Search Results (625 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-28383 2026-04-15 6.1 Medium
Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-27504 2026-04-15 7.2 High
Improper conditions check in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2025-33176 1 Nvidia 1 Runai 2026-04-15 6.2 Medium
NVIDIA RunAI for all platforms contains a vulnerability where a user could cause an improper restriction of communications channels on an adjacent network. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, and information disclosure.
CVE-2025-14376 1 Rockwellautomation 1 Verve Asset Manager 2026-04-15 N/A
A security issue was discovered within the legacy ADI server component of Verve Asset Manager, caused by plaintext secrets stored in environment variables on the ADI server. This component has been retired and has been optional since the 1.36 release in 2024.
CVE-2025-12357 2 Iec, Iso 15118-2 Network And Application Protocol Requirements 2 Ev Car Chargers, Ev Car Chargers 2026-04-15 6.3 Medium
By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measurements, an attacker can stage a man-in-the-middle attack between an electric vehicle and chargers that comply with the ISO 15118-2 part. This vulnerability may be exploitable wirelessly, within close proximity, via electromagnetic induction.
CVE-2025-11645 2 Google, Tomofun 2 Android, Furbo Mobile App 2026-04-15 2.4 Low
A security vulnerability has been detected in Tomofun Furbo Mobile App up to 7.57.0a on Android. This affects an unknown part of the component Authentication Token Handler. The manipulation leads to insecure storage of sensitive information. It is possible to launch the attack on the physical device. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-56947 2026-04-15 6.5 Medium
An issue in Xiamen Meitu Technology Co., Ltd. BeautyCam iOS v12.3.60 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56948 2026-04-15 6.5 Medium
An issue in KuGou Technology CO. LTD KuGou Music iOS v20.0.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2024-56949 2026-04-15 6.5 Medium
An issue in Guangzhou Polar Future Culture Technology Co., Ltd University Search iOS 2.27.0 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-5500 2 Google, Zhenshi 2 Android, Mibro Fit App 2026-04-15 5.3 Medium
A flaw has been found in ZhenShi Mibro Fit App 1.6.3.17499 on Android. This impacts an unknown function of the file AndroidManifest.xml of the component com.xiaoxun.xunoversea.mibrofit. This manipulation causes improper export of android application components. The attack requires local access. The exploit has been published and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-8275 2 Bsc, Google 2 Peru Cocktails App, Android 2026-04-15 5.3 Medium
A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.peru_cocktails. The manipulation leads to improper export of android application components. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.
CVE-2025-7940 2026-04-15 5.3 Medium
A vulnerability was found in Genshin Albedo Cat House App 1.0.2 on Android. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.house.auscat. The manipulation leads to improper export of android application components. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.
CVE-2025-54083 1 Calix 1 Gigacenter Ont 2026-04-15 N/A
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This issue affects GigaCenter ONT: 844E, 844G, 844GE, 854GE.
CVE-2025-53507 2026-04-15 N/A
Multiple products provided by iND Co.,Ltd contain an insecure storage of sensitive information vulnerability. If exploited, configuration information, such as admin password, may be disclosed. As for the details of affected product names and versions, refer to the information under [Product Status].
CVE-2025-5346 2026-04-15 N/A
Bluebird devices contain a pre-loaded barcode scanner application. This application exposes an unsecured broadcast receiver "kr.co.bluebird.android.bbsettings.BootReceiver". A local attacker can call the receiver to overwrite file containing ".json" keyword with default barcode config file. It is possible to overwrite file in any location due to lack of protection against path traversal in name of the file. This issue affects all versions before 1.3.3.
CVE-2025-5345 2026-04-15 N/A
Bluebird devices contain a pre-loaded file manager application. This application exposes an unsecured service provider "com.bluebird.system.koreanpost.IsdcardRemoteService". A local attacker can bind to the AIDL-type service to copy and delete arbitrary files from device's storage with system-level permissions. Version 1.4.4 is vulnerable, vendor reverted vulnerable versions to older version: 1.3.6
CVE-2025-5344 2026-04-15 N/A
Bluebird devices contain a pre-loaded kiosk application. This application exposes an unsecured service provider "com.bluebird.kiosk.launcher.IpartnerKioskRemoteService". A local attacker can bind to the AIDL-type service to modify device's global settings and wallpaper image. This issue affects all versions before 1.1.2.
CVE-2025-31144 2026-04-15 N/A
Quick Agent V3 and Quick Agent V2 contain an issue with improper restriction of communication channel to intended endpoints. If exploited, a remote unauthenticated attacker may attempt to log in to an arbitrary host via Windows system where the product is running.
CVE-2025-30016 2026-04-15 9.8 Critical
SAP Financial Consolidation allows an unauthenticated attacker to gain unauthorized access to the Admin account. The vulnerability arises due to improper authentication mechanisms, due to which there is high impact on the Confidentiality, Integrity & Availability of the application.
CVE-2025-29628 2026-04-15 9.4 Critical
A Gardyn Azure IoT Hub connection string is downloaded over an insecure HTTP connection in Gardyn Home Kit firmware before master.619, Home Kit Mobile Application before 2.11.0, and Home Kit Cloud API before 2.12.2026 leaving the string vulnerable to interception and modification through a Man-in-the-Middle attack. This may result in the attacker capturing device credentials or taking control of vulnerable home kits.