Export limit exceeded: 364577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 364577 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364577 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20318 | 1 Cisco | 1 Ios Xr Software | 2026-04-15 | 7.4 High |
| A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. | ||||
| CVE-2024-36556 | 2026-04-15 | 9.1 Critical | ||
| Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. | ||||
| CVE-2025-9313 | 1 Mmedica | 1 Mmedica | 2026-04-15 | N/A |
| An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated connection through a "mmBackup" application. This flaw allows attackers to bypass authentication mechanisms and gain unauthorized access to database with sensitive data. This issue affects Asseco mMedica in versions before 11.9.5. | ||||
| CVE-2024-4188 | 2026-04-15 | N/A | ||
| Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | ||||
| CVE-2024-13186 | 2026-04-15 | 7.5 High | ||
| The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | ||||
| CVE-2024-36554 | 2026-04-15 | 9.8 Critical | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information. | ||||
| CVE-2025-9338 | 1 Asus | 1 Armoury Crate | 2026-04-15 | N/A |
| A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory. | ||||
| CVE-2025-8512 | 1 Tvb | 1 Big Big Shop App | 2026-04-15 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application components. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6983 | 1 Tp-link | 1 Archer C1200 | 2026-04-15 | N/A |
| A Clickjacking vulnerability in TP-Link Archer C1200 web management page allows an attacker to trick users into performing unintended actions via rendered UI layers or frames.This issue affects Archer C1200 <= 1.1.5. | ||||
| CVE-2024-3233 | 2026-04-15 | 4.3 Medium | ||
| The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_create_index() function in all versions up to, and including, 5.5.5. This makes it possible for authenticated attackers, with subscriber-level access and above, to trigger index creation. | ||||
| CVE-2024-20295 | 1 Cisco | 1 Integrated Management Controller | 2026-04-15 | 8.8 High |
| A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or higher privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by submitting a crafted CLI command. A successful exploit could allow the attacker to elevate privileges to root. | ||||
| CVE-2021-46686 | 2026-04-15 | N/A | ||
| Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in acmailer CGI ver.4.0.3 and earlier and acmailer DB ver.1.1.5 and earlier. If this vulnerability is exploited, an arbitrary OS command may be executed by an attacker. | ||||
| CVE-2025-15041 | 2 Wordpress, Wp Media | 2 Wordpress, Backwpup – Wordpress Backup & Restore Plugin | 2026-04-15 | 7.2 High |
| The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the save_site_option() function in all versions up to, and including, 5.6.2. This makes it possible for authenticated attackers, with level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-20289 | 2026-04-15 | 4.4 Medium | ||
| A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, low-privileged, local attacker to execute arbitrary commands on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments for a specific CLI command. An attacker could exploit this vulnerability by including crafted input as the argument of the affected command. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the currently logged-in user. | ||||
| CVE-2024-12862 | 1 Opentext | 1 Content Server | 2026-04-15 | N/A |
| Incorrect Authorization vulnerability in the OpenText Content Server REST API on Windows, Linux allows users without the appropriate permissions to remove external collaborators.This issue affects Content Server: 20.2-24.4. | ||||
| CVE-2024-32323 | 2026-04-15 | 8.1 High | ||
| SQL Injection vulnerability in cnhcit.com Haichang OA v.1.0.0 allows a remote attacker to obtain sensitive information via the if parameter in hcit.project.rte.agents.UploadImages.class. | ||||
| CVE-2024-36553 | 2026-04-15 | 8.1 High | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h is vulnerable to MITM attack. | ||||
| CVE-2024-32269 | 1 Yonganda | 1 Yad-loj Firmware | 2026-04-15 | 7.5 High |
| An issue in Yonganda YAD-LOJ V3.0.561 allows a remote attacker to cause a denial of service via a crafted packet. | ||||
| CVE-2024-36533 | 1 Volcano | 1 Volcano | 2026-04-15 | 9.8 Critical |
| Insecure permissions in volcano v1.8.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-32268 | 2026-04-15 | 3.3 Low | ||
| An issue in Tuya Smart camera U6N v.3.2.5 allows a remote attacker to cause a denial of service via a crafted packet to the network connection component. | ||||