Export limit exceeded: 26449 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26449 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-11153 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users.
CVE-2025-43986 1 Kuwfi 1 Gc111 2026-04-15 9.8 Critical
An issue was discovered on KuWFi GC111 GC111-GL-LM321_V3.0_20191211 devices. The TELNET service is enabled by default and exposed over the WAN interface without authentication.
CVE-2025-44017 3 Apple, Google, Gunosy 3 Ios, Android, Gunosy 2026-04-15 N/A
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
CVE-2025-62994 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in WP Messiah WP AI CoPilot ai-co-pilot-for-wp allows Retrieve Embedded Sensitive Data.This issue affects WP AI CoPilot: from n/a through <= 1.2.7.
CVE-2025-46552 2026-04-15 N/A
KHC-INVITATION-AUTOMATION is a GitHub automation script that automatically invites followers of a bot account to join your organization. In some commits on version 1.2, a vulnerability was identified where user data, including email addresses and Discord usernames, were exposed in API responses without proper access controls. This allowed unauthorized users to access sensitive user information by directly calling specific endpoints. This issue has been patched in a later commit on version 1.2.
CVE-2025-62979 1 Wordpress 1 Wordpress 2026-04-15 5.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through <= 3.3.4.
CVE-2024-11084 1 Perforce 1 Helix Alm 2026-04-15 N/A
Helix ALM prior to 2025.1 returns distinct error responses during authentication, allowing an attacker to determine whether a username exists.
CVE-2025-60892 2 Microsoft, Raspberrypi 2 Windows, Imager 2026-04-15 6.8 Medium
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. The imager's 'public-key authentication' setting unintentionally re-adds a user's id_rsa.pub key from their local Windows machine to the authorized_keys file on the Raspberry Pi, even after the user explicitly deletes the key from the user interface. This creates an unintended attack surface, as it could allow an attacker to use a different key than the intended one to login to the device.
CVE-2025-47282 2026-04-15 N/A
Gardener External DNS Management is an environment to manage external DNS entries for a kubernetes cluster. A security vulnerability was discovered in Gardener's External DNS Management prior to version 0.23.6 that could allow a user with administrative privileges for a Gardener project or a user with administrative privileges for a shoot cluster, including administrative privileges for a single namespace of the shoot cluster, to obtain control over the seed cluster where the shoot cluster is managed. This CVE affects all Gardener installations no matter of the public cloud provider(s) used for the seed clusters/shoot clusters. The affected component is `gardener/external-dns-management`. The `external-dns-management` component may also be deployed on the seeds by the `gardener/gardener-extension-shoot-dns-service` extension when the extension is enabled. In this case, all versions of the `shoot-dns-service` extension `<= v1.60.0` are affected by this vulnerability. Version 0.23.6 of Gardener External DNS Management fixes the issue.
CVE-2025-47288 2026-04-15 3.5 Low
Discourse Policy plugin gives the ability to confirm users have seen or done something. Prior to version 0.1.1, if there was a policy posted to a public topic that was tied to a private group then the group members could be shown to non-group members. This issue has been patched in version 0.1.1. A workaround involves moving any policy topics with private groups to restricted categories.
CVE-2024-0793 1 Redhat 1 Openshift 2026-04-15 7.7 High
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
CVE-2024-0710 2 Gravity Wiz, Wordpress 2 Gp Unique Id, Wordpress 2026-04-15 5.3 Medium
The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.
CVE-2025-48015 2026-04-15 3.7 Low
Failed login response could be different depending on whether the username was local or central.
CVE-2025-48045 2026-04-15 N/A
An unauthenticated HTTP GET request to the /client.php endpoint will disclose the default administrator user credentials.
CVE-2024-0127 1 Nvidia 2 Cloud Gaming Virtual Gpu, Virtual Gpu Manager 2026-04-15 7.8 High
NVIDIA vGPU software contains a vulnerability in the GPU kernel driver of the vGPU Manager for all supported hypervisors, where a user of the guest OS can cause an improper input validation by compromising the guest OS kernel. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure.
CVE-2024-0126 1 Nvidia 3 Cloud Gaming Virtual Gpu, Gpu Display Driver, Virtual Gpu Manager 2026-04-15 8.2 High
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
CVE-2024-0112 2026-04-15 7.5 High
NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege.
CVE-2025-62026 2 Blockspare, Wordpress 2 Blockspare, Wordpress 2026-04-15 4.3 Medium
Insertion of Sensitive Information Into Sent Data vulnerability in Blockspare Blockspare blockspare allows Retrieve Embedded Sensitive Data.This issue affects Blockspare: from n/a through <= 3.2.13.2.
CVE-2025-48464 1 Duckduckgo 1 Duckduckgo 2026-04-15 4.7 Medium
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information.
CVE-2025-48490 2026-04-15 N/A
Laravel Rest Api is an API generator. Prior to version 2.13.0, a validation bypass vulnerability was discovered where multiple validations defined for the same attribute could be silently overridden. Due to how the framework merged validation rules across multiple contexts (such as index, store, and update actions), malicious actors could exploit this behavior by crafting requests that bypass expected validation rules, potentially injecting unexpected or dangerous parameters into the application. This could lead to unauthorized data being accepted or processed by the API, depending on the context in which the validation was bypassed. This issue has been patched in version 2.13.0.