Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-34024 2026-04-15 6.3 Medium
Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.
CVE-2024-34011 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.
CVE-2025-7378 1 Asustor 1 Adm 2026-04-15 N/A
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the format of the configuation file, causing the NAS to exhibit unexpected behavior. This issue affects ADM: from 4.1 before 4.3.1.R5A1.
CVE-2025-3751 2026-04-15 N/A
The component listed above contains a vulnerability that can be exploited by an attacker to perform a SQL Injection attack. This could lead to unauthorised access to the database and exposure of sensitive information
CVE-2025-3746 1 Wordpress 1 Wordpress 2026-04-15 9.8 Critical
The OTP-less one tap Sign in plugin for WordPress is vulnerable to privilege escalation via account takeover in versions 2.0.14 to 2.0.59. This is due to the plugin not properly validating a user's identity prior to updating their details, like email. This makes it possible for unauthenticated attackers to change arbitrary users' email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. Additionally, the plugin returns authentication cookies in the response, which can be used to access the account directly.
CVE-2023-47438 2026-04-15 6.5 Medium
SQL Injection vulnerability in Reportico Till 8.1.0 allows attackers to obtain sensitive information or other system information via the project parameter.
CVE-2025-58456 1 Automationdirect 8 P1-540, P1-550, P2-550 and 5 more 2026-04-15 6.8 Medium
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and read arbitrary files on the target machine.
CVE-2025-6725 2026-04-15 5.4 Medium
In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.
CVE-2025-37166 1 Hpe 1 Aruba Instant On 2026-04-15 7.5 High
A vulnerability affecting HPE Networking Instant On Access Points has been identified where a device processing a specially crafted packet could enter a non-responsive state, in some cases requiring a hard reset to re-establish services. A malicious actor could leverage this vulnerability to conduct a Denial-of-Service attack on a target network.
CVE-2025-58429 1 Automationdirect 8 P1-540, P1-550, P2-550 and 5 more 2026-04-15 7.5 High
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary files on the target machine.
CVE-2024-47463 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 7.2 High
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
CVE-2025-37148 1 Hpe 1 Arubaos 2026-04-15 6.5 Medium
A vulnerability in the parsing of ethernet frames in AOS-8 Instant and AOS 10 could allow an unauthenticated remote attacker to conduct a denial of service attack. Successful exploitation could allow an attacker to potentially disrupt network services and require manual intervention to restore functionality.
CVE-2025-37147 1 Hpe 1 Arubaos 2026-04-15 7.1 High
A Secure Boot Bypass Vulnerability exists in affected Access Points that allows an adversary to bypass the hardware root of trust verification in place to ensure only vendor-signed firmware can execute on the device. An adversary can exploit this vulnerability to run modified or custom firmware on affected Access Points.
CVE-2024-47462 1 Arubanetworks 2 Arubaos, Instant 2026-04-15 7.2 High
An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system.
CVE-2025-37146 1 Hpe 1 Arubaos 2026-04-15 7.2 High
A vulnerability in the web-based management interface of network access point configuration services could allow an authenticated remote attacker to perform remote command execution. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system.
CVE-2025-58078 1 Automationdirect 8 P1-540, P1-550, P2-550 and 5 more 2026-04-15 7.5 High
A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and write files with arbitrary data on the target machine.
CVE-2025-57352 2026-04-15 5.3 Medium
A vulnerability exists in the 'min-document' package prior to version 2.19.0, stemming from improper handling of namespace operations in the removeAttributeNS method. By processing malicious input involving the __proto__ property, an attacker can manipulate the prototype chain of JavaScript objects, leading to denial of service or arbitrary code execution. This issue arises from insufficient validation of attribute namespace removal operations, allowing unintended modification of critical object prototypes. The vulnerability remains unaddressed in the latest available version.
CVE-2025-37131 2 Arubanetworks, Hp 2 Edgeconnect Enterprise, Arubaos 2026-04-15 4.9 Medium
A vulnerability in EdgeConnect SD-WAN ECOS could allow an authenticated remote threat actor with admin privileges to access sensitive unauthorized system files. Under certain conditions, this could lead to exposure and exfiltration of sensitive information.
CVE-2025-37130 2 Arubanetworks, Hp 2 Edgeconnect Enterprise, Arubaos 2026-04-15 6.5 Medium
A vulnerability in the command-line interface of EdgeConnect SD-WAN could allow an authenticated attacker to read arbitrary files within the system. Successful exploitation could allow an attacker to read sensitive data from the underlying file system.
CVE-2023-50059 2026-04-15 5.3 Medium
An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number)