SBOMs on a running image, potentially confusing security scanners. An attacker could also perform a DoS under special circumstances. Version 0.29.5 fixes the issue. | ||||
| CVE-2024-50589 | 1 Hasomed | 1 Elefant | 2026-04-15 | 7.5 High |
| An unauthenticated attacker with access to the local network of the medical office can query an unprotected Fast Healthcare Interoperability Resources (FHIR) API to get access to sensitive electronic health records (EHR). | ||||
| CVE-2024-24452 | 1 Athonet | 1 Vepc Mmc | 2026-04-15 | 5.9 Medium |
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | ||||
| CVE-2025-15067 | 2026-04-15 | 7.7 High | ||
| Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installed (ex: innorix/exam) | ||||
| CVE-2025-15065 | 2026-04-15 | 6.3 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared File.This issue affects KESS Enterprise: before *.25.9.19.exe | ||||
| CVE-2025-63046 | 2 Cridio, Wordpress | 2 Listingpro, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CridioStudio ListingPro listingpro-plugin allows DOM-Based XSS.This issue affects ListingPro: from n/a through <= 2.9.9. | ||||
| CVE-2024-12623 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The DICOM Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dcm' shortcode in all versions up to, and including, 0.10.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2025-55014 | 1 Stardict | 1 Stardict | 2026-04-15 | 4.7 Medium |
| The YouDao plugin for StarDict, as used in stardict 3.0.7+git20220909+dfsg-6 in Debian trixie and elsewhere, sends an X11 selection to the dict.youdao.com and dict.cn servers via cleartext HTTP. | ||||
| CVE-2025-54962 | 1 Openplcproject | 2 Openplc, Openplc V3 | 2026-04-15 | 6.4 Medium |
| /edit-user in webserver in OpenPLC Runtime 3 through 9cd8f1b allows authenticated users to upload arbitrary files (such as .html or .svg), and these are then publicly accessible under the /static URI. | ||||
| CVE-2025-6169 | 2026-04-15 | 9.8 Critical | ||
| The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | ||||
| CVE-2025-54596 | 2026-04-15 | 4.3 Medium | ||
| Abnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts. | ||||
| CVE-2025-13859 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The AffiliateX – Amazon Affiliate Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_customization_settings AJAX action in versions 1.0.0 to 1.3.9.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to store arbitrary JavaScript that executes whenever an AffiliateX block renders on the site. | ||||
| CVE-2025-54568 | 2026-04-15 | 3.7 Low | ||
| Akamai Rate Control alpha before 2025 allows attackers to send requests above the stipulated thresholds because the rate is measured separately for each edge node. | ||||
| CVE-2025-63044 | 3 Elementor, Wordpress, Xpro | 3 Elementor, Wordpress, Xpro Elementor Addons | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons xpro-elementor-addons allows DOM-Based XSS.This issue affects Xpro Elementor Addons: from n/a through <= 1.4.19.1. | ||||
| CVE-2025-54558 | 2026-04-15 | 4.1 Medium | ||
| OpenAI Codex CLI before 0.9.0 auto-approves ripgrep (aka rg) execution even with the --pre or --hostname-bin or --search-zip or -z flag. | ||||
| CVE-2024-12169 | 2026-04-15 | 6.5 Medium | ||
| A vulnerability exists in RTU500 IEC 60870-5-104 controlled station functionality and IEC 61850 functionality, that allows an attacker performing a specific attack sequence to restart the affected CMU. This vulnerability only applies, if secure communication using IEC 62351-3 (TLS) is enabled. | ||||
| CVE-2025-54554 | 1 Ticrypt Project | 1 Ticrypt | 2026-04-15 | 5.3 Medium |
| tiaudit in Tera Insights tiCrypt before 2025-07-17 allows unauthenticated REST API requests that reveal sensitive information about the underlying SQL queries and database structure. | ||||
| CVE-2024-0105 | 2026-04-15 | 8.9 High | ||
| NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | ||||