Export limit exceeded: 345222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25103 | 1 Cdac | 1 Appsamvid Software | 2026-04-15 | 6.3 Medium |
| This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system. | ||||
| CVE-2024-50518 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Pricer Ninja pricer-ninja-pricing-tables allows Stored XSS.This issue affects Pricer Ninja: from n/a through <= 2.1.0. | ||||
| CVE-2024-50519 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Kohlbach Jigoshop – Store Exporter jigoshop-exporter allows Reflected XSS.This issue affects Jigoshop – Store Exporter: from n/a through <= 1.5.8. | ||||
| CVE-2024-50520 | 2026-04-15 | N/A | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter J. Herrel Ancient World Linked Data ancient-world-linked-data-for-wordpress allows DOM-Based XSS.This issue affects Ancient World Linked Data: from n/a through <= 0.2.1. | ||||
| CVE-2024-25253 | 1 Iobit | 1 Driver Booster | 2026-04-15 | 7.5 High |
| Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module. | ||||
| CVE-2024-25386 | 2026-04-15 | 8.8 High | ||
| Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. | ||||
| CVE-2024-25506 | 2026-04-15 | 6.5 Medium | ||
| Cross Site Scripting vulnerability in Process Maker, Inc ProcessMaker before 4.0 allows a remote attacker to run arbitrary code via control of the pm_sys_sys cookie. | ||||
| CVE-2024-25355 | 2026-04-15 | 7.5 High | ||
| s3-url-parser 1.0.3 is vulnerable to Denial of service via the regexes component. | ||||
| CVE-2024-25371 | 2026-04-15 | 7.5 High | ||
| Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions. | ||||
| CVE-2024-50522 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redyyu WeChat Subscribers Lite wechat-subscribers-lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through <= 1.6.6. | ||||
| CVE-2024-50524 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Quý Lê 91 Administrator Z administrator-z allows Blind SQL Injection.This issue affects Administrator Z: from n/a through < 2024.10.21. | ||||
| CVE-2024-50533 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding domain-sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through <= 1.2.1. | ||||
| CVE-2024-25503 | 1 Advanced-rest-client | 1 Arc-electron | 2026-04-15 | 4.7 Medium |
| Cross Site Scripting (XSS) vulnerability in Advanced REST Client v.17.0.9 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script to the edit details parameter of the New Project function. | ||||
| CVE-2024-50536 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tamer Ziady GDReseller gdreseller allows DOM-Based XSS.This issue affects GDReseller: from n/a through <= 1.6. | ||||
| CVE-2024-25565 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 3.8 Low |
| Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access. | ||||
| CVE-2024-25584 | 2026-04-15 | 5.3 Medium | ||
| Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known. | ||||
| CVE-2024-25581 | 1 Powerdns | 1 Dnsdist | 2026-04-15 | 7.5 High |
| When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. | ||||
| CVE-2024-25582 | 2026-04-15 | 5.4 Medium | ||
| Module savepoints could be abused to inject references to malicious code delivered through the same domain. Attackers could perform malicious API requests or extract information from the users account. Exploiting this vulnerability requires temporary access to an account or successful social engineering to make a user follow a prepared link to a malicious account. Please deploy the provided updates and patch releases. The savepoint module path has been restricted to modules that provide the feature, excluding any arbitrary or non-existing modules. No publicly available exploits are known. | ||||
| CVE-2024-25583 | 1 Powerdns | 1 Powerdns | 2026-04-15 | 7.5 High |
| A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | ||||
| CVE-2024-50537 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Marra Smart Mockups smart-mockups allows Stored XSS.This issue affects Smart Mockups: from n/a through <= 1.2.0. | ||||