Export limit exceeded: 349158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349158 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349158 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-41917 | 2026-04-15 | 10 Critical | ||
| Inadequate input validation exposes the system to potential remote code execution (RCE) risks. Attackers can exploit this vulnerability by appending shell commands to the Speed-Measurement feature, enabling unauthorized code execution. | ||||
| CVE-2023-41920 | 2026-04-15 | 9.8 Critical | ||
| The vulnerability allows attackers access to the root account without having to authenticate. Specifically, if the device is configured with the IP address of 10.10.10.10, the root user is automatically logged in. | ||||
| CVE-2023-41926 | 2026-04-15 | 8.8 High | ||
| The webserver utilizes basic authentication for its user login to the configuration interface. As encryption is disabled on port 80, it enables potential eavesdropping on user traffic, making it possible to intercept their credentials. | ||||
| CVE-2023-42667 | 1 Intel | 1 Core Ultra Processor | 2026-04-15 | 7.8 High |
| Improper isolation in the Intel(R) Core(TM) Ultra Processor stream cache mechanism may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-43490 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 5.3 Medium |
| Incorrect calculation in microcode keying mechanism for some Intel(R) Xeon(R) D Processors with Intel(R) SGX may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2023-43626 | 1 Intel | 45 Atom C2308 Firmware, Atom C2316 Firmware, Atom C2338 Firmware and 42 more | 2026-04-15 | 7.5 High |
| Improper access control in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-43751 | 1 Intel | 1 Graphics Windows Dch Driver Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in Intel(R) Graphics Command Center Service bundled in some Intel(R) Graphics Windows DCH driver software before versions 31.0.101.3790/31.0.101.2114 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36038 | 1 Zohocorp | 1 Manageengine Opmanager Plus | 2026-04-15 | 6.3 Medium |
| Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. | ||||
| CVE-2023-43962 | 2026-04-15 | 4.8 Medium | ||
| Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. | ||||
| CVE-2024-43122 | 2026-04-15 | 6.5 Medium | ||
| Missing Authorization vulnerability in Creative Motion Robin image optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robin image optimizer: from n/a through 1.6.9. | ||||
| CVE-2023-4507 | 1 Zvijerka | 1 Admission Appmanager | 2026-04-15 | 6.1 Medium |
| The Admission AppManager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2024-12384 | 2026-04-15 | 6.1 Medium | ||
| The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page’ parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | ||||
| CVE-2023-45359 | 1 Mediawiki | 1 Vector Skin | 2026-04-15 | 6.5 Medium |
| An issue was discovered in the Vector Skin component for MediaWiki before 1.39.5 and 1.40.x before 1.40.1. vector-toc-toggle-button-label is not escaped, but should be, because the line param can have markup. | ||||
| CVE-2023-45385 | 1 Proquality | 1 Pqprintshippinglabels | 2026-04-15 | 7.5 High |
| ProQuality pqprintshippinglabels before v.4.15.0 is vulnerable to Directory Traversal via the pqprintshippinglabels module. | ||||
| CVE-2023-45658 | 2 Posimyth, Wordpress | 2 Nexter, Wordpress | 2026-04-15 | 7.6 High |
| Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3. | ||||
| CVE-2023-45733 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 2.8 Low |
| Hardware logic contains race conditions in some Intel(R) Processors may allow an authenticated user to potentially enable partial information disclosure via local access. | ||||
| CVE-2025-62885 | 2 Rextheme, Wordpress | 2 Wp Vr, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.48. | ||||
| CVE-2023-45908 | 2026-04-15 | 6.1 Medium | ||
| Homarr before v0.14.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notebook widget. | ||||
| CVE-2024-27177 | 1 Toshibatec | 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more | 2026-04-15 | 7.2 High |
| An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2023-45924 | 1 Opengl | 1 Libglvnd-bb06db5a | 2026-04-15 | 9.8 Critical |
| libglxproto.c in OpenGL libglvnd bb06db5a was discovered to contain a segmentation violation via the function glXGetDrawableScreen(). NOTE: this is disputed because there are no common situations in which users require uninterrupted operation with an attacker-controller server. | ||||