Export limit exceeded: 12812 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (357114 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30519 | 1 Doverfuelingsolutions | 1 Progauge Maglink Lx Console | 2026-04-15 | 9.8 Critical |
| Dover Fueling Solutions ProGauge MagLink LX4 Devices have default root credentials that cannot be changed through standard administrative means. An attacker with network access to the device can gain administrative access to the system. | ||||
| CVE-2025-9148 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-9150 | 1 Surbowl | 1 Dormitory-management-php | 2026-04-15 | 7.3 High |
| A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote location. The exploit is publicly available and might be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-9427 | 2 Lemonsoft, Wordpress | 2 Wordpress Add-on, Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Lemonsoft WordPress add on allows Cross-Site Scripting (XSS).This issue affects WordPress add on: 2025.7.1. | ||||
| CVE-2025-9639 | 2026-04-15 | 7.5 High | ||
| The QbiCRMGateway developed by Ai3 has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. | ||||
| CVE-2025-9604 | 2026-04-15 | 3.7 Low | ||
| A vulnerability was identified in coze-studio up to 0.2.4. The impacted element is an unknown function of the file backend/domain/plugin/encrypt/aes.go. The manipulation of the argument AuthSecretKey/StateSecretKey/OAuthTokenSecretKey leads to use of hard-coded cryptographic key . It is possible to initiate the attack remotely. The attack is considered to have high complexity. The exploitability is regarded as difficult. To fix this issue, it is recommended to deploy a patch. The vendor replied to the GitHub issue (translated from simplified Chinese): "For scenarios requiring encryption, we will implement user-defined key management through configuration and optimize the use of encryption tools, such as random salt." | ||||
| CVE-2025-9996 | 1 Schneider-electric | 1 Blmon | 2026-04-15 | N/A |
| CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session. | ||||
| CVE-2025-9951 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-15 | N/A |
| A heap-buffer-overflow write exists in jpeg2000dec FFmpeg which allows an attacker to potentially gain remote code execution or cause denial of service via the channel definition cdef atom of JPEG2000. | ||||
| CVE-2025-32816 | 2026-04-15 | 3.1 Low | ||
| CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity. | ||||
| CVE-2025-31713 | 2026-04-15 | 8.4 High | ||
| In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31714 | 2026-04-15 | 6.8 Medium | ||
| In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-32408 | 1 Soffid | 1 Iam | 2026-04-15 | 2.5 Low |
| In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. | ||||
| CVE-2025-9648 | 1 Civetweb Project | 1 Civetweb | 2026-04-15 | 5.3 Medium |
| A vulnerability in the CivetWeb library's function mg_handle_form_request allows remote attackers to trigger a denial of service (DoS) condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multiple malicious requests will result in complete CPU exhaustion and render the service unresponsive to further requests. This issue was fixed in commit 782e189. This issue affects only the library, standalone executable pre-built by vendor is not affected. | ||||
| CVE-2025-9903 | 1 Canon | 5 Generic Plus Lips4 Printer Driver, Generic Plus Lipslx Printer Driver, Generic Plus Pcl6 Printer Driver and 2 more | 2026-04-15 | 5.9 Medium |
| Out-of-bounds write vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | ||||
| CVE-2025-9974 | 1 Nokia | 1 Nokia Ont | 2026-04-15 | 8 High |
| The unified WEBUI application of the ONT/Beacon device contains an input handling flaw that allows authenticated users to trigger unintended system-level command execution. Due to insufficient validation of user-supplied data, a low-privileged authenticated attacker may be able to execute arbitrary commands on the underlying ONT/Beacon operating system, potentially impacting the confidentiality, integrity, and availability of the device. | ||||
| CVE-2025-52207 | 2026-04-15 | 9.9 Critical | ||
| PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory. | ||||
| CVE-2025-62613 | 1 Vdoninja | 1 Vdo.ninja | 2026-04-15 | N/A |
| VDO.Ninja is a tool that brings remote video feeds into OBS or other studio software via WebRTC. From versions 28.0 to before 28.4, a reflected Cross-Site Scripting (XSS) vulnerability exists on examples/control.html through the room parameter, which is improperly sanitized before being rendered in the DOM. The application fails to validate and encode user input, allowing malicious scripts to be injected and executed. This issue has been patched in version 28.4. | ||||
| CVE-2025-32992 | 2026-04-15 | 8.5 High | ||
| Thermo Fisher Scientific ePort through 3.0.0 has Incorrect Access Control. | ||||
| CVE-2020-36913 | 1 All-dynamics | 1 Digital Signage System | 2026-04-15 | 5.3 Medium |
| All-Dynamics Software enlogic:show 2.0.2 contains a session fixation vulnerability that allows attackers to set a predefined PHP session identifier during the login process. Attackers can forge HTTP GET requests to welcome.php with a manipulated session token to bypass authentication and potentially execute cross-site request forgery attacks. | ||||
| CVE-2020-36914 | 1 Qihang Media | 1 Web Digital Signage | 2026-04-15 | 7.5 High |
| QiHang Media Web Digital Signage 3.0.9 contains a sensitive information disclosure vulnerability that allows remote attackers to intercept user authentication credentials through cleartext cookie transmission. Attackers can perform man-in-the-middle attacks to capture and potentially misuse stored authentication credentials transmitted in an insecure manner. | ||||