Total
289 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-47818 | 2026-04-15 | N/A | 7.5 HIGH | ||
| DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10. | |||||
| CVE-2024-47257 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Florent ThiƩry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution. | |||||
| CVE-2024-7316 | 2026-04-15 | N/A | 5.9 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in Mitsubishi Electric CNC Series allows a remote unauthenticated attacker to cause Denial of Service (DoS) condition on the product by sending specially crafted packets to TCP port 683, causing an emergency stop. | |||||
| CVE-2023-20582 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | |||||
| CVE-2024-9448 | 2026-04-15 | N/A | 7.5 HIGH | ||
| On affected platforms running Arista EOS with Traffic Policies configured the vulnerability will cause received untagged packets not to hit Traffic Policy rules that they are expected to hit. If the rule was to drop the packet, the packet will not be dropped and instead will be forwarded as if the rule was not in place. This could lead to packets being delivered to unexpected destinations. | |||||
| CVE-2024-21953 | 2026-04-15 | N/A | N/A | ||
| Improper input validation in IOMMU could allow a malicious hypervisor to reconfigure IOMMU registers resulting in loss of guest data integrity. | |||||
| CVE-2025-9316 | 2026-04-15 | N/A | N/A | ||
| N-central < 2025.4 can generate sessionIDs for unauthenticated users This issue affects N-central: before 2025.4. | |||||
| CVE-2023-31331 | 2026-04-15 | N/A | 3.0 LOW | ||
| Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability. | |||||
| CVE-2025-5257 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| SummaryThis advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to Unpublished Page Previews: The page preview functionality for unpublished content, accessible via predictable URLs (e.g., /page/preview/1, /page/preview/2), lacked proper authorization checks. This allowed any unauthenticated user to view content that was not yet intended for public release, and allowed search engines to index these private preview URLs, making the content publicly discoverable. MitigationMautic has patched this vulnerability by enforcing proper permission checks on preview pages. Users should upgrade to the patched version of Mautic or later. | |||||
| CVE-2024-45351 | 2026-04-15 | N/A | 7.8 HIGH | ||
| A code execution vulnerability exists in the Xiaomi Game center application product. The vulnerability is caused by improper input validation and can be exploited by attackers to execute malicious code. | |||||
| CVE-2025-11594 | 2026-04-15 | 5.0 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validation of specified quantity in input. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases. | |||||
| CVE-2024-6068 | 2026-04-15 | N/A | 7.3 HIGH | ||
| A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. | |||||
| CVE-2025-2826 | 2026-04-15 | N/A | 2.6 LOW | ||
| n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted. | |||||
| CVE-2025-43881 | 2026-04-15 | N/A | 4.3 MEDIUM | ||
| Improper validation of specified quantity in input issue exists in Real-time Bus Tracking System versions prior to 1.1. If exploited, a denial of service (DoS) condition may be caused by an attacker who can log in to the administrative page of the affected product. | |||||
| CVE-2024-24715 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. | |||||
| CVE-2024-55407 | 2026-04-15 | N/A | 7.8 HIGH | ||
| An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. | |||||
| CVE-2025-5808 | 2026-04-15 | N/A | N/A | ||
| Improper Input Validation vulnerability in OpenText Self Service Password Reset allows Authentication Bypass.This issue affects Self Service Password Reset from before 4.8 patch 3. | |||||
| CVE-2024-1610 | 2026-04-15 | N/A | 9.8 CRITICAL | ||
| In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | |||||
| CVE-2026-35489 | 1 Tandoor | 1 Recipes | 2026-04-14 | N/A | 7.3 HIGH |
| Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, the POST /api/food/{id}/shopping/ endpoint reads amount and unit directly from request.data and passes them without validation to ShoppingListEntry.objects.create(). Invalid amount values (non-numeric strings) cause an unhandled exception and HTTP 500. A unit ID from a different Space can be associated cross-space, leaking foreign-key references across tenant boundaries. All other endpoints creating ShoppingListEntry use ShoppingListEntrySerializer, which validates and sanitizes these fields. This vulnerability is fixed in 2.6.4. | |||||
| CVE-2026-1092 | 1 Gitlab | 1 Gitlab | 2026-04-14 | N/A | 7.5 HIGH |
| GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.10 before 18.8.9, 18.9 before 18.9.5, and 18.10 before 18.10.3 that could have allowed an unauthenticated user to cause denial of service due to improper input validation of JSON payloads. | |||||