Export limit exceeded: 14519 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25875 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25875 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26279 | 2026-04-15 | 5.9 Medium | ||
| Some parameters of the weather module are improperly stored, leaking some sensitive information. | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2026-04-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2020-13481 | 2026-04-15 | 6.1 Medium | ||
| Certain Lexmark products through 2020-05-25 allow XSS which allows an attacker to obtain session credentials and other sensitive information. | ||||
| CVE-2019-25337 | 1 Owncloud | 1 Owncloud | 2026-04-15 | 9.8 Critical |
| OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information. | ||||
| CVE-2020-37093 | 1 Netis-systems | 1 Netis E1+ | 2026-04-15 | 7.5 High |
| Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text. | ||||
| CVE-2021-26281 | 2026-04-15 | 5.5 Medium | ||
| Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | ||||
| CVE-2020-12487 | 2026-04-15 | 7 High | ||
| Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege. | ||||
| CVE-2025-29745 | 1 Emsisoft | 1 Anti-malware | 2026-04-15 | 7.5 High |
| A vulnerability affecting the scanning module in Emsisoft Anti-Malware prior to 2024.12 allows attackers on a remote server to obtain Net-NTLMv2 hash information via a specially created A2S (Emsisoft Custom Scan) extension file. | ||||
| CVE-2025-4276 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 7.5 High |
| UsbCoreDxe has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | ||||
| CVE-2025-4277 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 7.5 High |
| Tcg2Smm has a vulnerability which can be used to write arbitrary memory inside SMRAM and execute arbitrary code at SMM level. | ||||
| CVE-2025-4410 | 1 Insyde | 1 Insydeh2o | 2026-04-15 | 7.5 High |
| A buffer overflow vulnerability exists in the module SetupUtility. An attacker with local privileged access can exploit this vulnerability by executeing arbitrary code. | ||||
| CVE-2025-55178 | 1 Meta Platforms Inc | 1 Llama Stack | 2026-04-15 | 5.3 Medium |
| Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution. | ||||
| CVE-2025-0422 | 2026-04-15 | N/A | ||
| An authenticated user in the "bestinformed Web" application can execute commands on the underlying server running the application. (Remote Code Execution) For this, the user must be able to create "ScriptVars" with the type „script" and preview them by, for example, creating a new "Info". By default, admin users have those permissions, but with the granular permission system, those permissions may be assigned to other users. An attacker is able to execute commands on the server running the "bestinformed Web" application if an account with the correct permissions was compromised before. | ||||
| CVE-2025-55165 | 1 Autocaliweb Project | 1 Autocaliweb | 2026-04-15 | 8.3 High |
| Autocaliweb is a web app that offers an interface for browsing, reading, and downloading eBooks using a valid Calibre database. Prior to version 0.8.3, the debug pack generated by Autocaliweb can expose sensitive configuration data, including API keys. This occurs because the to_dict() method, used to serialize configuration for the debug pack, doesn't adequately filter out sensitive fields such as API tokens. Users, unaware of the full contents, might share these debug packs, inadvertently leaking their private API keys. This issue has been patched in version 0.8.3. | ||||
| CVE-2025-56467 | 2 Axis, Google | 2 Axis Mobile App, Android | 2026-04-15 | 6.5 Medium |
| An issue was discovered in AXIS BANK LIMITED Axis Mobile App 9.9 that allows attackers to obtain sensitive information without a UPI PIN, such as account information, balances, transaction history, and unspecified other information. NOTE: the Supplier's perspective is that this is an intended feature and "does not reveal much sensitive information." | ||||
| CVE-2025-61679 | 1 Anyquery | 1 Anyquery | 2026-04-15 | 7.7 High |
| Anyquery is an SQL query engine built on top of SQLite. Versions 0.4.3 and below allow attackers who have already gained access to localhost, even with low privileges, to use the http server through the port unauthenticated, and access private integration data like emails, without any warning of a foreign login from the provider. This issue is fixed in version 0.4.4. | ||||
| CVE-2021-47154 | 2026-04-15 | 6.3 Medium | ||
| The Net::CIDR::Lite module before 0.22 for Perl does not properly consider extraneous zero characters at the beginning of an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses. | ||||
| CVE-2025-3837 | 2026-04-15 | N/A | ||
| An improper input validation vulnerability is identified in the End of Life (EOL) OVA based connect component which is deployed for installation purposes in the customer internal network. This EOL component was deprecated in September 2023 with end of support extended till January 2024. Under certain circumstances, an actor can manipulate a specific request parameter and inject code execution payload which could lead to a remote code execution on the infrastructure hosting this component. | ||||
| CVE-2024-48125 | 2026-04-15 | 7.5 High | ||
| An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | ||||
| CVE-2024-50338 | 2026-04-15 | 7.4 High | ||
| Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules. | ||||