Export limit exceeded: 353348 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (353348 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3090 | 2026-04-15 | 8.2 High | ||
| An unauthenticated remote attacker can obtain limited sensitive information and/or DoS the device due to missing authentication for critical function. | ||||
| CVE-2025-30900 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zoho Subscriptions Zoho Billing – Embed Payment Form allows Stored XSS. This issue affects Zoho Billing – Embed Payment Form: from n/a through 4.0. | ||||
| CVE-2025-3091 | 2026-04-15 | 7.5 High | ||
| An low privileged remote attacker in possession of the second factor for another user can login as that user without knowledge of the other user`s password. | ||||
| CVE-2025-3096 | 2026-04-15 | N/A | ||
| Clinic’s Patient Management System versions 2.0 suffers from a SQL injection vulnerability in the login page. | ||||
| CVE-2025-31119 | 2026-04-15 | 7.7 High | ||
| generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath and also has access to these REST interface for calling the mentioned REST endpoints, using these lines of code can lead to unintended remote code execution. This vulnerability is fixed in 5.9.1. | ||||
| CVE-2025-3112 | 2026-04-15 | 6.5 Medium | ||
| CWE-400: Uncontrolled Resource Consumption vulnerability exists that could cause Denial of Service when an authenticated malicious user sends manipulated HTTPS Content-Length header to the webserver. | ||||
| CVE-2025-31122 | 2026-04-15 | N/A | ||
| scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field. | ||||
| CVE-2025-3113 | 2026-04-15 | N/A | ||
| A valid, authenticated user with sufficient privileges and who is aware of Continuous Compliance’s internal database configurations can leverage the application’s built-in Connector functionality to access Continuous Compliance’s internal database. This allows the user to explore the internal database schema and export its data, including the properties of Connecters and Rule Sets. | ||||
| CVE-2025-31128 | 2026-04-15 | N/A | ||
| gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7. | ||||
| CVE-2025-31129 | 2026-04-15 | 8.8 High | ||
| Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x). | ||||
| CVE-2025-31127 | 2026-04-15 | 5.3 Medium | ||
| Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4. | ||||
| CVE-2025-31132 | 2026-04-15 | 8.1 High | ||
| Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10. | ||||
| CVE-2025-31135 | 2026-04-15 | 5.3 Medium | ||
| Go-Guerrilla SMTP Daemon is a lightweight SMTP server written in Go. Prior to 1.6.7, when ProxyOn is enabled, the PROXY command will be accepted multiple times, with later invocations overriding earlier ones. The proxy protocol only supports one initial PROXY header; anything after that is considered part of the exchange between client and server, so the client is free to send further PROXY commands with whatever data it pleases. go-guerrilla will treat these as coming from the reverse proxy, allowing a client to spoof its IP address. This vulnerability is fixed in 1.6.7. | ||||
| CVE-2025-31137 | 2026-04-15 | 7.5 High | ||
| React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the URL used in an incoming Request by putting a URL pathname in the port section of a URL that is part of a Host or X-Forwarded-Host header sent to a Remix/React Router request handler. This issue has been patched and released in Remix 2.16.3 and React Router 7.4.1. | ||||
| CVE-2025-3114 | 2026-04-15 | N/A | ||
| Code Execution via Malicious Files: Attackers can create specially crafted files with embedded code that may execute without adequate security validation, potentially leading to system compromise. Sandbox Bypass Vulnerability: A flaw in the TERR security mechanism allows attackers to bypass sandbox restrictions, enabling the execution of untrusted code without appropriate controls. | ||||
| CVE-2025-31144 | 2026-04-15 | N/A | ||
| Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running. | ||||
| CVE-2025-31146 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2026-04-15 | 6.1 Medium |
| Time-of-check time-of-use race condition for some Intel Ethernet Adapter Complete Driver Pack software before version 1.5.1.0 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via adjacent access when attack requirements are not present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-3116 | 2026-04-15 | 6.5 Medium | ||
| CWE-20: Improper Input Validation vulnerability exists that could cause Denial of Service when an authenticated malicious user sends special malformed HTTPS request containing improper formatted body data to the controller. | ||||
| CVE-2025-31160 | 1 Atop Project | 1 Atop | 2026-04-15 | 2.9 Low |
| atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop. | ||||
| CVE-2025-31165 | 2026-04-15 | N/A | ||
| Cross-Site Scripting (XSS) vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature. | ||||