Export limit exceeded: 25895 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25895 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-2384 | 1 Microsoft | 1 Internet Explorer | 2026-04-16 | N/A |
| Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to conduct spoofing and phishing attacks by using a modal browser window in a way that preserves the original address bar and trusted UI of a trusted site, even after the browser has been navigated to a malicious site, aka the "Address Bar Spoofing Vulnerability." | ||||
| CVE-2004-1928 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2026-04-16 | N/A |
| The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attackers to upload and possibly execute arbitrary files via the img/wiki_up URL. | ||||
| CVE-2004-1777 | 1 Skype Technologies | 1 Skype | 2026-04-16 | N/A |
| A "range check error" in Skype for Windows before 0.98.0.28 allows local and remote attackers to cause a denial of service (application crash) via long command line arguments or a long callto:// URL, a different vulnerability than CVE-2004-1114. | ||||
| CVE-2006-0340 | 1 Cisco | 1 Ios | 2026-04-16 | N/A |
| Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local network to cause a denial of service (device hang and network traffic loss) via a crafted UDP packet to port 9900. | ||||
| CVE-2004-1367 | 1 Oracle | 9 Application Server, Collaboration Suite, E-business Suite and 6 more | 2026-04-16 | N/A |
| Oracle 10g Database Server, when installed with a password that contains an exclamation point ("!") for the (1) DBSNMP or (2) SYSMAN user, generates an error that logs the password in the world-readable postDBCreation.log file, which could allow local users to obtain that password and use it against SYS or SYSTEM accounts, which may have been installed with the same password. | ||||
| CVE-2005-4836 | 1 Apache | 1 Tomcat | 2026-04-16 | N/A |
| The HTTP/1.1 connector in Apache Tomcat 4.1.15 through 4.1.40 does not reject NULL bytes in a URL when allowLinking is configured, which allows remote attackers to read JSP source files and obtain sensitive information. | ||||
| CVE-2026-28131 | 2 Wordpress, Wpvibes | 2 Wordpress, Elementor Addon Elements | 2026-04-16 | 6.5 Medium |
| Insertion of Sensitive Information Into Sent Data vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder allows Retrieve Embedded Sensitive Data.This issue affects Elementor Addon Elements: from n/a through <= 1.14.4. | ||||
| CVE-2026-34045 | 2 Linuxfoundation, Podman-desktop | 2 Podman Desktop, Podman-desktop | 2026-04-15 | 8.2 High |
| Podman Desktop is a graphical tool for developing on containers and Kubernetes. Prior to 1.26.2, an unauthenticated HTTP server exposed by Podman Desktop allows any network attacker to remotely trigger denial-of-service conditions and extract sensitive information. By abusing missing connection limits and timeouts, an attacker can exhaust file descriptors and kernel memory, leading to application crash or full host freeze. Additionally, verbose error responses disclose internal paths and system details (including usernames on Windows), aiding further exploitation. The issue requires no authentication or user interaction and is exploitable over the network. This vulnerability is fixed in 1.26.2. | ||||
| CVE-2026-24477 | 1 Mintplexlabs | 2 Anything-llm, Anythingllm | 2026-04-15 | 7.5 High |
| AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue. | ||||
| CVE-2026-1371 | 2 Themeum, Wordpress | 2 Tutor Lms, Wordpress | 2026-04-15 | 5.3 Medium |
| The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.9.5. This is due to missing authorization checks in the `ajax_coupon_details()` function, which only validates nonces but does not verify user capabilities. This makes it possible for authenticated attackers, with Subscriber-level access and above, to retrieve sensitive coupon information including coupon codes, discount amounts, usage statistics, and course/bundle applications. | ||||
| CVE-2019-8921 | 3 Bluez, Debian, Linux | 3 Bluez, Debian Linux, Linux Kernel | 2026-04-15 | 6.5 Medium |
| An issue was discovered in bluetoothd in BlueZ through 5.48. The vulnerability lies in the handling of a SVC_ATTR_REQ by the SDP implementation. By crafting a malicious CSTATE, it is possible to trick the server into returning more bytes than the buffer actually holds, resulting in leaking arbitrary heap data. The root cause can be found in the function service_attr_req of sdpd-request.c. The server does not check whether the CSTATE data is the same in consecutive requests, and instead simply trusts that it is the same. | ||||
| CVE-2018-20225 | 1 Pypa | 1 Pip | 2026-04-15 | 7.8 High |
| An issue was discovered in pip (all versions) because it installs the version with the highest version number, even if the user had intended to obtain a private package from a private index. This only affects use of the --extra-index-url option, and exploitation requires that the package does not already exist in the public index (and thus the attacker can put the package there with an arbitrary version number). NOTE: it has been reported that this is intended functionality and the user is responsible for using --extra-index-url securely | ||||
| CVE-2026-20606 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-15 | 7.1 High |
| This issue was addressed by removing the vulnerable code. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to bypass certain Privacy preferences. | ||||
| CVE-2026-20647 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| This issue was addressed with improved data protection. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20641 | 1 Apple | 7 Ios And Ipados, Ipados, Iphone Os and 4 more | 2026-04-15 | 7.1 High |
| A privacy issue was addressed with improved checks. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3, tvOS 26.3, visionOS 26.3, watchOS 26.3. An app may be able to identify what other apps a user has installed. | ||||
| CVE-2026-20682 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-15 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes. | ||||
| CVE-2026-20680 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-15 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data. | ||||
| CVE-2026-20681 | 1 Apple | 1 Macos | 2026-04-15 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | ||||
| CVE-2026-20678 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-15 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20619 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||