Export limit exceeded: 10211 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346845 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-50872 | 1 Accredible Credential.net | 1 Accredible Credential.net | 2026-04-15 | 7.5 High |
| The API in Accredible Credential.net December 6th, 2023 allows an Insecure Direct Object Reference attack that discloses partial information about certificates and their respective holder. NOTE: the excellium-services.com web page about this issue mentions "Vendor says that it's not a security issue." | ||||
| CVE-2023-50885 | 2026-04-15 | 6.8 Medium | ||
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in AGILELOGIX Store Locator WordPress.This issue affects Store Locator WordPress: from n/a through 1.4.14. | ||||
| CVE-2024-28054 | 1 Amavis | 1 Amavis | 2026-04-15 | 7.4 High |
| Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. | ||||
| CVE-2024-28060 | 1 Apiris | 1 Kafeo | 2026-04-15 | 7.3 High |
| An issue was discovered in Apiris Kafeo 6.4.4. It permits DLL hijacking, allowing a user to trigger the execution of arbitrary code every time the product is executed. | ||||
| CVE-2023-50914 | 2026-04-15 | 6.7 Medium | ||
| A Privilege Escalation issue in the inter-process communication procedure from GOG Galaxy (Beta) 2.0.67.2 through v2.0.71.2 allows authentictaed users to change the DACL of arbitrary system directories to include Everyone full control permissions by modifying the FixDirectoryPrivileges instruction parameters sent from GalaxyClient.exe to GalaxyClientService.exe. | ||||
| CVE-2024-28061 | 2026-04-15 | 6.3 Medium | ||
| An issue was discovered in Apiris Kafeo 6.4.4. It permits a bypass, of the protection in place, to access to the data stored in the embedded database file. | ||||
| CVE-2023-51219 | 2026-04-15 | 9.6 Critical | ||
| A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controlled JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access token could be used to take over another user's account and read her/his chat messages. | ||||
| CVE-2023-51305 | 1 Phpjabbers | 1 Car Park Booking System | 2026-04-15 | 5.4 Medium |
| PHPJabbers Car Park Booking System v3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) in the "name, plugin_sms_api_key, plugin_sms_country_code, title, plugin_sms_api_key" parameters. | ||||
| CVE-2024-28065 | 2026-04-15 | 5.9 Medium | ||
| In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. | ||||
| CVE-2023-51391 | 1 Silabs | 1 Gecko Software Development Kit | 2026-04-15 | 7.5 High |
| A bug in Micrium OS Network HTTP Server permits an invalid pointer dereference during header processing - potentially allowing a device crash and Denial of Service. | ||||
| CVE-2023-51395 | 1 Silabs | 1 Z-wave Software Development Kit | 2026-04-15 | 8.8 High |
| The vulnerability described by CVE-2023-0972 has been additionally discovered in Silicon Labs Z-Wave end devices. This vulnerability may allow an unauthenticated attacker within Z-Wave range to overflow a stack buffer, leading to arbitrary code execution. | ||||
| CVE-2024-28089 | 2026-04-15 | 5.2 Medium | ||
| Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. | ||||
| CVE-2023-51416 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in EnvialoSimple EnvíaloSimple.This issue affects EnvíaloSimple: from n/a through 2.2. | ||||
| CVE-2023-51418 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.7 High |
| Missing Authorization vulnerability in Joris van Montfort JVM rich text icons.This issue affects JVM rich text icons: from n/a through 1.2.6. | ||||
| CVE-2023-51424 | 2026-04-15 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0. | ||||
| CVE-2024-28092 | 2026-04-15 | 7.2 High | ||
| UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Time Server 1, Time Server 2, Time Server 3, Target, Add Keyword, Add Domain, and Add Allowed Domain. | ||||
| CVE-2023-51425 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.8 Critical |
| Improper Privilege Management vulnerability in Jacques Malgrange Rencontre – Dating Site allows Privilege Escalation.This issue affects Rencontre – Dating Site: from n/a through 3.10.1. | ||||
| CVE-2024-28127 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28138 | 2026-04-15 | 7.3 High | ||
| An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. | ||||
| CVE-2023-51452 | 2026-04-15 | 3 Low | ||
| A Improper Input Validation issue affecting the v2_sdk_service running on a set of DJI drone devices on the port 10000 could allow an attacker to cause a crash of the service through a crafted payload triggering a missing input size check in the pull_file_v2_proc function implemented in the libv2_sdk.so library used by the dji_vtwo_sdk binary implementing the service, compromising it in a term of availability and producing a denial-of-service attack. Affected models are Mavic 3 Pro until v01.01.0300, Mavic 3 until v01.00.1200, Mavic 3 Classic until v01.00.0500, Mavic 3 Enterprise until v07.01.10.03, Matrice 300 until v57.00.01.00, Matrice M30 until v07.01.0022 and Mini 3 Pro until v01.00.0620. | ||||