Search Results (363299 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-10068 1 Flashfxp 1 Flashfxp 2026-04-15 7.8 High
A vulnerability was found in OpenSight Software FlashFXP 5.4.0.3970. It has been classified as critical. Affected is an unknown function in the library libcrypto-1_1.dll of the file FlashFXP.exe. The manipulation leads to uncontrolled search path. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-5346 2026-04-15 N/A
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.
CVE-2024-45101 1 Lenovo 1 Xclarity Administrator 2026-04-15 6.8 Medium
A privilege escalation vulnerability was discovered when Single Sign On (SSO) is enabled that could allow an attacker to intercept a valid, authenticated LXCA user’s XCC session if they can convince the user to click on a specially crafted URL.
CVE-2024-4540 1 Redhat 3 Build Keycloak, Red Hat Single Sign On, Rhosemc 2026-04-15 7.5 High
A flaw was found in Keycloak in OAuth 2.0 Pushed Authorization Requests (PAR). Client-provided parameters were found to be included in plain text in the KC_RESTART cookie returned by the authorization server's HTTP response to a `request_uri` authorization request, possibly leading to an information disclosure vulnerability.
CVE-2025-49006 1 Wasp 1 Wasp 2026-04-15 N/A
Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs before storing / fetching them. This behavior violates OAuth and OpenID Connect specifications and can result in user impersonation, account collisions, and privilege escalation. In practice, out of the OAuth providers that Wasp auth supports, only Keycloak is affected. Keycloak uses a lowercase UUID by default, but users can configure it to be case sensitive, making it affected. Google, GitHub, and Discord use numerical IDs, making them not affected. Users should update their Wasp version to `0.16.6` which has a fix for the problematic behavior. Users using Keycloak can work around the issue by not using a case sensitive user ID in their realm configuration.
CVE-2025-11820 3 Elementor, Iqonicdesign, Wordpress 3 Elementor, Graphina, Wordpress 2026-04-15 6.4 Medium
The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple chart widgets in all versions up to, and including, 3.1.8 due to insufficient input sanitization and output escaping on data attributes. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability affects multiple chart widgets including Area Chart, Line Chart, Column Chart, Donut Chart, Heatmap Chart, Radar Chart, Polar Chart, Pie Chart, Radial Chart, and Advance Data Table widgets.
CVE-2025-48496 1 Emerson 1 Valvelink 2026-04-15 5.1 Medium
Emerson ValveLink products use a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.
CVE-2025-48499 1 Fujifilm 8 Apeos 2150, Apeos 2350, Docuprint M115 W and 5 more 2026-04-15 5.3 Medium
Out-of-bounds write vulnerability exists in FUJIFILM Business Innovation MFPs. A specially crafted IPP (Internet Printing Protocol) or LPD (Line Printer Daemon) packet may cause a denial-of-service (DoS) condition on an affected MFP. Resetting the MFP is required to recover from the denial-of-service (DoS) condition.
CVE-2025-48501 2026-04-15 N/A
An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running.
CVE-2025-48503 1 Amd 24 Athlon 3000 Series Mobile Processors With Radeon Graphics, Placeholder, Radeon Pro W5000 Series and 21 more 2026-04-15 7.8 High
A DLL hijacking vulnerability in the AMD Software Installer could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution.
CVE-2025-48509 1 Amd 8 Epyc 7003 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 5 more 2026-04-15 N/A
Missing Checks in certain functions related to RMP initialization can allow a local admin privileged attacker to cause misidentification of I/O memory, potentially resulting in a loss of guest memory integrity
CVE-2024-23316 2026-04-15 N/A
HTTP request desynchronization in Ping Identity PingAccess, all versions prior to 8.0.1 affected allows an attacker to send specially crafted http header requests to create a request smuggling condition for proxied requests.
CVE-2025-48514 1 Amd 8 Epyc 7003 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 5 more 2026-04-15 N/A
Insufficient Granularity of Access Control in SEV firmware can allow a privileged attacker to create a SEV-ES Guest to attack SNP guest, potentially resulting in a loss of confidentiality.
CVE-2025-48515 1 Amd 5 Ryzen 5000 Series Desktop Processors, Ryzen 5000 Series Desktop Processors With Radeon Graphics, Ryzen 5000 Series Mobile Processors With Radeon Graphics and 2 more 2026-04-15 N/A
Insufficient parameter sanitization in AMD Secure Processor (ASP) Boot Loader could allow an attacker with access to SPIROM upgrade to overwrite the memory, potentially resulting in arbitrary code execution.
CVE-2024-23492 2026-04-15 5.7 Medium
A weak encoding is used to transmit credentials for WS203VICM.
CVE-2025-48518 1 Amd 9 Radeon Pro V710, Radeon Pro W7000 Series, Radeon Rx 7000 Series and 6 more 2026-04-15 N/A
Improper input validation in AMD Graphics Driver could allow a local attacker to write out of bounds, potentially resulting in loss of integrity or denial of service.
CVE-2025-52916 1 Yealink 1 Ymcs 2026-04-15 2.2 Low
Yealink RPS before 2025-06-04 lacks SN verification attempt limits, enabling brute-force enumeration (last five digits).
CVE-2024-10254 2026-04-15 4.7 Medium
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash.
CVE-2025-52918 2026-04-15 5 Medium
Yealink RPS before 2025-05-26 does not prevent OpenAPI access by frozen enterprise accounts, allowing unauthorized access to deactivated interfaces.
CVE-2024-58277 1 R Radio Network 1 Radio Network Fm Transmitter 2026-04-15 N/A
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.