Export limit exceeded: 45594 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346621 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346621 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-7332 | 2026-04-15 | N/A | ||
| PocketMine-MP versions prior to 4.18.1 contain an improper input validation vulnerability in inventory transaction handling. A remote attacker with a valid player session can request that the server drop more items than are available in the player's hotbar, triggering a server crash and resulting in denial of service. | ||||
| CVE-2024-3079 | 1 Asus | 7 Rt-ac68u Firmware, Rt-ac86u Firmware, Rt-ax57 Firmware and 4 more | 2026-04-15 | 7.2 High |
| Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands on the device. | ||||
| CVE-2024-30802 | 1 G-sky | 1 Vehicle Management System | 2026-04-15 | 9.8 Critical |
| An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. | ||||
| CVE-2023-7333 | 2026-04-15 | 5.3 Medium | ||
| A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue. Patch name: 3f8383aa89f45d861ca081e3e9fd2cc9d0b5dfaa. You should upgrade the affected component. | ||||
| CVE-2025-65963 | 1 Humhub | 1 Files | 2026-04-15 | 5.4 Medium |
| Files is a module for managing files inside spaces and user profiles. Prior to versions 0.16.11 and 0.17.2, insufficient authorization checks allow non-member users to create new folders, up- and download files as a ZIP archive in public spaces. Private spaces are not affected. This issue has been patched in versions 0.16.11 and 0.17.2. | ||||
| CVE-2025-66019 | 1 Pypdf Project | 1 Pypdf | 2026-04-15 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0. | ||||
| CVE-2024-30804 | 1 Asus | 1 Fan Xpert | 2026-04-15 | 9.8 Critical |
| An issue discovered in the DeviceIoControl component in ASUS Fan_Xpert before v.10013 allows an attacker to execute arbitrary code via crafted IOCTL requests. | ||||
| CVE-2023-7335 | 1 Hangzhou Kuozhi Network Technology | 1 Edusoho | 2026-04-15 | N/A |
| EduSoho versions prior to 22.4.7 contain an arbitrary file read vulnerability in the classroom-course-statistics export functionality. A remote, unauthenticated attacker can supply crafted path traversal sequences in the fileNames[] parameter to read arbitrary files from the server filesystem, including application configuration files such as config/parameters.yml that may contain secrets and database credentials. Exploitation evidence was observed by the Shadowserver Foundation on 2026-01-19 (UTC). | ||||
| CVE-2024-0067 | 2026-04-15 | 4.3 Medium | ||
| Marinus Pfund, member of the AXIS OS Bug Bounty Program, has found the VAPIX API ledlimit.cgi was vulnerable for path traversal attacks allowing to list folder/file names on the local file system of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | ||||
| CVE-2024-0071 | 1 Nvidia | 5 Geforce, Gpu Display Driver, Quadro and 2 more | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-30848 | 1 Silversky | 1 Email Service | 2026-04-15 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SilverSky E-mail service version 5.0.3126 allows remote attackers to inject arbitrary web script or HTML via the version parameter. | ||||
| CVE-2024-0073 | 2026-04-15 | 7.8 High | ||
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer when the driver is performing an operation at a privilege level that is higher than the minimum level required. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0079 | 1 Nvidia | 1 Gpu Display Driver | 2026-04-15 | 6.5 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a user in a guest VM can cause a NULL-pointer dereference in the host. A successful exploit of this vulnerability may lead to denial of service. | ||||
| CVE-2024-30931 | 1 Emby | 1 Media Server | 2026-04-15 | 6.1 Medium |
| Stored Cross Site Scripting vulnerability in Emby Media Server Emby Media Server 4.8.3.0 allows a remote attacker to escalate privileges via the notifications.html component. | ||||
| CVE-2024-0080 | 2026-04-15 | 2.8 Low | ||
| NVIDIA nvTIFF Library for Windows and Linux contains a vulnerability where improper input validation might enable an attacker to use a specially crafted input file. A successful exploit of this vulnerability might lead to a partial denial of service. | ||||
| CVE-2024-0106 | 2026-04-15 | 8.7 High | ||
| NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | ||||
| CVE-2024-0112 | 2026-04-15 | 7.5 High | ||
| NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege. | ||||
| CVE-2025-66040 | 1 Spotipy Project | 1 Spotipy | 2026-04-15 | 3.6 Low |
| Spotipy is a Python library for the Spotify Web API. Prior to version 2.25.2, there is a cross-site scripting (XSS) vulnerability in the OAuth callback server that allows for JavaScript injection through the unsanitized error parameter. Attackers can execute arbitrary JavaScript in the user's browser during OAuth authentication. This issue has been patched in version 2.25.2. | ||||
| CVE-2024-30952 | 2026-04-15 | 6.1 Medium | ||
| A stored cross-site scripting (XSS) vulnerability in PESCMS-TEAM v2.3.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the domain input field under /youdoamin/?g=Team&m=Setting&a=action. | ||||
| CVE-2024-0117 | 1 Nvidia | 3 Cloud Gaming Guest, Gpu Display Driver, Virtual Gpu | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||