Search Results (26483 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-11645 2 Google, Tomofun 2 Android, Furbo Mobile App 2026-04-15 2.4 Low
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-9945 2026-04-15 5.3 Medium
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders.
CVE-2024-55946 2026-04-15 N/A
Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have entered into the software. This poses a risk to user privacy. The maintainers of Playloom Engine have temporarily disabled the collaboration feature until a fix can be implemented. When Engine Beta v0.0.2 is released, it is expected to contain a patch addressing this issue. Users should refrain from using the collaboration feature in the meantime.
CVE-2023-43745 1 Intel 1 Cbi Software 2026-04-15 2.8 Low
Improper input validation in some Intel(R) CBI software before version 1.1.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2023-45289 1 Redhat 12 Advanced Cluster Security, Enterprise Linux, Logging and 9 more 2026-04-15 4.3 Medium
When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a redirect to bar.com will not. A maliciously crafted HTTP redirect could cause sensitive headers to be unexpectedly forwarded.
CVE-2023-45290 1 Redhat 20 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 17 more 2026-04-15 6.5 Medium
When parsing a multipart form (either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile), limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a maliciously crafted input containing very long lines to cause allocation of arbitrarily large amounts of memory, potentially leading to memory exhaustion. With fix, the ParseMultipartForm function now correctly limits the maximum size of form lines.
CVE-2023-46809 2 Nodejs, Redhat 3 Nodejs, Enterprise Linux, Rhel Eus 2026-04-15 7.4 High
Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.
CVE-2023-47210 2026-04-15 4.7 Medium
Improper input validation for some Intel(R) PROSet/Wireless WiFi software for linux before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2023-48335 1 Wordpress 1 Wordpress 2026-04-15 3.7 Low
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Webcraftic Hide login page allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hide login page: from n/a through 1.1.9.
CVE-2023-49069 1 Siemens 1 Mendix 2026-04-15 5.3 Medium
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.17.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.11 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.19 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions < V8.18.33 only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.31 only if the basic authentication mechanism is used by the application). The authentication mechanism of affected applications contains an observable response discrepancy vulnerability when validating usernames. This could allow unauthenticated remote attackers to distinguish between valid and invalid usernames.
CVE-2023-50872 1 Accredible Credential.net 1 Accredible Credential.net 2026-04-15 7.5 High
The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue."
CVE-2023-5410 1 Hp Inc 4 Business Desktop Pcs, Business Notebook Pcs, Thin Client and 1 more 2026-04-15 8.2 High
A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability.
CVE-2023-5692 2026-04-15 5.3 Medium
WordPress Core is vulnerable to Sensitive Information Exposure in versions up to, and including, 6.4.3 via the redirect_guess_404_permalink function. This can allow unauthenticated attackers to expose the slug of a custom post whose 'publicly_queryable' post status has been set to 'false'.
CVE-2023-7240 2026-04-15 5.8 Medium
 An improper authorization level has been detected in the login panel. It may lead to unauthenticated Server Side Request Forgery and allows to perform open services enumeration. Server makes query to provided server (Server IP/DNS field) and is triggering connection to arbitrary address.
CVE-2023-7320 2 Automattic, Wordpress 2 Woocommerce, Wordpress 2026-04-15 5.3 Medium
The WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.8.2, due to improper CORS handling on the Store API's REST endpoints allowing direct external access from any origin. This can allow unauthenticated attackers to extract sensitive user information including PII(Personal Identifiable Information).
CVE-2024-0080 2026-04-15 2.8 Low
NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service.
CVE-2024-0710 2 Gravity Wiz, Wordpress 2 Gp Unique Id, Wordpress 2026-04-15 5.3 Medium
The GP Unique ID plugin for WordPress is vulnerable to Unique ID Modification in all versions up to, and including, 1.5.5. This is due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a loss of integrity in cases where the ID's uniqueness is relied upon in a security-specific context.
CVE-2024-0793 1 Redhat 1 Openshift 2026-04-15 7.7 High
A flaw was found in kube-controller-manager. This issue occurs when the initial application of a HPA config YAML lacking a .spec.behavior.scaleUp block causes a denial of service due to KCM pods going into restart churn.
CVE-2024-10316 2026-04-15 4.3 Medium
The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.
CVE-2024-10357 2026-04-15 4.3 Medium
The Clever Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.1 via the getTemplateContent function in src/widgets/class-clever-widget-base.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data.