Export limit exceeded: 362462 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (362462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-6571 2 Axis, Axis Communications Ab 2 Axis Os, Axis Os 2026-04-15 6 Medium
A 3rd-party component exposed its password in process arguments, allowing for low-privileged users to access it.
CVE-2025-64772 1 Sony 1 Inzone Hub 2026-04-15 N/A
The installer of INZONE Hub 1.0.10.3 to 1.0.17.0 contains an issue with the DLL search path, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privilege of the user invoking the installer.
CVE-2025-61962 1 Fetchmail 1 Fetchmail 2026-04-15 5.9 Medium
In fetchmail before 6.5.6, the SMTP client can crash when authenticating upon receiving a 334 status code in a malformed context.
CVE-2025-5742 2026-04-15 5.4 Medium
CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an authenticated user modifies configuration parameters on the web server
CVE-2025-54575 1 Sixlabors 1 Imagesharp 2026-04-15 5.3 Medium
ImageSharp is a 2D graphics library. In versions below 2.1.11 and 3.0.0 through 3.1.10, a specially crafted GIF file containing a malformed comment extension block (with a missing block terminator) can cause the ImageSharp GIF decoder to enter an infinite loop while attempting to skip the block. This leads to a denial of service. Applications processing untrusted GIF input should upgrade to a patched version. This issue is fixed in versions 2.1.11 and 3.1.11.
CVE-2025-54572 1 Saml-toolkits 1 Ruby-saml 2026-04-15 N/A
The Ruby SAML library is for implementing the client side of a SAML authorization. In versions 1.18.0 and below, a denial-of-service vulnerability exists in ruby-saml even with the message_max_bytesize setting configured. The vulnerability occurs because the SAML response is validated for Base64 format prior to checking the message size, leading to potential resource exhaustion. This is fixed in version 1.18.1.
CVE-2025-54430 1 Dedupeio 1 Dedupe 2026-04-15 9.1 Critical
dedupe is a python library that uses machine learning to perform fuzzy matching, deduplication and entity resolution quickly on structured data. Before commit 3f61e79, a critical severity vulnerability has been identified within the .github/workflows/benchmark-bot.yml workflow, where a issue_comment can be triggered using the @benchmark body. This workflow is susceptible to exploitation as it checkout the ${{ github.event.issue.number }}, which correspond to the branch of the PR manipulated by potentially malicious actors, and where untrusted code may be executed. Running untrusted code may lead to the exfiltration of GITHUB_TOKEN, which in this workflow has write permissions on most of the scopes - in particular the contents one - and could lead to potential repository takeover. This is fixed by commit 3f61e79.
CVE-2025-53022 1 Trustedfirmware 1 Trusted Firmware-m 2026-04-15 8.6 High
TrustedFirmware-M (aka Trusted Firmware for M profile Arm CPUs) before 2.1.3 and 2.2.x before 2.2.1 lacks length validation during a firmware upgrade. While processing a new image, the Firmware Upgrade (FWU) module does not validate the length field of the Type-Length-Value (TLV) structure for dependent components against the maximum allowed size. If the length specified in the TLV exceeds the size of the buffer allocated on the stack, the FWU module will overwrite the buffer (and potentially other stack data) with the TLV's value content. An attacker could exploit this by crafting a malicious TLV entry in the unprotected section of the MCUBoot upgrade image. By setting the length field to exceed the expected structure size, the attacker can manipulate the stack memory of the system during the upgrade process.
CVE-2025-49642 1 Zabbix 1 Zabbix-agent 2026-04-15 N/A
Library loading on AIX Zabbix Agent builds can be hijacked by local users with write access to the /home/cecuser directory.
CVE-2025-46811 1 Suse 1 Manager 2026-04-15 9.8 Critical
A Missing Authorization vulnerability in SUSE Linux Manager allows anyone with the ability to connect to port 443 of SUSE Manager is able to run any command as root on any client. This issue affects Container suse/manager/5.0/x86_64/server:5.0.5.7.30.1: from ? before 5.0.27-150600.3.33.1; Image SLES15-SP4-Manager-Server-4-3-BYOS: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2: from ? before 4.3.87-150400.3.110.2; Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE: from ? before 4.3.87-150400.3.110.2; SUSE Manager Server Module 4.3: from ? before 4.3.87-150400.3.110.2.
CVE-2025-4681 2026-04-15 N/A
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Abuse.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-4680 2026-04-15 N/A
Improper Input Validation vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects upKeeper Instant Privilege Access: before 1.4.0.
CVE-2025-4424 1 Insyde 1 Insydeh2o 2026-04-15 6 Medium
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home
CVE-2025-4421 1 Insyde 1 Insydeh2o 2026-04-15 8.2 High
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home
CVE-2025-42990 2026-04-15 3 Low
Unprotected SAPUI5 applications allow an attacker with basic privileges to inject malicious HTML code into a webpage, with the goal of redirecting users to the attacker controlled URL. This issue could impact the integrity of the application. Confidentiality or Availability are not impacted.
CVE-2025-42987 2026-04-15 4.3 Medium
SAP Manage Processing Rules (For Bank Statement) allows an attacker with basic privileges to edit shared rules of any user by tampering the request parameter. Due to missing authorization check, the attacker can edit rules that should be restricted, compromising the integrity of the application.
CVE-2025-42940 1 Sap 1 Commoncryptolib 2026-04-15 7.5 High
SAP CommonCryptoLib does not perform necessary boundary checks during pre-authentication parsing of manipulated ASN.1 data over the network. This may result in memory corruption followed by an application crash, hence leading to a high impact on availability. There is no impact on confidentiality or integrity.
CVE-2025-42924 1 Sap 2 E-recruiting, S4hana 2026-04-15 6.1 Medium
SAP S/4HANA landscape SAP E-Recruiting BSP allows an unauthenticated attacker to craft malicious links, when clicked the victim could be redirected to the page controlled by the attacker. This has low impact on confidentiality and integrity of the application with no impact on availability.
CVE-2025-42919 1 Sap 1 Netweaver Application Server Java 2026-04-15 5.3 Medium
Due to an Information Disclosure vulnerability in SAP NetWeaver Application Server Java, internal metadata files could be accessed via manipulated URLs. An unauthenticated attacker could exploit this vulnerability by inserting arbitrary path components in the request, allowing unauthorized access to sensitive application metadata. This results in a partial compromise of the confidentiality of the information without affecting the integrity or availability of the application server.
CVE-2025-42897 1 Sap 1 Business One 2026-04-15 5.3 Medium
Due to information disclosure vulnerability in anonymous API provided by SAP Business One (SLD), an attacker with normal user access could gain access to unauthorized information. As a result, it has a low impact on the confidentiality of the application but no impact on the integrity and availability.