Search

Search Results (302462 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-53326 1 Linqpad 1 Linqpad 2026-06-18 7.3 High
LINQPad before 5.52.01 Pro edition is vulnerable to Unsafe Deserialization in LINQPad.AutoRefManager::PopulateFromCache(), leading to code execution.
CVE-2024-22451 1 Dell 1 Peripheral Manager 2026-06-17 6.7 Medium
Dell Peripheral Manager, versions from 1.5.1 to 1.7.2, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious executable, leading to arbitrary code execution.
CVE-2024-30476 1 Dell 1 Powerstore 2026-06-17 5.4 Medium
PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser.
CVE-2024-22447 1 Dell 1 Peripheral Manager 2026-06-17 6.7 Medium
Dell Peripheral Manager, versions prior to 1.7.3, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious dll., leading to arbitrary code execution.
CVE-2024-24909 1 Dell 1 Openmanage 2026-06-17 8.8 High
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. A remote authenticated user could potentially exploit this vulnerability to escalate privileges. The malicious user may gain the ability to run arbitrary code remotely. This is a high severity vulnerability so Dell recommends customers to upgrade at the earliest opportunity.
CVE-2025-14543 1 Rti 1 Connext Professional 2026-06-17 9.1 Critical
Improper Restriction of XML External Entity Reference vulnerability in RTI Connext Professional (Core Libraries) allows Serialized Data External Linking.This issue affects Connext Professional: from 7.4.0 before 7.7.0, from 7.0.0 before 7.3.1.1, from 6.1.0 before 6.1.*, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.*, from 4.3x before 5.2.*.
CVE-2025-15657 2 Mojoomla, Wordpress 2 School Management, Wordpress 2026-06-17 5.3 Medium
Unauthenticated Insecure Direct Object References (IDOR) in School Management <= 93.1.0 versions.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2024-32729 2 Quantumcloud, Wordpress 2 Conversational Forms For Chatbot, Wordpress 2026-06-17 7.5 High
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in QuantumCloud Conversational Forms for ChatBot allows Path Traversal. This issue affects Conversational Forms for ChatBot: from n/a through 1.1.8.
CVE-2019-25293 1 Bluestacks 2 Bluestacks, Bluestacks App Player 2026-06-17 7.8 High
BlueStacks App Player 2.4.44.62.57 contains an unquoted service path vulnerability in the BstHdLogRotatorSvc service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe to inject malicious executables and escalate privileges.
CVE-2024-32949 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-06-17 8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909 2 Avirtum, Wordpress 2 Ipages Flipbook, Wordpress 2026-06-17 5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
CVE-2024-35690 2 Marketingfire, Wordpress 2 Widget-options, Wordpress 2026-06-17 6.5 Medium
Insertion of sensitive information into sent data vulnerability in MarketingFire Widget Options allows Retrieve Embedded Sensitive Data. This issue affects Widget Options: from n/a through 4.0.1.
CVE-2023-40132 1 Google 1 Android 2026-06-17 7.8 High
In setActualDefaultRingtoneUri of RingtoneManager.java, there is a possible way to bypass content providers read permissions due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2023-40108 1 Google 1 Android 2026-06-17 5.5 Medium
In multiple locations, there is a possible way to access media content belonging to another user due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-42344 1 Alkacon 1 Opencms 2026-06-17 7.3 High
Alkacon OpenCms before 10.5.1 allows remote unauthenticated attackers to obtain sensitive information via a cmis-online/query XXE attack on a Chemistry servlet.
CVE-2025-24129 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2026-06-17 7.5 High
A type confusion issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, macOS Sequoia 15.3, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.3, visionOS 2.3. An attacker on the local network may cause an unexpected app termination.
CVE-2025-11694 1 Rockwellautomation 1 Compactlogix 5370 2026-06-16 N/A
A security issue exists within 1769 CompactLogix controllers due to the missing validation of sequence numbers and source IP addresses in the CIP protocol. This allows attacker to abuse the exposed Connection ID’s visible on the web interface to perform denial-of-service attacks, resulting in a minor fault.
CVE-2024-45636 1 Ibm 1 Security Qradar Edr 2026-06-16 4.1 Medium
IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user.
CVE-2022-50865 1 Linux 1 Linux Kernel 2026-06-16 7.0 High
In the Linux kernel, the following vulnerability has been resolved: tcp: fix a signed-integer-overflow bug in tcp_add_backlog() The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and in tcp_add_backlog(), the variable limit is caculated by adding sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value of int and overflow. This patch reduces the limit budget by halving the sndbuf to solve this issue since ACK packets are much smaller than the payload.