Export limit exceeded: 352624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46358 | 1 Emerson | 1 Valvelink | 2026-04-15 | 7.7 High |
| Emerson ValveLink products do not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. | ||||
| CVE-2025-4636 | 2026-04-15 | 7.8 High | ||
| Due to excessive privileges granted to the web user running the airpointer web platform, a malicious actor that gains control of the this user would be able to privilege escalate to the root user | ||||
| CVE-2025-4637 | 2026-04-15 | N/A | ||
| Divide By Zero vulnerability in davisking dlib allows remote attackers to cause a denial of service via a crafted file. .This issue affects dlib: before <19.24.7. | ||||
| CVE-2025-46383 | 2026-04-15 | 6.1 Medium | ||
| CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | ||||
| CVE-2025-46384 | 2026-04-15 | 8.8 High | ||
| CWE-434 Unrestricted Upload of File with Dangerous Type | ||||
| CVE-2025-46385 | 2026-04-15 | 8.6 High | ||
| CWE-918 Server-Side Request Forgery (SSRF) | ||||
| CVE-2025-46386 | 2026-04-15 | 8.8 High | ||
| CWE-639 Authorization Bypass Through User-Controlled Key | ||||
| CVE-2025-4639 | 2026-04-15 | N/A | ||
| CWE-611 Improper Restriction of XML External Entity Reference in the getDocumentBuilder() method of WebDav servlet in Peergos. This issue affects Peergos through version 1.1.0. | ||||
| CVE-2025-46390 | 2026-04-15 | 7.5 High | ||
| CWE-204: Observable Response Discrepancy | ||||
| CVE-2025-4640 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability in PointCloudLibrary pcl allows Overflow Buffers. Since version 1.14.0, PCL by default uses a zlib installation from the system, unless the user sets WITH_SYSTEM_ZLIB=FALSE. So this potential vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib. | ||||
| CVE-2025-46406 | 2026-04-15 | 5.6 Medium | ||
| A Privilege Context Switching Error (CWE-270) in the Command Center Server could allow a privileged Operator with high level access in one Division to perform limited privileged activities across the Division boundary. This issue affects Command Centre Server: 9.30 prior to 9.30.1874 (MR1), 9.20 prior to 9.20.2337 (MR3), 9.10 prior to 9.10.3194 (MR6), 9.00 prior to 9.00.3371 (MR7), all versions of 8.90 and prior. | ||||
| CVE-2025-46409 | 2026-04-15 | N/A | ||
| Inadequate encryption strength issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If this vulnerability is exploited, a function that requires authentication may be accessed by a remote unauthenticated attacker. | ||||
| CVE-2025-4641 | 2026-04-15 | N/A | ||
| Improper Restriction of XML External Entity Reference vulnerability in bonigarcia webdrivermanager WebDriverManager on Windows, MacOS, Linux (XML parsing components modules) allows Data Serialization External Entities Blowup. This vulnerability is associated with program files src/main/java/io/github/bonigarcia/wdm/WebDriverManager.java. This issue affects webdrivermanager: from 1.0.0 before 6.0.2. | ||||
| CVE-2025-46412 | 2026-04-15 | 9.8 Critical | ||
| Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication. | ||||
| CVE-2025-46413 | 1 Buffalo | 1 Wex-1800ax4 | 2026-04-15 | N/A |
| Use of password hash with insufficient computational effort issue exists in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When WPS is enabled, PIN code and/or Wi-Fi password may be obtained by an attacker. | ||||
| CVE-2025-46415 | 2026-04-15 | 3.2 Low | ||
| A race condition in the Nix, Lix, and Guix package managers allows the removal of content from arbitrary folders. This affects Nix before 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix before 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
| CVE-2025-46416 | 2026-04-15 | 2.9 Low | ||
| The Nix, Lix, and Guix package managers allow a bypass of build isolation in which a user can elevate their privileges to the build user account (e.g., nixbld or guixbuild). This affects Nix through 2.24.15, 2.26.4, 2.28.4, and 2.29.1; Lix through 2.91.2, 2.92.2, and 2.93.1; and Guix before 1.4.0-38.0e79d5b. | ||||
| CVE-2025-46419 | 1 Westermo | 1 Weos | 2026-04-15 | 5.9 Medium |
| Westermo WeOS 5 through 5.23.0 allows a reboot via a malformed ESP packet. | ||||
| CVE-2025-46421 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-04-15 | 6.8 Medium |
| A flaw was found in libsoup. When libsoup clients encounter an HTTP redirect, they mistakenly send the HTTP Authorization header to the new host that the redirection points to. This allows the new host to impersonate the user to the original host that issued the redirect. | ||||
| CVE-2025-4643 | 1 Payloadcms | 1 Payload | 2026-04-15 | N/A |
| Payload uses JSON Web Tokens (JWT) for authentication. After log out JWT is not invalidated, which allows an attacker who has stolen or intercepted token to freely reuse it until expiration date (which is by default set to 2 hours, but can be changed). This issue has been fixed in version 3.44.0 of Payload. | ||||