Export limit exceeded: 364271 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364271 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31456 | 2026-04-15 | 5.4 Medium | ||
| There is an SSRF vulnerability in the Fluid Topics platform that affects versions prior to 4.3, where the server can be forced to make arbitrary requests to internal and external resources by an authenticated user. | ||||
| CVE-2023-31585 | 2026-04-15 | 9.8 Critical | ||
| Grocery-CMS-PHP-Restful-API v1.3 is vulnerable to File Upload via /admin/add-category.php. | ||||
| CVE-2023-31854 | 2026-04-15 | N/A | ||
| std::bad_alloc is mishandled in Precomp 0.4.8. NOTE: this is disputed because it should be categorized as a usability problem. | ||||
| CVE-2025-27812 | 1 Msi | 1 Center | 2026-04-15 | 8.1 High |
| MSI Center before 2.0.52.0 allows TOCTOU Local Privilege Escalation. | ||||
| CVE-2023-31889 | 1 Asus | 1 Asus Firmware | 2026-04-15 | 5.5 Medium |
| An issue discovered in httpd in ASUS RT-AC51U with firmware version up to and including 3.0.0.4.380.8591 allows local attackers to cause a denial of service via crafted GET request. | ||||
| CVE-2025-27813 | 2026-04-15 | 8.1 High | ||
| MSI Center before 2.0.52.0 has Missing PE Signature Validation. | ||||
| CVE-2023-32120 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Bob Hostel allows DOM-Based XSS.This issue affects Hostel: from n/a through 1.1.5.1. | ||||
| CVE-2023-32129 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Sparkle WP Editorialmag editorialmag.This issue affects Editorialmag: from n/a through 1.1.9. | ||||
| CVE-2023-32188 | 1 Neuvector | 1 Neuvector | 2026-04-15 | N/A |
| A user can reverse engineer the JWT token (JSON Web Token) used in authentication for Manager and API access, forging a valid NeuVector Token to perform malicious activity in NeuVector. This can lead to an RCE. | ||||
| CVE-2023-32189 | 2026-04-15 | 5.9 Medium | ||
| Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys | ||||
| CVE-2023-32190 | 1 Suse | 1 Opensuse Tumbleweed | 2026-04-15 | 7.8 High |
| mlocate's %post script allows RUN_UPDATEDB_AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. | ||||
| CVE-2023-32191 | 1 Suse | 1 Rke | 2026-04-15 | 9.9 Critical |
| When RKE provisions a cluster, it stores the cluster state in a configmap called `full-cluster-state` inside the `kube-system` namespace of the cluster itself. The information available in there allows non-admin users to escalate to admin. | ||||
| CVE-2023-32192 | 1 Kubernetes | 1 Apiserver | 2026-04-15 | 8.3 High |
| A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in the API Server's public API endpoint can be exploited, allowing an attacker to execute arbitrary JavaScript code in the victim browser | ||||
| CVE-2023-32193 | 1 Rancher | 1 Norman | 2026-04-15 | 8.3 High |
| A vulnerability has been identified in which unauthenticated cross-site scripting (XSS) in Norman's public API endpoint can be exploited. This can lead to an attacker exploiting the vulnerability to trigger JavaScript code and execute commands remotely. | ||||
| CVE-2023-32194 | 1 Rancher | 1 Rancher | 2026-04-15 | 7.2 High |
| A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | ||||
| CVE-2023-32196 | 1 Rancher | 1 Rancher | 2026-04-15 | 6.6 Medium |
| A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. | ||||
| CVE-2023-32199 | 1 Suse | 1 Rancher | 2026-04-15 | 4.3 Medium |
| A vulnerability has been identified within Rancher Manager, where after removing a custom GlobalRole that gives administrative access or the corresponding binding, the user still retains access to clusters. This only affects custom Global Roles that have a * on * in * rule for resources or have a * on * rule for non-resource URLs | ||||
| CVE-2023-32228 | 2026-04-15 | 4.6 Medium | ||
| A firmware bug which may lead to misinterpretation of data in the AMC2-4WCF and AMC2-2WCF allowing an adversary to grant access to the last authorized user. | ||||
| CVE-2023-32244 | 1 Xtemos | 1 Woodmart Core | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in xtemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36. | ||||
| CVE-2023-32259 | 2026-04-15 | 6.5 Medium | ||
| Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X (SMAX), OpenText™ Asset Management X (AMX) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X (SMAX) versions 2020.05, 2020.08, 2020.11, 2021.02, 2021.05, 2021.08, 2021.11, 2022.05, 2022.11; and Asset Management X (AMX) versions 2021.08, 2021.11, 2022.05, 2022.11. | ||||