Export limit exceeded: 347681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347681 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347681 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-51989 | 1 Evolution Consulting | 1 Hrmaster | 2026-04-15 | 7 High |
| HTML injection vulnerability in the registration interface in Evolution Consulting Kft. HRmaster module v235 allows an attacker to inject HTML tags into the "keresztnév" (firstname) field, which will be sent out in an email resulting in possible Phishing scenarios against any, previously not registered, email address. | ||||
| CVE-2025-13713 | 1 Tencent | 1 Hunyuan3d-1 | 2026-04-15 | N/A |
| Tencent Hunyuan3D-1 load_pretrained Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent Hunyuan3D-1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the load_pretrained function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27191. | ||||
| CVE-2024-55413 | 2026-04-15 | 7.8 High | ||
| A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | ||||
| CVE-2025-52130 | 2026-04-15 | 5.4 Medium | ||
| File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution (RCE) on the web server. | ||||
| CVE-2025-52132 | 1 Xwiki | 1 Mocca Calendar | 2026-04-15 | 6.4 Medium |
| The Mocca Calendar application before 2.15 for XWiki allows XSS via a title to the view event page. | ||||
| CVE-2022-50732 | 1 Linux | 1 Linux Kernel | 2026-04-15 | N/A |
| In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192u: Fix use after free in ieee80211_rx() We cannot dereference the "skb" pointer after calling ieee80211_monitor_rx(), because it is a use after free. | ||||
| CVE-2025-52162 | 2026-04-15 | 6.5 Medium | ||
| agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input. | ||||
| CVE-2025-52169 | 2026-04-15 | 7.1 High | ||
| agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability. | ||||
| CVE-2025-62876 | 1 Kde | 1 Kde | 2026-04-15 | N/A |
| A Execution with Unnecessary Privileges vulnerability in lightdm-kde-greeter allows escalation from the service user to root.This issue affects lightdm-kde-greeter. before 6.0.4. | ||||
| CVE-2025-52207 | 2026-04-15 | 9.9 Critical | ||
| PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. | ||||
| CVE-2025-52263 | 1 Starcharge | 1 Artemis | 2026-04-15 | 8 High |
| An issue in the Web Configuration module of Startcharge Artemis AC Charger 7-22 kW v1.0.4 allows authenticated network-adjacent attackers to upload crafted firmware, leading to arbitrary code execution. | ||||
| CVE-2025-62877 | 1 Suse | 1 Harvester | 2026-04-15 | 9.8 Critical |
| Projects using the SUSE Virtualization (Harvester) environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utilized along with the Harvester configuration setup. | ||||
| CVE-2025-52268 | 1 Starcharge | 1 Artemis | 2026-04-15 | 7.5 High |
| StarCharge Artemis AC Charger 7-22 kW v1.0.4 was discovered to contain a hardcoded AES key which allows attackers to forge or decrypt valid login tokens. | ||||
| CVE-2025-52294 | 2026-04-15 | 5.7 Medium | ||
| Insufficient validation of the screen lock mechanism in Trust Wallet v8.45 allows physically proximate attackers to bypass the lock screen and view the wallet balance. | ||||
| CVE-2025-13714 | 1 Tencent | 1 Medicalnet | 2026-04-15 | N/A |
| Tencent MedicalNet generate_model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tencent MedicalNet. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the generate_model function. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-27192. | ||||
| CVE-2025-52362 | 1 Phproxy | 1 Phproxy | 2026-04-15 | 9.1 Critical |
| Server-Side Request Forgery (SSRF) vulnerability exists in the URL processing functionality of PHProxy version 1.1.1 and prior. The input validation for the _proxurl parameter can be bypassed, allowing a remote, unauthenticated attacker to submit a specially crafted URL | ||||
| CVE-2025-52376 | 2026-04-15 | 9.8 Critical | ||
| An authentication bypass vulnerability in the /web/um_open_telnet.cgi endpoint in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below, allowing an attacker to remotely enable the Telnet service without authentication, bypassing security controls. The Telnet server is then accessible with hard-coded credentials, allowing attackers to gain administrative shell access and execute arbitrary commands on the device. | ||||
| CVE-2024-40431 | 1 Realtek | 1 Sd Card Reader Driver | 2026-04-15 | 8.8 High |
| A lack of input validation in Realtek SD card reader driver before 10.0.26100.21374 through the implementation of the IOCTL_SCSI_PASS_THROUGH control of the SD card reader driver allows an attacker to write to predictable kernel memory locations, even as a low-privileged user. | ||||
| CVE-2025-52377 | 2026-04-15 | 5.4 Medium | ||
| Command injection vulnerability in Nexxt Solutions NCM-X1800 Mesh Router versions UV1.2.7 and below, allowing authenticated attackers to execute arbitrary commands on the device. The vulnerability is present in the web management interface's ping and traceroute functionality, specifically in the /web/um_ping_set.cgi endpoint. The application fails to properly sanitize user input in the `Ping_host_text` parameter before passing it to the underlying system command, allowing attackers to inject and execute arbitrary shell commands as the root user. | ||||
| CVE-2025-52378 | 2026-04-15 | 5.4 Medium | ||
| Cross-Site Scripting (XSS) vulnerability in Nexxt Solutions NCM-X1800 Mesh Router firmware UV1.2.7 and below allowing attackers to inject JavaScript code that is executed in the context of administrator sessions when viewing the device management page via the DEVICE_ALIAS parameter to the /web/um_device_set_aliasname endpoint. | ||||