Total
10999 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-27211 | 2026-04-15 | N/A | 7.5 HIGH | ||
| An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.10.4 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network. | |||||
| CVE-2014-125119 | 2026-04-15 | N/A | N/A | ||
| A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution. | |||||
| CVE-2024-42410 | 2026-04-15 | N/A | 6.5 MEDIUM | ||
| Improper input validation in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable denial of service via local access. | |||||
| CVE-2025-11273 | 2026-04-15 | 6.5 MEDIUM | 6.3 MEDIUM | ||
| A vulnerability was found in LaChatterie Verger up to 1.2.10. This impacts the function redirectToAuthorization of the file /src/main/services/mcp/oauth/provider.ts. The manipulation of the argument URL results in deserialization. The attack can be executed remotely. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-28028 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | |||||
| CVE-2025-9195 | 2026-04-15 | N/A | 4.4 MEDIUM | ||
| Improper input validation in firmware of some Solidigm DC Products may allow an attacker with local access to cause a Denial of Service | |||||
| CVE-2024-37794 | 2026-04-15 | N/A | 7.5 HIGH | ||
| Improper input validation in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT2 input file. | |||||
| CVE-2025-11676 | 2026-04-15 | N/A | N/A | ||
| Improper input validation vulnerability in TP-Link System Inc. TL-WR940N V6 (UPnP modules), which allows unauthenticated adjacent attackers to perform DoS attack. This issue affects TL-WR940N V6 <= Build 220801. | |||||
| CVE-2025-1022 | 2026-04-15 | N/A | 8.2 HIGH | ||
| Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. | |||||
| CVE-2026-22611 | 2026-04-15 | N/A | 3.7 LOW | ||
| AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. This issue has been patched in version 4.0.3.3. | |||||
| CVE-2025-24512 | 2026-04-15 | N/A | 5.6 MEDIUM | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi Software for Windows before version 23.160 within Ring 2: Device Drivers may allow a denial of service. Authorized adversary with an authenticated user combined with a high complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (high) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (low) impacts. | |||||
| CVE-2025-4701 | 2026-04-15 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as problematic, has been found in VITA-MLLM Freeze-Omni up to 20250421. This issue affects the function torch.load of the file models/utils.py. The manipulation of the argument path leads to deserialization. It is possible to launch the attack on the local host. | |||||
| CVE-2024-32653 | 2026-04-15 | N/A | 6.1 MEDIUM | ||
| jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | |||||
| CVE-2025-15117 | 2026-04-15 | 2.1 LOW | 3.1 LOW | ||
| A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectInputStream.readObject of the file SaJdkSerializer.java. Executing manipulation can lead to deserialization. The attack may be launched remotely. This attack is characterized by high complexity. It is indicated that the exploitability is difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2024-1481 | 2026-04-15 | N/A | 5.3 MEDIUM | ||
| A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service. | |||||
| CVE-2025-9060 | 2026-04-15 | N/A | 9.1 CRITICAL | ||
| A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | |||||
| CVE-2025-53471 | 2026-04-15 | N/A | 5.1 MEDIUM | ||
| Emerson ValveLink products receive input or data, but it do not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. | |||||
| CVE-2025-58361 | 2026-04-15 | N/A | 9.3 CRITICAL | ||
| Promptcraft Forge Studio is a toolkit for evaluating, optimizing, and maintaining LLM-powered applications. All versions contain an non-exhaustive URL scheme check that does not protect against XSS. User-controlled URLs pass through src/utils/validation.ts, but the check only strips `javascript:` and a few patterns. `data:` URLs (for example data:image/svg+xml,…) still pass. If a sanitized value is used in href/src, an attacker can execute a script. There is currently no fix for this issue. | |||||
| CVE-2025-61084 | 2026-04-15 | N/A | 7.1 HIGH | ||
| MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle brackets (<>) in the From: header of SMTP DATA. An attacker can craft a From: header with multiple invisible Unicode thin spaces to display a spoofed sender while passing validation, allowing email spoofing even when anti-spoofing protections are in place. NOTE: this is disputed by the Supplier because UI spoofing occurs in a client, not in a server such as MDaemon's product or any other server implementation. Also, if a client without its own spoofing protection must be used, the Header Screening feature in MDaemon's product can be employed to mitigate the client-side vulnerability. | |||||
| CVE-2025-31948 | 2026-04-15 | N/A | 3.3 LOW | ||
| Improper input validation for some Intel(R) oneAPI Math Kernel Library before version 2025.2 within Ring 3: User Applications may allow a denial of service. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable denial of service. This result may potentially occur via local access when attack requirements are not present without special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (none), integrity (none) and availability (low) of the vulnerable system, resulting in subsequent system confidentiality (none), integrity (none) and availability (none) impacts. | |||||