Export limit exceeded: 364626 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6953 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31315 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-04-15 | 7.5 High |
| Improper validation in a model specific register (MSR) could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution. | ||||
| CVE-2023-50810 | 1 Sonos | 1 Sonos Firmware | 2026-04-15 | 6 Medium |
| In certain Sonos products before Sonos S1 Release 11.12 and S2 release 15.9, a vulnerability exists in the U-Boot component of the firmware that allow persistent arbitrary code execution with Linux kernel privileges. A failure to correctly handle the return value of the setenv command can be used to override the kernel command-line parameters and ultimately bypass the Secure Boot implementation. This affects PLAY5 gen 2, PLAYBASE, PLAY:1, One, One SL, and Amp. | ||||
| CVE-2024-12991 | 2026-04-15 | 3.5 Low | ||
| A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-56333 | 2026-04-15 | N/A | ||
| Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-3806 | 2026-04-15 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, has been found in dazhouda lecms up to 3.0.3. Affected by this issue is some unknown functionality of the file /admin of the component Edit Profile Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-11071 | 2026-04-15 | 8.8 High | ||
| Permissive Cross-domain Policy with Untrusted Domains vulnerability in local API server of DestinyECM solution(versions described below) which is developed and maintained by Cyberdigm may allow Cross-Site Request Forgery (CSRF) attack, which probabilistically enables JSON Hijacking (aka JavaScript Hijacking) via forgery web page.* Due to product customization, version information may differ from the following version description. For further inquiries, please contact the vendor. | ||||
| CVE-2025-27218 | 1 Sitecore | 2 Experience Manager, Experience Platform | 2026-04-15 | 5.3 Medium |
| Sitecore Experience Manager (XM) and Experience Platform (XP) 10.4 before KB1002844 allow remote code execution through insecure deserialization. | ||||
| CVE-2024-56334 | 1 Redhat | 1 Rhdh | 2026-04-15 | 7.8 High |
| systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2025-61982 | 1 Opencfd | 1 Openfoam | 2026-04-15 | 7.8 High |
| An arbitrary code execution vulnerability exists in the Code Stream directive functionality of OpenCFD OpenFOAM 2506. A specially crafted OpenFOAM simulation file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2024-38448 | 2026-04-15 | 9.1 Critical | ||
| htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. | ||||
| CVE-2025-62593 | 1 Ray Project | 1 Ray | 2026-04-15 | 8.8 High |
| Ray is an AI compute engine. Prior to version 2.52.0, developers working with Ray as a development tool can be exploited via a critical RCE vulnerability exploitable via Firefox and Safari. This vulnerability is due to an insufficient guard against browser-based attacks, as the current defense uses the User-Agent header starting with the string "Mozilla" as a defense mechanism. This defense is insufficient as the fetch specification allows the User-Agent header to be modified. Combined with a DNS rebinding attack against the browser, and this vulnerability is exploitable against a developer running Ray who inadvertently visits a malicious website, or is served a malicious advertisement (malvertising). This issue has been patched in version 2.52.0. | ||||
| CVE-2025-6268 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability classified as problematic has been found in Luna Imaging up to 7.5.5.6. Affected is an unknown function of the file /luna/servlet/view/search. The manipulation of the argument q leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-9639 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 8 High |
| Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3.08.03. | ||||
| CVE-2025-1617 | 2026-04-15 | 2.4 Low | ||
| A vulnerability, which was classified as problematic, was found in Netis WF2780 2.1.41925. This affects an unknown part of the component Wireless 2.4G Menu. The manipulation of the argument SSID leads to cross site scripting. It is possible to initiate the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-6509 | 1 Seaswalker | 1 Spring Analysis | 2026-04-15 | 3.5 Low |
| A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. | ||||
| CVE-2024-37124 | 2026-04-15 | 9.8 Critical | ||
| Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed. | ||||
| CVE-2022-31491 | 2 Voltronic Power, Voltronicpower | 2 Viewpower Pro, Viewpower | 2026-04-15 | 10 Critical |
| Voltronic Power ViewPower through 1.04-24215, ViewPower Pro through 2.0-22165, and PowerShield Netguard before 1.04-23292 allows a remote attacker to run arbitrary code via an unspecified web interface related to detection of a managed UPS shutting down. An unauthenticated attacker can use this to run arbitrary code immediately regardless of any managed UPS state or presence. | ||||
| CVE-2024-36075 | 2026-04-15 | 6.5 Medium | ||
| The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify the archive on the server could obtain remote code execution as an administrator on an endpoint. | ||||
| CVE-2024-36074 | 2026-04-15 | 7.2 High | ||
| Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to the Endpoint Protector or Unify server can cause a client to acquire and execute a malicious file resulting in remote code execution. | ||||
| CVE-2024-11977 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 7.3 High |
| The The kk Star Ratings – Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. Note: This vulnerability was only partially patched in version 5.4.10.1, and fully patched in 5.4.10.2 | ||||