Search Results (987 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-41719 1 Sauter 3 Ey-modulo 5 Devices, Modulo 6 Devices, Webserver 2026-04-15 8.8 High
A low privileged remote attacker can corrupt the webserver users storage on the device by setting a sequence of unsupported characters which leads to deletion of all previously configured users and the creation of the default Administrator with a known default password.
CVE-2025-41650 2026-04-15 7.5 High
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
CVE-2025-41100 2026-04-15 N/A
Incorrect authentication vulnerability in ParkingDoor. Through this vulnerability it is possible to operate the device without the access being logged in the application and even if the access permissions have been revoked.
CVE-2025-40911 2026-04-15 6.5 Medium
Net::CIDR::Set versions 0.10 through 0.13 for Perl does not properly handle leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation. Net::CIDR::Set used code from Net::CIDR::Lite, which had a similar vulnerability CVE-2021-47154.
CVE-2025-3755 2026-04-15 9.1 Critical
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or to stop the operation of the CPU module (causing a DoS condtion on the CPU module), by sending specially crafted packets. The product is needed to reset for recovery.
CVE-2025-14911 1 Mongodb 1 C Driver 2026-04-15 6.5 Medium
User-controlled chunkSize metadata from MongoDB lacks appropriate validation allowing malformed GridFS metadata to overflow the bounding container.
CVE-2025-24347 2026-04-15 6.5 Medium
A vulnerability in the “Network Interfaces” functionality of the web application of ctrlX OS allows a remote authenticated (low-privileged) attacker to manipulate the network configuration file via a crafted HTTP request.
CVE-2025-24876 2026-04-15 8.1 High
The SAP Approuter Node.js package version v16.7.1 and before is vulnerable to Authentication bypass. When trading an authorization code an attacker can steal the session of the victim by injecting malicious payload causing High impact on confidentiality and integrity of the application
CVE-2025-25178 2026-04-15 7.8 High
Software installed and run as a non-privileged user may conduct improper GPU system calls to cause kernel system memory corruption.
CVE-2025-32901 1 Kde 1 Kdeconnect 2026-04-15 4.3 Medium
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVE-2025-9042 1 Rockwellautomation 1 Flex 5000 Io 2026-04-15 N/A
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IY8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.
CVE-2025-9041 1 Rockwellautomation 1 Flex 5000 Io 2026-04-15 N/A
A security issue exists due to improper handling of CIP Class 32’s request when a module is inhibited on the 5094-IF8 device. It causes the module to enter a fault state with the Module LED flashing red. Upon un-inhibiting, the module returns a connection fault (Code 16#0010), and the module cannot recover without a power cycle.
CVE-2022-50976 2 Avibia, Innomic 2 Avibiline Configurator, Vibroline Configurator 2026-04-15 7.7 High
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
CVE-2023-7332 2026-04-15 N/A
PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service.
CVE-2024-11168 2 Python Software Foundation, Redhat 2 Cpython, Enterprise Linux 2026-04-15 3.7 Low
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2021-47156 2026-04-15 6.5 Medium
The Net::IPAddress::Util module before 5.000 for Perl does not properly consider extraneous zero characters in an IP address string, which (in some situations) allows attackers to bypass access control that is based on IP addresses.
CVE-2025-8556 1 Redhat 23 Acm, Advanced Cluster Security, Ceph Storage and 20 more 2026-04-15 3.7 Low
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
CVE-2025-61672 1 Element-hq 1 Synapse 2026-04-15 5.4 Medium
Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
CVE-2024-1610 2026-04-15 9.8 Critical
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
CVE-2024-26507 1 Finalwire 4 Aida64 Business, Aida64 Engineer, Aida64 Network Audit and 1 more 2026-04-15 7.8 High
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components.