Export limit exceeded: 76244 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (76244 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12212 | 2026-04-15 | 7.8 High | ||
| The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. | ||||
| CVE-2024-12837 | 2026-04-15 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. | ||||
| CVE-2025-66744 | 1 Yonyou | 1 Yonbip | 2026-04-15 | 7.5 High |
| In Yonyou YonBIP v3 and before, the LoginWithV8 interface in the series data application service system is vulnerable to path traversal, allowing unauthorized access to sensitive information within the system | ||||
| CVE-2024-28054 | 1 Amavis | 1 Amavis | 2026-04-15 | 7.4 High |
| Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. | ||||
| CVE-2024-49504 | 1 Suse | 1 Opensuse Tumbleweed | 2026-04-15 | 8.4 High |
| grub2 allowed attackers with access to the grub shell to access files on the encrypted disks. | ||||
| CVE-2024-4956 | 1 Sonatype | 1 Nexus Repository Manager | 2026-04-15 | 7.5 High |
| Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. | ||||
| CVE-2024-28147 | 1 Metaventis | 1 Edu-sharing | 2026-04-15 | 7.4 High |
| An authenticated user can upload arbitrary files in the upload function for collection preview images. An attacker may upload an HTML file that includes malicious JavaScript code which will be executed if a user visits the direct URL of the collection preview image (Stored Cross Site Scripting). It is also possible to upload SVG files that include nested XML entities. Those are parsed when a user visits the direct URL of the collection preview image, which may be utilized for a Denial of Service attack. This issue affects edu-sharing: <8.0.8-RC2, <8.1.4-RC0, <9.0.0-RC19. | ||||
| CVE-2024-12476 | 2026-04-15 | 7.8 High | ||
| CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. | ||||
| CVE-2024-28146 | 2026-04-15 | 8.4 High | ||
| The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. | ||||
| CVE-2024-28143 | 2026-04-15 | 8.4 High | ||
| The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue. | ||||
| CVE-2024-48850 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 7.2 High |
| Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2025-45095 | 1 Lavasoft | 2 Adaware, Web Companion | 2026-04-15 | 7.3 High |
| Lavasoft Web Companion (also known as Ad-Aware WebCompanion) versions 8.9.0.1091 through 12.1.3.1037 installs the DCIService.exe service with an unquoted service path vulnerability. An attacker with write access to the file system could potentially execute arbitrary code with elevated privileges by placing a malicious executable in the unquoted path. | ||||
| CVE-2024-48851 | 1 Abb | 1 Flxeon | 2026-04-15 | 7.2 High |
| Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5. | ||||
| CVE-2024-28131 | 2026-04-15 | 7.8 High | ||
| EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. | ||||
| CVE-2025-45311 | 1 Fail2ban | 1 Fail2ban | 2026-04-15 | 8.8 High |
| Insecure permissions in fail2ban-client v0.11.2 allows attackers with limited sudo privileges to perform arbitrary operations as root. NOTE: this is disputed by multiple parties because the action for a triggered rule can legitimately be an arbitrary operation as root. Thus, the software is behaving in accordance with its intended privilege model. | ||||
| CVE-2024-12569 | 1 Milestone Systems | 1 Xprotect Vms | 2026-04-15 | 7.8 High |
| Disclosure of sensitive information in a Milestone XProtect Device Pack driver’s log file for third-party cameras, allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | ||||
| CVE-2024-22437 | 2026-04-15 | 7.3 High | ||
| A potential security vulnerability has been identified in VSS Provider and CAPI Proxy software for certain HPE MSA storage products. This vulnerability could be exploited to gain elevated privilege on the system. | ||||
| CVE-2024-12803 | 2026-04-15 | 7.2 High | ||
| A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | ||||
| CVE-2024-28093 | 1 Adtran | 1 Netvanta 3120 Firmware | 2026-04-15 | 8.8 High |
| The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. | ||||
| CVE-2021-47835 | 1 Freeter | 1 Freeter | 2026-04-15 | 7.2 High |
| Freeter 1.2.1 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads in custom widget titles and files. Attackers can craft malicious files with embedded scripts that execute when victims interact with the application, potentially enabling remote code execution. | ||||