Export limit exceeded: 357806 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45226 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45226 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52545 | 1 Lorextechnology | 1 W461asc-e Firmware | 2026-04-15 | 6.5 Medium |
| An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | ||||
| CVE-2024-52547 | 1 Lorextechnology | 1 W461asc-e Firmware | 2026-04-15 | 7.2 High |
| An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | ||||
| CVE-2024-9102 | 2026-04-15 | N/A | ||
| phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. NOTE: This vulnerability will not be addressed, the maintainer's position is that it is not the intention of phpLDAPadmin to control what data Administrators can put in their LDAP database, nor filter it on export. | ||||
| CVE-2025-5898 | 1 Gnu | 1 Pspp | 2026-04-15 | 5.3 Medium |
| A vulnerability classified as critical has been found in GNU PSPP 82fb509fb2fedd33e7ac0c46ca99e108bb3bdffb. Affected is the function parse_variables_option of the file utilities/pspp-convert.c. The manipulation leads to out-of-bounds write. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-13132 | 1 The Browser Company | 1 Dia | 2026-04-15 | 7.4 High |
| This vulnerability allowed a site to enter fullscreen, after a user click, without a full-screen notification (toast) appearing. Without this notification, users could potentially be misled about what site they were on if a malicious site renders a fake UI (like a fake address bar.) | ||||
| CVE-2024-24293 | 1 Miguelcastillo | 1 Bit-loader | 2026-04-15 | 8.8 High |
| A Prototype Pollution issue in MiguelCastillo @bit/loader v.10.0.3 allows an attacker to execute arbitrary code via the M function e argument in index.js. | ||||
| CVE-2025-0425 | 2026-04-15 | N/A | ||
| Via the GUI of the "bestinformed Infoclient", a low-privileged user is by default able to change the server address of the "bestinformed Server" to which this client connects. This is dangerous as the "bestinformed Infoclient" runs with elevated permissions ("nt authority\system"). By changing the server address to a malicious server, or a script simulating a server, the user is able to escalate his privileges by abusing certain features of the "bestinformed Web" server. Those features include: * Pushing of malicious update packages * Arbitrary Registry Read as "nt authority\system" An attacker is able to escalate his privileges to "nt authority\system" on the Windows client running the "bestinformed Infoclient". This attack is not possible if a custom configuration ("Infoclient.ini") containing the flags "ShowOnTaskbar=false" or "DisabledItems=stPort,stAddress" is deployed. | ||||
| CVE-2025-24328 | 2026-04-15 | 4.2 Medium | ||
| Sending a crafted SOAP "set" operation message within the Mobile Network Operator (MNO) internal Radio Access Network (RAN) management network can cause Nokia Single RAN baseband OAM service component restart with software versions earlier than release 24R1-SR 1.0 MP. This issue has been corrected to release 24R1-SR 1.0 MP and later. The OAM service component restarts automatically after the stack overflow without causing a base station restart or network service degradation, and without leaving any permanent impact on the Nokia Single RAN baseband OAM service. | ||||
| CVE-2025-24345 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability in the “Hosts” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the “hosts” file in an unintended manner via a crafted HTTP request. | ||||
| CVE-2025-26278 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.set function of dref v0.1.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-27253 | 2026-04-15 | 6.1 Medium | ||
| A CWE-15 "External Control of System or Configuration Setting" in GE Vernova UR IED family devices from version 7.0 up to 8.60 allows an attacker to provide input that establishes a TCP connection through a port forwarding. The lack of the IP address and port validation may allow the attacker to bypass firewall rules or to send malicious traffic in the network. | ||||
| CVE-2025-27839 | 2026-04-15 | 3.2 Low | ||
| operations/attestation/AttestationTask.kt in the Tangem SDK before 5.18.3 for Android has a logic flow in offline wallet attestation (genuineness check) that causes verification results to be disregarded during the first scan of a card. Exploitation may not have been possible. | ||||
| CVE-2025-29943 | 1 Amd | 6 Epyc, Epyc 8004, Epyc 9004 and 3 more | 2026-04-15 | 3.2 Low |
| Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest. | ||||
| CVE-2025-29948 | 1 Amd | 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors | 2026-04-15 | N/A |
| Improper access control in AMD Secure Encrypted Virtualization (SEV) firmware could allow a malicious hypervisor to bypass RMP protections, potentially resulting in a loss of SEV-SNP guest memory integrity. | ||||
| CVE-2025-30415 | 2026-04-15 | N/A | ||
| Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186. | ||||
| CVE-2025-32062 | 1 Bosch | 1 Infotainment System Ecu | 2026-04-15 | 8.8 High |
| The specific flaw exists within the Bluetooth stack developed by Alps Alpine of the Infotainment ECU manufactured by Bosch. The issue results from the lack of proper boundary validation of user-supplied data, which can result in a stack-based buffer overflow when receiving a specific packet on the established upper layer L2CAP channel. An attacker can leverage this vulnerability to obtain remote code execution on the Infotainment ECU with root privileges. First identified on Nissan Leaf ZE1 manufactured in 2020. | ||||
| CVE-2025-3854 | 2026-04-15 | 8 High | ||
| A vulnerability, which was classified as critical, was found in H3C GR-3000AX up to V100R006. Affected is the function EnableIpv6/UpdateWanModeMulti/UpdateIpv6Params/EditWlanMacList/Edit_List_SSID of the file /goform/aspForm of the component HTTP POST Request Handler. The manipulation of the argument param leads to buffer overflow. The attack needs to be initiated within the local network. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. Other functions might be affected as well. | ||||
| CVE-2024-37816 | 2026-04-15 | 4.2 Medium | ||
| Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. | ||||
| CVE-2025-22392 | 1 Intel | 2 Amt, Standard Manageability | 2026-04-15 | 4.4 Medium |
| Out-of-bounds read in firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via network access. | ||||
| CVE-2025-22840 | 1 Intel | 3 Processors, Xeon, Xeon Processors | 2026-04-15 | 7.4 High |
| Sequence of processor instructions leads to unexpected behavior for some Intel(R) Xeon(R) 6 Scalable processors may allow an authenticated user to potentially enable escalation of privilege via local access | ||||