Export limit exceeded: 346911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-34490 | 2026-04-15 | 5.1 Medium | ||
| In Maxima through 5.47.0 before 51704c, the plotting facilities make use of predictable names under /tmp. Thus, the contents may be controlled by a local attacker who can create files in advance with these names. This affects, for example, plot2d. | ||||
| CVE-2024-9666 | 1 Redhat | 2 Build Keycloak, Jboss Enterprise Application Platform | 2026-04-15 | 4.7 Medium |
| A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. | ||||
| CVE-2024-23847 | 1 Yokogawa Rental Lease Corporation | 1 Unifier | 2026-04-15 | 5.9 Medium |
| Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2024-9679 | 2026-04-15 | 5.3 Medium | ||
| A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. | ||||
| CVE-2020-36903 | 1 Microsoft | 1 Windows | 2026-04-15 | 8.4 High |
| Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot. | ||||
| CVE-2020-36904 | 1 Microsoft | 1 Windows | 2026-04-15 | 7.5 High |
| Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NO_LIST_EXE_PATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration, including changing admin passwords and executing system commands. | ||||
| CVE-2024-37728 | 1 Officeweb365 | 1 Officeweb365 | 2026-04-15 | 7.5 High |
| Arbitrary File Read vulnerability in Xi'an Daxi Information Technology Co., Ltd OfficeWeb365 v.7.18.23.0 and v8.6.1.0 allows a remote attacker to obtain sensitive information via the "Pic/Indexes" interface | ||||
| CVE-2023-36525 | 2 Wordpress, Wpjobboard | 2 Wordpress, Wpjobboard | 2026-04-15 | 8.6 High |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPJobBoard allows Blind SQL Injection.This issue affects WPJobBoard: from n/a through 5.9.0. | ||||
| CVE-2025-43949 | 2026-04-15 | 9.8 Critical | ||
| MuM (aka Mensch und Maschine) MapEdit (aka mapedit-web) 24.2.3 is vulnerable to SQL Injection that allows an attacker to execute malicious SQL statements that control a web application's database server. | ||||
| CVE-2024-9694 | 2026-04-15 | 6.4 Medium | ||
| The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-7124 | 1 Poznan Supercomputing And Networking Center | 1 Dingo Dlibra | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation vulnerability in DInGO dLibra software in the parameter 'filter' in the endpoint 'indexsearch' allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects DInGO dLibra software in versions from 6.0 before 6.3.20. | ||||
| CVE-2024-23913 | 2026-04-15 | 4 Medium | ||
| Use of Out-of-range Pointer Offset vulnerability in Merge DICOM Toolkit C/C++ on Windows. When deprecated MC_XML_To_Message() function is used to read a malformed DICOM XML file, it might result in memory access violation. | ||||
| CVE-2025-22836 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-04-15 | 7.8 High |
| Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-5185 | 2026-04-15 | 7.3 High | ||
| The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result in the application becoming compromised, leading to unauthorized entries or data poisoning attacks, which are delivered by a CSRF vulnerability due to the absence of a secure session management implementation and weak CORS policies weakness. An attacker can direct a user to a malicious webpage that exploits a CSRF vulnerability within the EmbedAI application. By leveraging this CSRF vulnerability, the attacker can deceive the user into inadvertently uploading and integrating incorrect data into the application’s language model. | ||||
| CVE-2024-45863 | 1 Facebook | 1 Thrift | 2026-04-15 | 5.3 Medium |
| A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. | ||||
| CVE-2024-23974 | 1 Intel | 1 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-10259 | 1 Mitsubishi | 1 Melsec Iq-f Series | 2026-04-15 | 5.3 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one. | ||||
| CVE-2024-38702 | 1 Tychesoftwares | 1 Product Delivery Date For Woocommerce Lite | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Tyche Softwares Product Delivery Date for WooCommerce – Lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Delivery Date for WooCommerce – Lite: from n/a through 2.7.2. | ||||
| CVE-2023-6708 | 2 Benbodhi, Wordpress | 2 Svg Support, Wordpress | 2026-04-15 | 5.4 Medium |
| The SVG Support plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the SVG upload feature in all versions up to, and including, 2.5.7 due to insufficient input sanitization and output escaping, even when the 'Sanitize SVG while uploading' feature is enabled. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that successful exploitation of this vulnerability requires the administrator to allow author-level users to upload SVG files. As of 2.5.6, SVG sanitization can still be bypassed by supplying a content-type other than image/svg+xml. | ||||
| CVE-2024-7479 | 1 Teamviewer | 2 Full Client, Host | 2026-04-15 | 8.8 High |
| Improper verification of cryptographic signature during installation of a VPN driver via the TeamViewer_service.exe component of TeamViewer Remote Clients prior version 15.58.4 for Windows allows an attacker with local unprivileged access on a Windows system to elevate their privileges and install drivers. | ||||