Export limit exceeded: 366185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366185 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36353 | 2026-04-15 | 6.5 Medium | ||
| Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality. | ||||
| CVE-2024-4345 | 2026-04-15 | 9.8 Critical | ||
| The Startklar Elementor Addons plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'process' function in the 'startklarDropZoneUploadProcess' class in versions up to, and including, 1.7.13. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2025-52939 | 2026-04-15 | N/A | ||
| Out-of-bounds Write vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files ldebug.C, lvm.C. This issue affects NotepadNext: through v0.11. | ||||
| CVE-2024-39286 | 2026-04-15 | 3.3 Low | ||
| Incorrect execution-assigned permissions in the Linux kernel mode driver for the Intel(R) 800 Series Ethernet Driver before version 1.15.4 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-39281 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 5.3 Medium |
| The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator. | ||||
| CVE-2025-52936 | 2026-04-15 | N/A | ||
| Improper Link Resolution Before File Access ('Link Following') vulnerability in yrutschle sslh.This issue affects sslh: before 2.2.2. | ||||
| CVE-2024-36346 | 1 Amd | 2 Instinct Mi300a, Instinct Mi300x | 2026-04-15 | 6 Medium |
| Improper input validation in AMD Power Management Firmware (PMFW) could allow a privileged attacker from Guest VM to send arbitrary input data potentially causing a GPU Reset condition. | ||||
| CVE-2025-52926 | 2026-04-15 | 2.7 Low | ||
| In scan.rs in spytrap-adb before 0.3.5, matches for known stalkerware are not rendered in the interactive user interface. | ||||
| CVE-2024-41811 | 2026-04-15 | 3.9 Low | ||
| ipl/web is a set of common web components for php projects. Some of the recent development by Icinga is, under certain circumstances, susceptible to cross site request forgery. (CSRF). All affected products, in any version, will be unaffected by this once `icinga-php-library` is upgraded. Version 0.10.1 includes a fix for this. It will be published as part of the `icinga-php-library` v0.14.1 release. | ||||
| CVE-2025-52923 | 1 Sangfor | 1 Atrust | 2026-04-15 | 4.3 Medium |
| Sangfor aTrust through 2.4.10 allows users to modify the ExecStartPre command. | ||||
| CVE-2024-6922 | 1 Automationanywhere | 1 Automation 360 | 2026-04-15 | N/A |
| Automation Anywhere Automation 360 v21-v32 is vulnerable to Server-Side Request Forgery in a web API component. An attacker with unauthenticated access to the Automation 360 Control Room HTTPS service (port 443) or HTTP service (port 80) can trigger arbitrary web requests from the server. | ||||
| CVE-2024-36252 | 2026-04-15 | 6.3 Medium | ||
| Improper restriction of communication channel to intended endpoints issue exists in Ricoh Streamline NX PC Client ver.3.6.x and earlier. If this vulnerability is exploited, arbitrary code may be executed on the PC where the product is installed. | ||||
| CVE-2024-39018 | 1 Harvey-woo | 1 Key-serializer | 2026-04-15 | 6.3 Medium |
| harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-41708 | 1 Adacore | 1 Ada Web Services | 2026-04-15 | 7.5 High |
| An issue was discovered in AdaCore ada_web_services 20.0 allows an attacker to escalate privileges and steal sessions via the Random_String() function in the src/core/aws-utils.adb module. | ||||
| CVE-2024-42757 | 1 Asus | 1 Rt-n15u Firmware | 2026-04-15 | 9.8 Critical |
| Command injection vulnerability in Asus RT-N15U 3.0.0.4.376_3754 allows a remote attacker to execute arbitrary code via the netstat function page. | ||||
| CVE-2024-31837 | 2026-04-15 | 8.4 High | ||
| DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938. | ||||
| CVE-2024-39033 | 1 Newgensoft | 1 Omnidocs | 2026-04-15 | 7.5 High |
| In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen. | ||||
| CVE-2024-36274 | 2026-04-15 | 6.5 Medium | ||
| Out-of-bounds write in the Intel(R) 800 Series Ethernet Driver for Intel(R) Ethernet Adapter Complete Driver Pack before versions 29.1 may allow an unauthenticated user to potentially enable denial of service via adjacent access. | ||||
| CVE-2024-3185 | 1 Rapid7 | 1 Insight Agent | 2026-04-15 | 6.8 Medium |
| A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent. | ||||
| CVE-2024-36275 | 2026-04-15 | 6.1 Medium | ||
| NULL pointer dereference in some Intel(R) Optane(TM) PMem Management software versions before CR_MGMT_02.00.00.4040, CR_MGMT_03.00.00.0499 may allow a authenticated user to potentially enable denial of service via local access. | ||||