Export limit exceeded: 10442 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10442 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-20682 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-15 | 5.3 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker may be able to discover a user’s deleted notes. | ||||
| CVE-2026-20680 | 1 Apple | 4 Ios And Ipados, Ipados, Iphone Os and 1 more | 2026-04-15 | 5.5 Medium |
| The issue was addressed with additional restrictions on the observability of app states. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. A sandboxed app may be able to access sensitive user data. | ||||
| CVE-2026-20681 | 1 Apple | 1 Macos | 2026-04-15 | 3.3 Low |
| A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.3. An app may be able to access information about a user's contacts. | ||||
| CVE-2026-20678 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-15 | 5.5 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20619 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| A logging issue was addressed with improved data redaction. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20662 | 1 Apple | 1 Macos | 2026-04-15 | 4.6 Medium |
| An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Tahoe 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2026-20623 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| A permissions issue was addressed by removing the vulnerable code. This issue is fixed in macOS Tahoe 26.3. An app may be able to access protected user data. | ||||
| CVE-2026-20674 | 1 Apple | 3 Ios And Ipados, Ipados, Iphone Os | 2026-04-15 | 4.6 Medium |
| A privacy issue was addressed by removing sensitive data. This issue is fixed in iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user information. | ||||
| CVE-2026-20612 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| A privacy issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26.3. An app may be able to access sensitive user data. | ||||
| CVE-2026-20648 | 1 Apple | 1 Macos | 2026-04-15 | 5.5 Medium |
| A privacy issue was addressed by moving sensitive data to a protected location. This issue is fixed in macOS Tahoe 26.3. A malicious app may be able to access notifications from other iCloud devices. | ||||
| CVE-2026-1060 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The WP Adminify plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.7.7 via the /wp-json/adminify/v1/get-addons-list REST API endpoint. The endpoint is registered with permission_callback set to __return_true, allowing unauthenticated attackers to retrieve the complete list of available addons, their installation status, version numbers, and download URLs. | ||||
| CVE-2026-0950 | 2 Brainstormforce, Wordpress | 2 Spectra, Wordpress | 2026-04-15 | 5.3 Medium |
| The Spectra Gutenberg Blocks – Website Builder for the Block Editor plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.19.17. This is due to the plugin failing to check `post_password_required()` before rendering post excerpts in the `render_excerpt()` function and the `uagb_get_excerpt()` helper function. This makes it possible for unauthenticated attackers to read excerpts of password-protected posts by simply viewing any page that contains a Spectra Post Grid, Post Masonry, Post Carousel, or Post Timeline block. | ||||
| CVE-2026-21532 | 1 Microsoft | 1 Azure Functions | 2026-04-15 | 8.2 High |
| Azure Function Information Disclosure Vulnerability | ||||
| CVE-2026-0883 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 5.3 Medium |
| Information disclosure in the Networking component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7. | ||||
| CVE-2026-0888 | 1 Mozilla | 2 Firefox, Thunderbird | 2026-04-15 | 5.3 Medium |
| Information disclosure in the XML component. This vulnerability was fixed in Firefox 147 and Thunderbird 147. | ||||
| CVE-2026-1582 | 2 Soflyy, Wordpress | 2 Wp All Export – Drag & Drop Export To Any Custom Csv, Xml & Excel, Wordpress | 2026-04-15 | 3.7 Low |
| The WP All Export plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.14 via the export download endpoint. This is due to a PHP type juggling vulnerability in the security token comparison which uses loose comparison (==) instead of strict comparison (===). This makes it possible for unauthenticated attackers to bypass authentication using "magic hash" values when the expected MD5 hash prefix happens to be numeric-looking (matching pattern ^0e\d+$), allowing download of sensitive export files containing PII, business data, or database information. | ||||
| CVE-2026-0818 | 1 Mozilla | 1 Thunderbird | 2026-04-15 | 4.3 Medium |
| When a user explicitly requested Thunderbird to decrypt an inline OpenPGP message that was embedded in a text section of an email that was formatted and styled with HTML and CSS, then the decrypted contents were rendered in a context in which the CSS styles from the outer messages were active. If the user had additionally allowed loading of the remote content referenced by the outer email message, and the email was crafted by the sender using a combination of CSS rules and fonts and animations, then it was possible to extract the secret contents of the email. This vulnerability was fixed in Thunderbird 147.0.1 and Thunderbird 140.7.1. | ||||
| CVE-2026-21260 | 1 Microsoft | 11 365 Apps, Office, Office 2019 and 8 more | 2026-04-15 | 7.5 High |
| Exposure of sensitive information to an unauthorized actor in Microsoft Office Outlook allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-2295 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor – Starter Templates & Widgets | 2026-04-15 | 5.3 Medium |
| The WPZOOM Addons for Elementor – Starter Templates & Widgets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'ajax_post_grid_load_more' function in all versions up to, and including, 1.3.2. This makes it possible for unauthenticated attackers to retrieve protected (draft, future, pending) post titles and excerpts that should not be accessible to unauthenticated users. | ||||
| CVE-2026-2783 | 1 Mozilla | 3 Firefox, Firefox Esr, Thunderbird | 2026-04-15 | 6.5 Medium |
| Information disclosure due to JIT miscompilation in the JavaScript Engine: JIT component. This vulnerability was fixed in Firefox 148, Firefox ESR 140.8, Thunderbird 148, and Thunderbird 140.8. | ||||