Export limit exceeded: 349330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22440 | 2026-04-15 | 6.8 Medium | ||
| A potential security vulnerability has been identified in HPE Compute Scale-up Server 3200 server. This vulnerability could cause disclosure of sensitive information in log files. | ||||
| CVE-2024-25737 | 2026-04-15 | 6.1 Medium | ||
| A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter. | ||||
| CVE-2024-25738 | 1 Openlibraryfoundation | 1 Vufind | 2026-04-15 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini. | ||||
| CVE-2024-2494 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2026-04-15 | 6.2 Medium |
| A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. | ||||
| CVE-2024-24856 | 2026-04-15 | 5.3 Medium | ||
| The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY. | ||||
| CVE-2024-24853 | 1 Intel | 1 Processor | 2026-04-15 | 7.2 High |
| Incorrect behavior order in transition between executive monitor and SMI transfer monitor (STM) in some Intel(R) Processor may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-32787 | 2 Copy Content Protection Team, Wordpress | 2 Secure Copy Content Protection And Content Locking, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Copy Content Protection Team Secure Copy Content Protection and Content Locking.This issue affects Secure Copy Content Protection and Content Locking: from n/a through 3.7.1. | ||||
| CVE-2024-24852 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Ethernet Adapter Complete Driver Pack install before versions 29.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-24809 | 1 Traccar | 1 Traccar | 2026-04-15 | 8.5 High |
| Traccar is an open source GPS tracking system. Versions prior to 6.0 are vulnerable to path traversal and unrestricted upload of file with dangerous type. Since the system allows registration by default, attackers can acquire ordinary user permissions by registering an account and exploit this vulnerability to upload files with the prefix `device.` under any folder. Attackers can use this vulnerability for phishing, cross-site scripting attacks, and potentially execute arbitrary commands on the server. Version 6.0 contains a patch for the issue. | ||||
| CVE-2024-24792 | 2026-04-15 | 7.5 High | ||
| Parsing a corrupt or malicious image with invalid color indices can cause a panic. | ||||
| CVE-2024-2479 | 1 Mha Sistemas | 1 Armhazena | 2026-04-15 | 3.5 Low |
| A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-24788 | 1 Redhat | 15 Ansible Automation Platform, Ceph Storage, Cost Management and 12 more | 2026-04-15 | 5.9 Medium |
| A malformed DNS message in response to a query can cause the Lookup functions to get stuck in an infinite loop. | ||||
| CVE-2024-24787 | 1 Golang | 1 Go | 2026-04-15 | 6.4 Medium |
| On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | ||||
| CVE-2024-2474 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3277 | 2 Wordpress, Yumpu | 2 Wordpress, Yumpu Epaper Publishing | 2026-04-15 | 5 Medium |
| The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_handler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload PDF files and publish them, as well as modify the API key. | ||||
| CVE-2024-32759 | 2026-04-15 | N/A | ||
| Under certain circumstances the Software House C●CURE 9000 installer will utilize weak credentials. | ||||
| CVE-2024-2467 | 1 Redhat | 2 Enterprise Linux, Openssl | 2026-04-15 | 5.9 Medium |
| A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. | ||||
| CVE-2024-2456 | 2026-04-15 | 6.4 Medium | ||
| The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 6.12.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-32757 | 2026-04-15 | 6.8 Medium | ||
| Under certain circumstances unnecessary user details are provided within system logs | ||||
| CVE-2024-2451 | 2026-04-15 | 6.4 Medium | ||
| Improper fingerprint validation in the TeamViewer Client (Full & Host) prior Version 15.54 for Windows and macOS allows an attacker with administrative user rights to further elevate privileges via executable sideloading. | ||||