Export limit exceeded: 10734 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (10734 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-25037 2026-04-15 N/A
An information disclosure vulnerability exists in Aquatronica Controller System firmware versions <= 5.1.6 and web interface versions <= 2.0. The tcp.php endpoint fails to restrict unauthenticated access, allowing remote attackers to issue crafted POST requests and retrieve sensitive configuration data, including plaintext administrative credentials. Exploitation of this flaw can lead to full compromise of the system, enabling unauthorized manipulation of connected devices and aquarium parameters.
CVE-2025-26167 2026-04-15 7.5 High
Buffalo LS520D 4.53 is vulnerable to Arbitrary file read, which allows unauthenticated attackers to access the NAS web UI and read arbitrary internal files.
CVE-2025-26263 2026-04-15 5.1 Medium
GeoVision ASManager Windows desktop application with the version 6.1.2.0 or less (fixed in 6.2.0), is vulnerable to credentials disclosure due to improper memory handling in the ASManagerService.exe process.
CVE-2025-27615 2026-04-15 8.2 High
umatiGateway is software for connecting OPC Unified Architecture servers with an MQTT broker utilizing JSON messages. The user interface may possibly be publicly accessible with umatiGateway's provided docker-compose file. With this access, the configuration can be viewed and altered. Commit 5d81a3412bc0051754a3095d89a06d6d743f2b16 uses `127.0.0.1:8080:8080` to limit access to the local network. For those who are unable to use this proposed patch, a firewall on Port 8080 may block remote access, but the workaround may not be perfect because Docker may also bypass a firewall by its iptable based rules for port forwarding.
CVE-2025-2882 2026-04-15 5.3 Medium
The GreenPay(tm) by Green.Money plugin for WordPress is vulnerable to Sensitive Information Exposure in versions between 3.0.0 and 3.0.9 through the publicly accessible phpinfo.php script. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed file.
CVE-2025-31127 2026-04-15 5.3 Medium
Element X Android is a Matrix Android Client provided by element.io. In Element X Android versions between 0.4.16 and 25.03.3, the entity in control of the element.json well-known file is able, under certain conditions, to get access to the media encryption keys used for an Element Call call. This vulnerability is fixed in 25.03.4.
CVE-2025-9381 1 Fnkvision 1 Y215 Cctv Camera 2026-04-15 1.6 Low
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8915 1 Kiloview 1 N30 2026-04-15 N/A
Hardcoded TLS private key and certificate in firmware in Kiloview N30 2.02.246 allows malicious adversary to do a Mann-in-the-middle attack via the network
CVE-2025-8305 1 Checkpoint 1 Identity Agent 2026-04-15 6.5 Medium
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files.
CVE-2025-36759 1 Solax 1 Solax Cloud 2026-04-15 N/A
Through the provision of user names, SolaX Cloud will suggest (similar) user accounts and thereby leak sensitive information such as user email addresses and phone numbers.
CVE-2025-8304 2 Checkpoint, Microsoft 2 Identity Agent, Windows 2026-04-15 6.5 Medium
An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being accessible in the Windows Registry keys for Check Point Identity Agent running on a Terminal Server.
CVE-2025-37165 1 Hpe 1 Aruba Instant On 2026-04-15 7.5 High
A vulnerability in the router mode configuration of HPE Instant On Access Points exposed certain network configuration details to unintended interfaces. A malicious actor could gain knowledge of internal network configuration details through inspecting impacted packets.
CVE-2025-3851 2026-04-15 4.3 Medium
The Download Manager and Payment Form WordPress Plugin – WP SmartPay plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions 1.1.0 to 2.7.13 via the show() function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view other user's data like email address, name, and notes.
CVE-2025-7426 1 Minova 1 Tta 2026-04-15 N/A
Information disclosure and exposure of authentication FTP credentials over the debug port 1604 in the MINOVA TTA service. This allows unauthenticated remote access to an active FTP account containing sensitive internal data and import structures. In environments where this FTP server is part of automated business processes (e.g. EDI or data integration), this could lead to data manipulation, extraction, or abuse.  Debug ports 1602, 1603 and 1636 also expose service architecture information and system activity logs
CVE-2025-40645 1 Viday 1 Viday 2026-04-15 N/A
Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter.
CVE-2023-29114 2026-04-15 5.7 Medium
System logs could be accessed through web management application due to a lack of access control. An attacker can obtain the following sensitive information: •     Wi-Fi access point credentials to which the EV charger can connect. •     APN web address and credentials. •     IPSEC credentials. •     Web interface access credentials for user and admin accounts. •     JuiceBox system components (software installed, model, firmware version, etc.). •     C2G configuration details. •     Internal IP addresses. •     OTA firmware update configurations (DNS servers). All the credentials are stored in logs in an unencrypted plaintext format.
CVE-2025-49824 2026-04-15 N/A
conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.
CVE-2025-62699 1 Mediawiki 2 Checkuser, Mediawiki 2026-04-15 N/A
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent making these edits un-auditable via the CheckUser tool.This issue affects Mediawiki - Translate Extension: from master before 1.39.
CVE-2022-28693 1 Redhat 4 Enterprise Linux, Rhel Eus, Rhel Extras Rt and 1 more 2026-04-15 4.7 Medium
Unprotected alternative channel of return branch target prediction in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local access.
CVE-2025-4426 1 Insyde 1 Insydeh2o 2026-04-15 6 Medium
The vulnerability was identified in the code developed specifically for Lenovo. Please visit "Lenovo Product Security Advisories and Announcements" webpage for more information about the vulnerability.  https://support.lenovo.com/us/en/product_security/home