Search Results (12017 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-4340 1 Redhat 5 Ansible Automation Platform, Openstack, Rhui and 2 more 2026-04-15 7.5 High
Passing a heavily nested list to sqlparse.parse() leads to a Denial of Service due to RecursionError.
CVE-2021-37577 2026-04-15 6.8 Medium
Bluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core Specifications 2.1 through 5.3 may permit an unauthenticated man-in-the-middle attacker to identify the Passkey used during pairing by reflection of a crafted public key with the same X coordinate as the offered public key and by reflection of the authentication evidence of the initiating device, potentially permitting this attacker to complete authenticated pairing with the responding device using the correct Passkey for the pairing session. This is a related issue to CVE-2020-26558.
CVE-2023-3285 2026-04-15 7.7 High
A BOLA vulnerability in POST /appointments allows a low privileged user to create an appointment for any user in the system (including admin). This results in unauthorized data manipulation.
CVE-2023-35123 2026-04-15 4.3 Medium
Uncaught exception in OpenBMC Firmware for some Intel(R) Server Platforms before versions egs-1.14-0, bhs-0.27 may allow an authenticated user to potentially enable denial of service via network access.
CVE-2020-37192 2 Password-solutions, Top Password Software 2 Office Password Recovery, Msn Password Recovery 2026-04-15 6.2 Medium
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
CVE-2021-47663 2026-04-15 8.1 High
Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access.
CVE-2024-41146 1 Gallagher 2 Controller 6000, Controller 7000 2026-04-15 4.6 Medium
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior.
CVE-2024-4032 2 Python, Redhat 6 Cpython, Enterprise Linux, Rhel Aus and 3 more 2026-04-15 7.5 High
The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and ipaddress.IPv6Network classes, where values wouldn’t be returned in accordance with the latest information from the IANA Special-Purpose Address Registries. CPython 3.12.4 and 3.13.0a6 contain updated information from these registries and thus have the intended behavior.
CVE-2024-40075 2026-04-15 4.3 Medium
Laravel v11.x was discovered to contain an XML External Entity (XXE) vulnerability.
CVE-2024-38660 2026-04-15 3.8 Low
Protection mechanism failure in the SPP for some Intel(R) Xeon(R) processor family (E-Core) may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-51803 1 Linuxserver 1 Heimdall Application Dashboard 2026-04-15 9.8 Critical
LinuxServer.io Heimdall before 2.5.7 does not prevent use of icons that have non-image data such as the "<?php ?>" substring.
CVE-2024-37881 1 Eg Secure Solutions 1 Siteguard 2026-04-15 5.3 Medium
SiteGuard WP Plugin provides a functionality to customize the path to the login page wp-login.php and implements a measure to avoid redirection from other URLs. However, SiteGuard WP Plugin versions prior to 1.7.7 missed to implement a measure to avoid redirection from wp-register.php. As a result, the customized path to the login page may be exposed.
CVE-2024-37305 1 Open Quantum Safe 1 Oqs Provider 2026-04-15 8.2 High
oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue.
CVE-2024-37234 2026-04-15 3.5 Low
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Kodezen Limited Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
CVE-2023-53958 1 Ltb-project 1 Ldap Tool Box Self Service Password 2026-04-15 7.5 High
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
CVE-2024-36242 1 Intel 1 Processors 2026-04-15 8.8 High
Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-36279 2026-04-15 5.3 Medium
Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle attack.
CVE-2022-26323 2026-04-15 N/A
Incorrect Use of Privileged APIs vulnerability in OpenText™ Operations Bridge Manager, OpenText™ Operations Bridge Suite (Containerized), OpenText™ UCMDB ( Classic and Containerized) allows Privilege Escalation.  The vulnerability could allow authenticated attackers to elevate user privileges. This issue affects Operations Bridge Manager: through 2021.05; Operations Bridge Suite (Containerized): through 2021.05; UCMDB ( Classic and Containerized): through 2021.05.
CVE-2024-35312 2026-04-15 6.2 Medium
In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards), aka TROVE-2024-003.
CVE-2024-35229 1 Matter-labs 1 Era-compiler-solidity 2026-04-15 5.3 Medium
ZKsync Era is a layer 2 rollup that uses zero-knowledge proofs to scale Ethereum. Prior to version 1.3.10, there is a very specific pattern `f(a(),b()); check_if_a_executed_last()` in Yul that exposes a bug in evaluation order of Yul function arguments. This vulnerability has been fixed in version 1.3.10. As a workaround, update and redeploy affected contracts.