Export limit exceeded: 347179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347179 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347179 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31253 | 1 Apple | 2 Ipados, Iphone Os | 2026-04-28 | 7.1 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.5 and iPadOS 18.5. Muting the microphone during a FaceTime call may not result in audio being silenced. | ||||
| CVE-2025-32975 | 1 Quest | 1 Kace Systems Management Appliance | 2026-04-28 | 10 Critical |
| Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability exists in the SSO authentication handling mechanism and can lead to complete administrative takeover. | ||||
| CVE-2025-43248 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 7.8 High |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7. A malicious app may be able to gain root privileges. | ||||
| CVE-2025-43204 | 1 Apple | 1 Macos | 2026-04-28 | 7.8 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26. An app may be able to break out of its sandbox. | ||||
| CVE-2025-43359 | 1 Apple | 10 Ios, Ipados, Iphone Os and 7 more | 2026-04-28 | 9.8 Critical |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all interfaces. | ||||
| CVE-2025-43383 | 1 Apple | 8 Ios, Ipad Os, Ipados and 5 more | 2026-04-28 | 4.3 Medium |
| An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. | ||||
| CVE-2025-43454 | 1 Apple | 4 Ios, Ipad Os, Ipados and 1 more | 2026-04-28 | 7.5 High |
| This issue was addressed through improved state management. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1. A device may persistently fail to lock. | ||||
| CVE-2025-43398 | 1 Apple | 9 Ios, Ipados, Iphone Os and 6 more | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1, tvOS 26.1, visionOS 26.1, watchOS 26.1. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-43420 | 1 Apple | 3 Macos, Macos Sequoia, Macos Sonoma | 2026-04-28 | 4.7 Medium |
| A race condition was addressed with improved state handling. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data. | ||||
| CVE-2025-12820 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 5.3 Medium |
| The Pure WC Variation Swatches WordPress plugin through 1.1.7 does not have an authorization check when updating its settings, which could allow any authenticated users to update them. | ||||
| CVE-2026-1603 | 1 Ivanti | 1 Endpoint Manager | 2026-04-28 | 8.6 High |
| An authentication bypass in Ivanti Endpoint Manager before version 2024 SU5 allows a remote unauthenticated attacker to leak specific stored credential data. | ||||
| CVE-2026-7294 | 1 Sourcecodester | 1 Pizzafy Ecommerce System | 2026-04-28 | 2.4 Low |
| A flaw has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this vulnerability is the function save_settings of the file /admin/index.php?page=save_settings. This manipulation of the argument Name causes cross site scripting. The attack may be initiated remotely. The exploit has been published and may be used. | ||||
| CVE-2024-1708 | 1 Connectwise | 1 Screenconnect | 2026-04-28 | 8.4 High |
| ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | ||||
| CVE-2026-5822 | 2026-04-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2026-7322 | 1 Mozilla | 1 Firefox | 2026-04-28 | 7.3 High |
| Memory safety bugs present in Firefox ESR 115.35.0, Firefox ESR 140.10.0 and Firefox 150.0.0. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 150.0.1, Firefox ESR 140.10.1, and Firefox ESR 115.35.1. | ||||
| CVE-2026-6238 | 1 The Gnu C Library | 1 Glibc | 2026-04-28 | 6.5 Medium |
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. | ||||
| CVE-2026-41873 | 1 Apache | 1 Pony Mail | 2026-04-28 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Pony Mail leading to admin account takeover. This issue affects all versions of the Lua implementation of Pony Mail. There is a Python implementation under development under the name "Pony Mail Foal" that is not affected by this issue, but hasn't been released yet. As the Lua implementation of this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-62958 | 1 Wordpress | 1 Wordpress | 2026-04-28 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Clifton Griffin Simple Content Templates for Blog Posts & Pages simple-post-template allows Cross Site Request Forgery.This issue affects Simple Content Templates for Blog Posts & Pages: from n/a through <= 2.2.61. | ||||
| CVE-2026-7295 | 1 Sourcecodester | 1 Pizzafy Ecommerce System | 2026-04-28 | 2.4 Low |
| A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. Affected by this issue is the function save_menu of the file /admin/ajax.php?action=save_menu. Such manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-4342 | 1 Kubernetes | 1 Ingress-nginx | 2026-04-28 | 8.8 High |
| A security issue was discovered in ingress-nginx where a combination of Ingress annotations can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.) | ||||