Export limit exceeded: 363295 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363295 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57360 | 1 Gnu | 1 Binutils | 2026-04-15 | 5.5 Medium |
| https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function. | ||||
| CVE-2024-56973 | 2026-04-15 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. | ||||
| CVE-2025-48825 | 2026-04-15 | N/A | ||
| RICOH Streamline NX V3 PC Client versions 3.5.0 to 3.7.0 contains an issue with use of less trusted source, which may allow an attacker who can conduct a man-in-the-middle attack to eavesdrop upgrade requests and execute a malicious DLL with custom code. | ||||
| CVE-2023-32194 | 1 Rancher | 1 Rancher | 2026-04-15 | 7.2 High |
| A vulnerability has been identified when granting a create or * global role for a resource type of "namespaces"; no matter the API group, the subject will receive * permissions for core namespaces. This can lead to someone being capable of accessing, creating, updating, or deleting a namespace in the project. | ||||
| CVE-2025-47245 | 2026-04-15 | 8.1 High | ||
| In BlueWave Checkmate through 2.0.2 before d4a6072, an invite request can be modified to specify a privileged role. | ||||
| CVE-2025-14089 | 1 Himool | 1 Erp | 2026-04-15 | 6.3 Medium |
| A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-48930 | 1 Secp256k1-node Project | 1 Secp256k1-node | 2026-04-15 | N/A |
| secp256k1-node is a Node.js binding for an Optimized C library for EC operations on curve secp256k1. In `elliptic`-based version, `loadUncompressedPublicKey` has a check that the public key is on the curve. Prior to versions 5.0.1, 4.0.4, and 3.8.1, however, `loadCompressedPublicKey` is missing that check. That allows the attacker to use public keys on low-cardinality curves to extract enough information to fully restore the private key from as little as 11 ECDH sessions, and very cheaply on compute power. Other operations on public keys are also affected, including e.g. `publicKeyVerify()` incorrectly returning `true` on those invalid keys, and e.g. `publicKeyTweakMul()` also returning predictable outcomes allowing to restore the tweak. Versions 5.0.1, 4.0.4, and 3.8.1 contain a fix for the issue. | ||||
| CVE-2024-38307 | 2026-04-15 | 7.7 High | ||
| Improper input validation in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow an authenticated user to potentially enable denial of service via network access. | ||||
| CVE-2025-54295 | 2026-04-15 | N/A | ||
| A Reflected XSS vulnerability in DJ-Reviews component 1.0-1.3.6 for Joomla was discovered. | ||||
| CVE-2023-31356 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-04-15 | 4.4 Medium |
| Incomplete system memory cleanup in SEV firmware could allow a privileged attacker to corrupt guest private memory, potentially resulting in a loss of data integrity. | ||||
| CVE-2024-37372 | 2026-04-15 | 3.6 Low | ||
| The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | ||||
| CVE-2023-31342 | 2026-04-15 | 7.5 High | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | ||||
| CVE-2024-36055 | 2026-04-15 | 5.5 Medium | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). | ||||
| CVE-2024-36054 | 1 Marvin Test | 1 Hw Driver | 2026-04-15 | 7.4 High |
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection). | ||||
| CVE-2025-53882 | 1 Suse | 1 Opensuse Tumbleweed | 2026-04-15 | 4.4 Medium |
| A Reliance on Untrusted Inputs in a Security Decision vulnerability in the logrotate configuration for openSUSE mailman3 package allows the mailman user to sent SIGHUP to arbitrary processes. This issue affects openSUSE Tumbleweed: from ? before 3.3.10-2.1. | ||||
| CVE-2024-35627 | 1 Tileserver | 1 Tileservergl | 2026-04-15 | 6.1 Medium |
| tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /data/v3/?key. | ||||
| CVE-2024-35621 | 2026-04-15 | 4.8 Medium | ||
| A cross-site scripting (XSS) vulnerability in the Edit function of Formwork before 1.13.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field. | ||||
| CVE-2024-35311 | 2026-04-15 | 3.3 Low | ||
| Yubico YubiKey 5 Series before 5.7.0, Security Key Series before 5.7.0, YubiKey Bio Series before 5.6.4, and YubiKey 5 FIPS before 5.7.2 have Incorrect Access Control. | ||||
| CVE-2024-34952 | 1 Taurusxin | 1 Ncmdump | 2026-04-15 | 5 Medium |
| taurusxin ncmdump v1.3.2 was discovered to contain a segmentation violation via the NeteaseCrypt::FixMetadata() function at /src/ncmcrypt.cpp. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted .ncm file. | ||||
| CVE-2024-34454 | 1 Nintendo | 1 Wii U | 2026-04-15 | 7.4 High |
| Nintendo Wii U OS 5.5.5 allows man-in-the-middle attackers to forge SSL certificates as though they came from a Root CA, because there is a secondary verification mechanism that only checks whether a CA is known and ignores the CA details and signature (and because * is accepted as a Common Name). | ||||