Export limit exceeded: 345363 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345363 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47874 | 1 Vfsforgit | 1 Vfs For Git | 2026-04-15 | 7.8 High |
| VFS for Git 1.0.21014.1 contains an unquoted service path vulnerability in the GVFS.Service Windows service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem privileges during service startup or system reboot. | ||||
| CVE-2021-47875 | 1 Geogebra | 1 Cas Calculator | 2026-04-15 | 9.8 Critical |
| GeoGebra CAS Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a payload with 8000 repeated characters and paste it into the calculator's input field to trigger an application crash. | ||||
| CVE-2021-47876 | 1 Geogebra | 1 Classic | 2026-04-15 | 7.5 High |
| GeoGebra Classic 5.0.631.0-d contains a denial of service vulnerability in the input field that allows attackers to crash the application by sending oversized buffer content. Attackers can generate a large buffer of 800,000 repeated characters and paste it into the 'Entrada:' input field to trigger an application crash. | ||||
| CVE-2023-7017 | 1 Sciener | 1 Kontrol Lux Firmware | 2026-04-15 | 9.8 Critical |
| Sciener locks' firmware update mechanism do not authenticate or validate firmware updates if passed to the lock through the Bluetooth Low Energy service. A challenge request can be sent to the lock with a command to prepare for an update, rather than an unlock request, allowing an attacker to compromise the device. | ||||
| CVE-2021-47877 | 1 Geogebra | 1 Graphing Calculator | 2026-04-15 | 7.5 High |
| GeoGebra Graphing Calculator 6.0.631.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer. Attackers can generate a payload of 8000 repeated characters to overwhelm the input field and cause the application to become unresponsive. | ||||
| CVE-2024-12415 | 2026-04-15 | 6.5 Medium | ||
| The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2025-32228 | 2026-04-15 | N/A | ||
| Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-text-generator-for-wp allows Retrieve Embedded Sensitive Data.This issue affects Ai Image Alt Text Generator for WP: from n/a through <= 1.1.9. | ||||
| CVE-2025-32229 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Bowo Variable Inspector variable-inspector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Variable Inspector: from n/a through <= 2.6.3. | ||||
| CVE-2025-32231 | 2026-04-15 | N/A | ||
| Missing Authorization vulnerability in Bookingor Bookingor bookingor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bookingor: from n/a through <= 2.0.1. | ||||
| CVE-2021-47878 | 1 Luidia | 1 Ebeam Education Suite | 2026-04-15 | 7.8 High |
| eBeam Education Suite 2.5.0.9 contains an unquoted service path vulnerability in the eBeam Device Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem privileges during service startup. | ||||
| CVE-2021-47879 | 1 Luidia | 1 Ebeam Interactive Suite | 2026-04-15 | 7.8 High |
| eBeam Interactive Suite 3.6 contains an unquoted service path vulnerability in the eBeam Stylus Driver service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Luidia\eBeam Stylus Driver\ to inject malicious executables that would run with LocalSystem permissions. | ||||
| CVE-2025-24293 | 1 Rails | 1 Activestorage | 2026-04-15 | 8.1 High |
| # Active Storage allowed transformation methods potentially unsafe Active Storage attempts to prevent the use of potentially unsafe image transformation methods and parameters by default. The default allowed list contains three methods allow for the circumvention of the safe defaults which enables potential command injection vulnerabilities in cases where arbitrary user supplied input is accepted as valid transformation methods or parameters. Impact ------ This vulnerability impacts applications that use Active Storage with the image_processing processing gem in addition to mini_magick as the image processor. Vulnerable code will look something similar to this: ``` <%= image_tag blob.variant(params[:t] => params[:v]) %> ``` Where the transformation method or its arguments are untrusted arbitrary input. All users running an affected release should either upgrade or use one of the workarounds immediately. Workarounds ----------- Consuming user supplied input for image transformation methods or their parameters is unsupported behavior and should be considered dangerous. Strict validation of user supplied methods and parameters should be performed as well as having a strong [ImageMagick security policy](https://imagemagick.org/script/security-policy.php) deployed. Credits ------- Thank you [lio346](https://hackerone.com/lio346) for reporting this! | ||||
| CVE-2025-24677 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Control of Generation of Code ('Code Injection') vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.3. | ||||
| CVE-2021-47880 | 1 Realtek | 1 Wireless Lan Utility | 2026-04-15 | 7.8 High |
| Realtek Wireless LAN Utility 700.1631 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted service path by inserting malicious code in the system root path that would execute during application startup or system reboot. | ||||
| CVE-2021-47881 | 1 Data Device Corporation | 1 Datasims Avionics Arinc | 2026-04-15 | 8.4 High |
| dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute arbitrary code on the Windows system. | ||||
| CVE-2021-47882 | 1 Freelan | 1 Freelan | 2026-04-15 | 7.8 High |
| FreeLAN 2.2 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated LocalSystem privileges during service startup. | ||||
| CVE-2021-47883 | 1 Sandboxie-plus | 1 Sandboxie | 2026-04-15 | 7.8 High |
| Sandboxie Plus 0.7.2 contains an unquoted service path vulnerability in the SbieSvc service that allows local attackers to execute code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions during service startup. | ||||
| CVE-2021-47884 | 2 Mitsubishielectric, Oki | 2 Iu Configuration Tool, Configuration Tool | 2026-04-15 | 7.8 High |
| OKI Configuration Tool 1.6.53 contains an unquoted service path vulnerability in the OKI Local Port Manager service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Okidata\Common\extend3\portmgrsrv.exe' to inject malicious executables and escalate privileges. | ||||
| CVE-2025-32232 | 2 Era404, Wordpress | 2 Stafflist, Wordpress | 2026-04-15 | N/A |
| Missing Authorization vulnerability in ERA404 StaffList stafflist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects StaffList: from n/a through <= 3.2.7. | ||||
| CVE-2022-41995 | 2026-04-15 | 4.3 Medium | ||
| Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8. | ||||