Export limit exceeded: 24094 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-31648 | 1 Intel | 1 Processors | 2026-04-15 | 3.9 Low |
| Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts. | ||||
| CVE-2025-31649 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 8.7 High |
| A hard-coded password vulnerability exists in the ControlVault WBDI Driver functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to execute priviledged operation. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2025-3165 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability classified as critical has been found in thu-pacman chitu 0.1.0. This affects the function torch.load of the file chitu/chitu/backend.py. The manipulation of the argument ckpt_path/quant_ckpt_dir leads to deserialization. An attack has to be approached locally. | ||||
| CVE-2025-31655 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions for some Intel(R) Battery Life Diagnostic Tool within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present without special internal knowledge and requires active user interaction. The potential vulnerability may impact the confidentiality (high), integrity (high) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | ||||
| CVE-2025-3169 | 2026-04-15 | 5 Medium | ||
| A vulnerability was found in Projeqtor up to 12.0.2. It has been rated as critical. Affected by this issue is some unknown functionality of the file /tool/saveAttachment.php. The manipulation of the argument attachmentFiles leads to unrestricted upload. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 12.0.3 is able to address this issue. It is recommended to upgrade the affected component. The vendor explains, that "this vulnerability can be exploited only on not securely installed instances, as it is adviced during product install: attachment directory should be out of web reach, so that even if executable file can be uploaded, it cannot be executed through the web." | ||||
| CVE-2025-31700 | 1 Dahua | 2 Ipc, Sd | 2026-04-15 | 8.1 High |
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | ||||
| CVE-2025-31701 | 1 Dahua | 2 Ipc, Sd | 2026-04-15 | 8.1 High |
| A vulnerability has been found in Dahua products. Attackers could exploit a buffer overflow vulnerability by sending specially crafted malicious packets, potentially causing service disruption (e.g., crashes) or remote code execution (RCE). Some devices may have deployed protection mechanisms such as Address Space Layout Randomization (ASLR), which reduces the likelihood of successful RCE exploitation. However, denial-of-service (DoS) attacks remain a concern. | ||||
| CVE-2025-31702 | 1 Dahua | 2 Ipc, Sd | 2026-04-15 | 6.8 Medium |
| A vulnerability exists in certain Dahua embedded products. Third-party malicious attacker with obtained normal user credentials could exploit the vulnerability to access certain data which are restricted to admin privileges, such as system-sensitive files through specific HTTP request. This may cause tampering with admin password, leading to privilege escalation. Systems with only admin account are not affected. | ||||
| CVE-2025-31713 | 2026-04-15 | 8.4 High | ||
| In engineer mode service, there is a possible command injection due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31714 | 2026-04-15 | 6.8 Medium | ||
| In Developer Tools, there is a possible missing verification incorrect input. This could lead to local escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31717 | 1 Unisoc | 8 S8000, T750, T760 and 5 more | 2026-04-15 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. | ||||
| CVE-2025-31718 | 1 Unisoc | 11 S8000, T606, T612 and 8 more | 2026-04-15 | 7.5 High |
| In modem, there is a possible system crash due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. | ||||
| CVE-2025-31719 | 1 Unisoc | 17 S8000, Sc7731e, Sc9832e and 14 more | 2026-04-15 | 5.1 Medium |
| In TEE EcDSA algorithm, there is a possible memory consistency issue. This could lead to generated incorrect signature results with low probability. | ||||
| CVE-2025-32993 | 2026-04-15 | 6.5 Medium | ||
| Vision Helpdesk through 5.7.0 allows Time-Based Blind SQL injection via the Forgot Password (aka index.php?/home/forgot-password) vis_username parameter. Authentication is not needed. | ||||
| CVE-2025-31821 | 2026-04-15 | 4.7 Medium | ||
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in formsintegrations Integration of Zoho CRM and Contact Form 7 allows Phishing. This issue affects Integration of Zoho CRM and Contact Form 7: from n/a through 1.0.6. | ||||
| CVE-2025-3189 | 2026-04-15 | N/A | ||
| Stored Cross-Site Scripting (XSS) in DoWISP in versions prior to 1.16.2.50, which consists of an stored XSS through the upload of a profile picture in SVG format with malicious Javascript code in it. | ||||
| CVE-2025-3191 | 2026-04-15 | 6.1 Medium | ||
| All versions of the package react-draft-wysiwyg are vulnerable to Cross-site Scripting (XSS) via the Embedded button which will then result in saving the payload in the <iframe> tag. | ||||
| CVE-2025-3192 | 1 Spatie | 1 Browsershot | 2026-04-15 | 8.2 High |
| Versions of the package spatie/browsershot from 0.0.0 are vulnerable to Server-side Request Forgery (SSRF) in the setUrl() function due to a missing restriction on user input, enabling attackers to access localhost and list all of its directories. | ||||
| CVE-2025-31929 | 2026-04-15 | 4.2 Medium | ||
| A vulnerability has been identified in IEC 1Ph 7.4kW Child socket (8EM1310-2EH04-0GA0) (All versions), IEC 1Ph 7.4kW Child socket/ shutter (8EM1310-2EN04-0GA0) (All versions), IEC 1Ph 7.4kW Parent cable 7m (8EM1310-2EJ04-3GA1) (All versions), IEC 1Ph 7.4kW Parent cable 7m incl. SIM (8EM1310-2EJ04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket (8EM1310-2EH04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket incl. SIM (8EM1310-2EH04-3GA2) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter (8EM1310-2EN04-3GA1) (All versions), IEC 1Ph 7.4kW Parent socket/ shutter SIM (8EM1310-2EN04-3GA2) (All versions), IEC 3Ph 22kW Child cable 7m (8EM1310-3EJ04-0GA0) (All versions), IEC 3Ph 22kW Child socket (8EM1310-3EH04-0GA0) (All versions), IEC 3Ph 22kW Child socket/ shutter (8EM1310-3EN04-0GA0) (All versions), IEC 3Ph 22kW Parent cable 7m (8EM1310-3EJ04-3GA1) (All versions), IEC 3Ph 22kW Parent cable 7m incl. SIM (8EM1310-3EJ04-3GA2) (All versions), IEC 3Ph 22kW Parent socket (8EM1310-3EH04-3GA1) (All versions), IEC 3Ph 22kW Parent socket incl. SIM (8EM1310-3EH04-3GA2) (All versions), IEC 3Ph 22kW Parent socket/ shutter (8EM1310-3EN04-3GA1) (All versions), IEC 3Ph 22kW Parent socket/ shutter SIM (8EM1310-3EN04-3GA2) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA0) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA1) (All versions), IEC ERK 3Ph 22 kW Child cable 7m (8EM1310-3FJ04-0GA2) (All versions), IEC ERK 3Ph 22 kW Child socket (8EM1310-3FH04-0GA0) (All versions), IEC ERK 3Ph 22 kW Parent socket (8EM1310-3FH04-3GA1) (All versions), IEC ERK 3Ph 22 kW Parent socket incl. SI (8EM1310-3FH04-3GA2) (All versions), UL Commercial Cellular 48A NTEP (8EM1310-5HF14-1GA2) (All versions), UL Commercial Child 40A w/ 15118 HW (8EM1310-4CF14-0GA0) (All versions), UL Commercial Child 48A BA Compliant (8EM1315-5CG14-0GA0) (All versions), UL Commercial Child 48A w/ 15118 HW (8EM1310-5CF14-0GA0) (All versions), UL Commercial Parent 40A with Simcard (8EM1310-4CF14-1GA2) (All versions), UL Commercial Parent 48A (USPS) (8EM1317-5CG14-1GA2) (All versions), UL Commercial Parent 48A BA Compliant (8EM1315-5CG14-1GA2) (All versions), UL Commercial Parent 48A with Simcard BA (8EM1310-5CF14-1GA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1310-5CG14-1GA1) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1314-5CG14-2FA2) (All versions), UL Commercial Parent 48A, 15118, 25ft (8EM1315-5HG14-1GA2) (All versions), UL Commercial Parent 48A,15118 25ft Sim (8EM1310-5CG14-1GA2) (All versions), UL Resi High End 40A w/15118 Hw (8EM1312-4CF18-0FA3) (All versions), UL Resi High End 48A w/15118 Hw (8EM1312-5CF18-0FA3) (All versions), VersiCharge Blue™ 80A AC Cellular (8EM1315-7BG16-1FH2) (All versions). Affected devices do not contain an Immutable Root of Trust in M0 Hardware. An attacker with physical access to the device could use this to execute arbitrary code. | ||||
| CVE-2025-31946 | 2026-04-15 | 6.2 Medium | ||
| Pixmeo OsiriX MD is vulnerable to a local use after free scenario, which could allow an attacker to locally import a crafted DICOM file and cause memory corruption or a system crash. | ||||