Export limit exceeded: 366908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (1425 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-27774 | 6 Brocade, Debian, Haxx and 3 more | 18 Fabric Operating System, Debian Linux, Curl and 15 more | 2026-04-16 | 5.7 Medium |
| An insufficiently protected credentials vulnerability exists in curl 4.9 to and include curl 7.82.0 are affected that could allow an attacker to extract credentials when follows HTTP(S) redirects is used with authentication could leak credentials to other services that exist on different protocols or port numbers. | ||||
| CVE-2026-27770 | 1 Epower | 1 Epower.ie | 2026-04-16 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-28714 | 3 Acronis, Linux, Microsoft | 4 Acronis Cyber Protect 17, Cyber Protect, Linux Kernel and 1 more | 2026-04-16 | N/A |
| Unnecessary transmission of sensitive cryptographic material. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186. | ||||
| CVE-2026-27027 | 1 Everon | 1 Api.everon.io | 2026-04-16 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-20733 | 1 Cloudcharge | 1 Cloudcharge.se | 2026-04-16 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-20435 | 6 Google, Linuxfoundation, Mediatek and 3 more | 40 Android, Yocto, Mt2737 and 37 more | 2026-04-16 | 4.6 Medium |
| In preloader, there is a possible read of device unique identifiers due to a logic error. This could lead to local information disclosure, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS10607099; Issue ID: MSV-6118. | ||||
| CVE-2026-27777 | 1 Mobiliti | 1 E-mobi.hu | 2026-04-16 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2026-35185 | 2 Haxtheweb, Psu | 2 Hax, Haxiam | 2026-04-16 | 7.5 High |
| HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to 25.0.0, the /server-status endpoint is publicly accessible and exposes sensitive information including authentication tokens (user_token), user activity, client IP addresses, and server configuration details. This allows any unauthenticated user to monitor real-time user interactions and gather internal infrastructure information. This vulnerability is fixed in 25.0.0. | ||||
| CVE-2000-0944 | 1 Cgi | 1 Script Center News Update | 2026-04-16 | 9.8 Critical |
| CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. | ||||
| CVE-1999-0013 | 1 Ssh | 1 Ssh | 2026-04-16 | 8.4 High |
| Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user. | ||||
| CVE-2005-3435 | 1 Archilles | 1 Newsworld | 2026-04-16 | 9.8 Critical |
| admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument. | ||||
| CVE-2026-25774 | 2 Ev.energy, Ev Energy | 2 Ev.energy, Ev.energy | 2026-04-15 | 6.5 Medium |
| Charging station authentication identifiers are publicly accessible via web-based mapping platforms. | ||||
| CVE-2024-12799 | 2026-04-15 | N/A | ||
| Insufficiently Protected Credentials vulnerability in OpenText Identity Manager Advanced Edition on Windows, Linux, 64 bit allows Privilege Abuse. This vulnerability could allow an authenticated user to obtain higher privileged user’s sensitive information via crafted payload. This issue affects Identity Manager Advanced Edition: from 4.8.0.0 through 4.8.7.0102, 4.9.0.0. | ||||
| CVE-2025-54876 | 1 Jansson Project | 1 Jansson | 2026-04-15 | N/A |
| The Janssen Project is an open-source identity and access management (IAM) platform. In versions 1.9.0 and below, Janssen stores passwords in plaintext in the local cli_cmd.log file. This is fixed in the nightly prerelease. | ||||
| CVE-2025-3079 | 2026-04-15 | 8.7 High | ||
| A passback vulnerability which relates to office/small office multifunction printers and laser printers. | ||||
| CVE-2025-3078 | 2026-04-15 | 8.7 High | ||
| A passback vulnerability which relates to production printers and office multifunction printers. | ||||
| CVE-2025-32963 | 2026-04-15 | N/A | ||
| MinIO Operator STS is a native IAM Authentication for Kubernetes. Prior to version 7.1.0, if no audiences are provided for the `spec.audiences` field, the default will be of the Kubernetes apiserver. Without scoping, it can be replayed to other internal systems, which may unintentionally trust it. This issue has been patched in version 7.1.0. | ||||
| CVE-2025-34062 | 2026-04-15 | N/A | ||
| An information disclosure vulnerability exists in OneLogin AD Connector versions prior to 6.1.5 via the /api/adc/v4/configuration endpoint. An attacker with access to a valid directory_token—which may be retrievable from host registry keys or improperly secured logs—can retrieve a plaintext response disclosing sensitive credentials. These may include an API key, AWS IAM access and secret keys, and a base64-encoded JWT signing key used in the tenant’s SSO IdP configuration. | ||||
| CVE-2025-34139 | 1 Sitecore | 4 Experience Commerce, Experience Manager, Experience Platform and 1 more | 2026-04-15 | N/A |
| A vulnerability exists in Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud that could allow an unauthenticated attacker to read arbitrary files. This vulnerability affects all Experience Platform topologies (XM, XP, XC) from 8.0 Initial Release through 10.4 Initial Release and later. This issue affects Content Management (CM) and standalone instances. PaaS and containerized solutions are also affected. | ||||
| CVE-2025-0760 | 2026-04-15 | 2.7 Low | ||
| A Credential Disclosure vulnerability exists where an administrator could extract the stored SMTP account credentials due to lack of encryption. | ||||