Export limit exceeded: 352262 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (352262 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29939 | 1 Amd | 8 Epyc 7003 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 5 more | 2026-04-15 | N/A |
| Improper access control in secure encrypted virtualization (SEV) could allow a privileged attacker to write to the reverse map page (RMP) during secure nested paging (SNP) initialization, potentially resulting in a loss of guest memory confidentiality and integrity. | ||||
| CVE-2025-29943 | 1 Amd | 6 Epyc, Epyc 8004, Epyc 9004 and 3 more | 2026-04-15 | 3.2 Low |
| Write what were condition within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest. | ||||
| CVE-2025-29946 | 1 Amd | 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors | 2026-04-15 | N/A |
| Insufficient or Incomplete Data Removal in Hardware Component in SEV firmware doesn't fully flush IOMMU. This can potentially lead to a loss of confidentiality and integrity in guest memory. | ||||
| CVE-2025-29950 | 1 Amd | 19 Epyc 7001 Series Processors, Epyc 7002 Series Processors, Epyc 7003 Series Processors and 16 more | 2026-04-15 | N/A |
| Improper input validation in system management mode (SMM) could allow a privileged attacker to overwrite stack memory leading to arbitrary code execution. | ||||
| CVE-2025-29951 | 1 Amd | 4 Ryzen 5000 Series Mobile Processors With Radeon Graphics, Ryzen Embedded R1000 Series Processors, Ryzen Embedded R2000 Series Processors and 1 more | 2026-04-15 | N/A |
| A buffer overflow in the AMD Secure Processor (ASP) bootloader could allow an attacker to overwrite memory, potentially resulting in privilege escalation and arbitrary code execution. | ||||
| CVE-2025-29952 | 1 Amd | 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors | 2026-04-15 | N/A |
| Improper Initialization within the AMD Secure Encrypted Virtualization (SEV) firmware can allow an admin privileged attacker to corrupt RMP covered memory, potentially resulting in loss of guest memory integrity | ||||
| CVE-2025-29993 | 2026-04-15 | N/A | ||
| The affected versions of PowerCMS allow HTTP header injection. This vulnerability can be leveraged to direct the affected product to send email with a tampered URL, such as password reset mail. | ||||
| CVE-2025-29994 | 2026-04-15 | N/A | ||
| This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts. | ||||
| CVE-2025-29995 | 2026-04-15 | N/A | ||
| This vulnerability exists in the CAP back office application due to a weak password-reset mechanism implemented at API endpoints. An authenticated remote attacker with a valid login ID could exploit this vulnerability through vulnerable API endpoint which could lead to account takeover of targeted users. | ||||
| CVE-2025-29996 | 2026-04-15 | N/A | ||
| This vulnerability exists in the CAP back office application due to improper implementation of OTP verification mechanism in its API based login. A remote attacker with valid credentials could exploit this vulnerability by manipulating API request URL/payload. Successful exploitation of this vulnerability could allow the attacker to bypass Two-Factor Authentication (2FA) for other user accounts. | ||||
| CVE-2025-29997 | 2026-04-15 | N/A | ||
| This vulnerability exists in the CAP back office application due to improper authorization checks on certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating API request URL to gain unauthorized access to other user accounts. | ||||
| CVE-2025-29998 | 2026-04-15 | N/A | ||
| This vulnerability exists in the CAP back office application due to missing rate limiting on OTP requests in an API endpoint. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endpoint which could lead to the OTP bombing/flooding on the targeted system. | ||||
| CVE-2025-30016 | 2026-04-15 | 9.8 Critical | ||
| SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application. | ||||
| CVE-2025-3002 | 2026-04-15 | 7.3 High | ||
| A vulnerability, which was classified as critical, has been found in Digital China DCME-520 up to 20250320. This issue affects some unknown processing of the file /usr/local/WWW/function/audit/newstatistics/mon_merge_stat_hist.php. The manipulation of the argument type_name leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | ||||
| CVE-2025-30015 | 2026-04-15 | 4.1 Medium | ||
| Due to incorrect memory address handling in ABAP SQL of SAP NetWeaver and ABAP Platform (Application Server ABAP), an authenticated attacker with high privileges could execute certain forms of SQL queries leading to manipulation of content in the output variable. This vulnerability has a low impact on the confidentiality, integrity and the availability of the application. | ||||
| CVE-2025-30017 | 1 Sap | 1 Solution Manager | 2026-04-15 | 4.4 Medium |
| Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application. | ||||
| CVE-2025-3003 | 1 Esafenet | 1 Cdg | 2026-04-15 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Affected is an unknown function of the file /CDGServer3/UserAjax. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-30033 | 2026-04-15 | 7.8 High | ||
| The affected setup component is vulnerable to DLL hijacking. This could allow an attacker to execute arbitrary code when a legitimate user installs an application that uses the affected setup component. | ||||
| CVE-2025-30038 | 1 Microsoft | 1 Windows | 2026-04-15 | N/A |
| The vulnerability consists of a session ID leak when saving a file downloaded from CGM CLININET. The identifier is exposed through a built-in Windows security feature that stores additional metadata in an NTFS alternate data stream (ADS) for all files downloaded from potentially untrusted sources. | ||||
| CVE-2025-30039 | 1 Cgm | 1 Clininet | 2026-04-15 | N/A |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. | ||||