Export limit exceeded: 351514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351514 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351514 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-41365 | 2026-04-15 | N/A | ||
| Code injection vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can be executed only with permissions higher than the view permission. | ||||
| CVE-2025-41366 | 2026-04-15 | N/A | ||
| In IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04, a configuration error has been detected in cross-origin resource sharing (CORS). Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission. | ||||
| CVE-2025-41650 | 2026-04-15 | 7.5 High | ||
| An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service. | ||||
| CVE-2025-41367 | 2026-04-15 | N/A | ||
| Stored Cross-Site Scripting (XSS) vulnerability in IDF v0.10.0-0C03-03 and ZLF v0.10.0-0C03-04. This vulnerability allows an attacker to store malicious JavaScript payload in software that will run in the victim's browser. Exploiting this vulnerability requires authenticating to the device and executing certain commands that can only be executed with permissions higher than the view permission. | ||||
| CVE-2025-41377 | 2026-04-15 | N/A | ||
| A SQL injection vulnerability has been found in Gandia Integra Total of TESI from version 2.1.2217.3 to v4.4.2236.1. The vulnerability allows an authenticated attacker to retrieve, create, update and delete databases through the 'idestudio' parameter in /encuestas/integraweb[_v4]/integra/html/view/consultacuotasred.php. | ||||
| CVE-2025-41378 | 2026-04-15 | N/A | ||
| The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function of the web panel. | ||||
| CVE-2025-41379 | 2026-04-15 | N/A | ||
| The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be deleted later, the system will use the JSON ID and therefore fail. This can be exploited by an attacker to create rules that cannot be deleted unless the device is reset to factory defaults. | ||||
| CVE-2025-41380 | 2026-04-15 | N/A | ||
| Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string. | ||||
| CVE-2025-41388 | 2026-04-15 | 7.8 High | ||
| Fuji Electric Smart Editor is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-41393 | 2026-04-15 | N/A | ||
| Reflected cross-site scripting vulnerability exists in the laser printers and MFPs (multifunction printers) which implement Ricoh Web Image Monitor. If exploited, an arbitrary script may be executed on the web browser of the user who accessed Web Image Monitor. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]. | ||||
| CVE-2025-41390 | 1 Trufflesecurity | 1 Trufflehog | 2026-04-15 | 7.8 High |
| An arbitrary code execution vulnerability exists in the git functionality of Truffle Security Co. TruffleHog 3.90.2. A specially crafted repository can lead to a arbitrary code execution. An attacker can provide a malicious respository to trigger this vulnerability. | ||||
| CVE-2025-41402 | 1 Gallagher | 1 Command Centre | 2026-04-15 | 5.5 Medium |
| Client-Side Enforcement of Server-Side Security (CWE-602) in the Command Centre Server allows a privileged operator to enter invalid competency data, bypassing expiry checks. This issue affects Command Centre Server: 9.30 prior to vEL9.30.2482 (MR2), 9.20 prior to vEL9.20.2819 (MR4), 9.10 prior to vEL9.10.3672 (MR7), all versions of 9.00 and prior. | ||||
| CVE-2025-41408 | 2 Google, Ly Corporation | 2 Android, Yahoo! Shopping App | 2026-04-15 | N/A |
| Improper authorization in handler for custom URL scheme issue in "Yahoo! Shopping" App for Android versions prior to 14.15.0 allows a remote unauthenticated attacker may lead a user to access an arbitrary website on the vulnerable App. As a result, the user may become a victim of a phishing attack. | ||||
| CVE-2025-41413 | 2026-04-15 | 7.8 High | ||
| Fuji Electric Smart Editor is vulnerable to an out-of-bounds write, which may allow an attacker to execute arbitrary code. | ||||
| CVE-2025-41418 | 2026-04-15 | 5.3 Medium | ||
| Buffer Overflow vulnerability exists in multiple versions of TB-eye network recorders and AHD recorders. The CGI process may be terminated abnormally by processing a specially crafted request. | ||||
| CVE-2025-41421 | 2 Microsoft, Teamviewer | 6 Windows, Full Client, Host and 3 more | 2026-04-15 | 4.7 Medium |
| Improper handling of symbolic links in the TeamViewer Full Client and Host for Windows — in versions prior to 15.70 of TeamViewer Remote and Tensor — allows an attacker with local, unprivileged access to a device lacking adequate malware protection to escalate privileges by spoofing the update file path. This may result in unauthorized access to sensitive information. | ||||
| CVE-2025-41426 | 2026-04-15 | 9.8 Critical | ||
| Affected Vertiv products contain a stack based buffer overflow vulnerability. An attacker could exploit this vulnerability to gain code execution on the device. | ||||
| CVE-2025-41427 | 1 Elecom | 3 Wrc-x3000gs, Wrc-x3000gsa, Wrc-x3000gsn | 2026-04-15 | N/A |
| WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN contain an improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability in Connection Diagnostics page. If a remote authenticated attacker sends a specially crafted request to the affected product, an arbitrary OS command may be executed. | ||||
| CVE-2025-41428 | 2026-04-15 | N/A | ||
| Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker. | ||||
| CVE-2025-41439 | 2026-04-15 | N/A | ||
| A reflected cross-site scripting vulnerability via a specific parameter exists in SLNX Help Documentation of RICOH Streamline NX. If this vulnerability is exploited, an arbitrary script may be executed in the web browser of the user who accessed the product. | ||||