Search Results (968 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-50976 2 Avibia, Innomic 2 Avibiline Configurator, Vibroline Configurator 2026-04-15 7.7 High
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
CVE-2025-11743 1 Rockwellautomation 1 Compactlogix 5370 2026-04-15 N/A
A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.
CVE-2024-8403 1 Mitsubishi Electric 2 Melsec Iq-f Series Fx5-enet, Melsec Iq-f Series Fx5-enet Ip 2026-04-15 7.5 High
Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 to 1.200 and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets.
CVE-2024-8000 2026-04-15 5.3 Medium
On affected platforms running Arista EOS with 802.1X configured, certain conditions may occur where a dynamic ACL is received from the AAA server resulting in only the first line of the ACL being installed after an Accelerated Software Upgrade (ASU) restart. Note: supplicants with pending captive-portal authentication during ASU would be impacted with this bug.
CVE-2024-7954 1 Spip 1 Spip 2026-04-15 9.8 Critical
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
CVE-2024-23593 2026-04-15 6.7 Medium
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
CVE-2024-6768 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2026-04-15 N/A
A Denial of Service in CLFS.sys in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated low-privilege user to cause a Blue Screen of Death via a forced call to the KeBugCheckEx function.
CVE-2024-6173 2026-04-15 6.5 Medium
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that a Guard Tour VAPIX API parameter allowed the use of arbitrary values allowing for an attacker to block access to the guard tour configuration page in the web interface of the Axis device. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2024-6068 1 Rcokwellautomation 1 Arena Input Analyzer 2026-04-15 7.3 High
A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file.
CVE-2024-51983 2026-04-15 7.5 High
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.
CVE-2024-51982 2026-04-15 7.5 High
An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. A malformed PJL variable FORMLINES is set to a non number value causing the target to crash.
CVE-2024-48851 1 Abb 1 Flxeon 2026-04-15 7.2 High
Improper Validation of Specified Type of Input vulnerability in ABB FLXEON.A remote code execution is possible due to an improper input validation. This issue affects FLXEON: through 9.3.5.
CVE-2025-13878 1 Isc 1 Bind 2026-04-15 7.5 High
Malformed BRID/HHIT records can cause `named` to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1.
CVE-2025-9524 1 Axis 1 Axis Os 2026-04-15 4.3 Medium
The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
CVE-2024-24715 2026-04-15 6.5 Medium
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.
CVE-2024-0218 1 Nozominetworks 1 Guardian 2026-04-15 7.5 High
A Denial of Service (Dos) vulnerability in Nozomi Networks Guardian, caused by improper input validation in certain fields used in the Radius parsing functionality of our IDS, allows an unauthenticated attacker sending specially crafted malformed network packets to cause the IDS module to stop updating nodes, links, and assets. Network traffic may not be analyzed until the IDS module is restarted.
CVE-2024-11168 2 Python Software Foundation, Redhat 2 Cpython, Enterprise Linux 2026-04-15 3.7 Low
The urllib.parse.urlsplit() and urlparse() functions improperly validated bracketed hosts (`[]`), allowing hosts that weren't IPv6 or IPvFuture. This behavior was not conformant to RFC 3986 and potentially enabled SSRF if a URL is processed by more than one URL parser.
CVE-2024-1610 2026-04-15 9.8 Critical
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
CVE-2024-26507 1 Finalwire 4 Aida64 Business, Aida64 Engineer, Aida64 Network Audit and 1 more 2026-04-15 7.8 High
An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components.
CVE-2024-30516 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-04-15 7.5 High
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.