Search Results (363719 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51552 1 Abb 3 Aspect Enterprise, Matrix Series, Nexus Series 2026-04-15 6 Medium
Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-53408 2026-04-15 5.4 Medium
AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability.
CVE-2024-55560 1 Mailcleaner 1 Mailcleaner 2026-04-15 9.8 Critical
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation.
CVE-2024-56802 2026-04-15 N/A
Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.
CVE-2024-58275 1 Easywall Project 1 Easywall 2026-04-15 N/A
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
CVE-2024-58278 1 Indigostar 1 Perl2exe 2026-04-15 N/A
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized access.
CVE-2024-6646 1 Netgear 1 Wn604 2026-04-15 5.3 Medium
A vulnerability was found in Netgear WN604 up to 20240710. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /downloadFile.php of the component Web Interface. The manipulation of the argument file with the input config leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-271052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-6769 1 Microsoft 5 Windows 10, Windows 11, Windows Server 2016 and 2 more 2026-04-15 6.7 Medium
A DLL Hijacking caused by drive remapping combined with a poisoning of the activation cache in Microsoft Windows 10, Windows 11, Windows Server 2016, Windows Server 2019, and Windows Server 2022 allows a malicious authenticated attacker to elevate from a medium integrity process to a high integrity process without the intervention of a UAC prompt.
CVE-2024-8118 1 Grafana 1 Grafana 2026-04-15 4.7 Medium
In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules.
CVE-2024-8125 2026-04-15 N/A
Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection.  A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4  with WebReports module installed and enabled.
CVE-2024-9166 1 Atelmo 1 Atemio Am 520 Hd Firmware 2026-04-15 N/A
The device enables an unauthorized attacker to execute system commands with elevated privileges. This exploit is facilitated through the use of the 'getcommand' query within the application, allowing the attacker to gain root access.
CVE-2024-9203 1 Enpass 1 Password Manager 2026-04-15 2.5 Low
A vulnerability, which was classified as problematic, has been found in Enpass Password Manager up to 6.9.5 on Windows. This issue affects some unknown processing. The manipulation leads to cleartext storage of sensitive information in memory. An attack has to be approached locally. The complexity of an attack is rather high. The exploitation is known to be difficult. Upgrading to version 6.10.1 is able to address this issue. It is recommended to upgrade the affected component.
CVE-2025-0416 1 Valmet 1 Dna 2026-04-15 N/A
Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system.
CVE-2025-0417 1 Valmet 1 Dna 2026-04-15 N/A
Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of guessing passwords and then performing switching operations.
CVE-2025-0630 2026-04-15 6.5 Medium
Multiple Western Telematic (WTI) products contain a web interface that is vulnerable to a local file inclusion attack (LFI), where any authenticated user has privileged access to files on the device's filesystem.
CVE-2025-10285 1 Silabs 1 Simplicity Device Manager 2026-04-15 N/A
The web interface of the Silicon Labs Simplicity Device Manager is exposed publicly and can be used to extract the NTLMv2 hash which an attacker could use to crack the user's domain password.
CVE-2025-10567 2 Funnelkit, Wordpress 2 Funnel Builder, Wordpress 2026-04-15 6.3 Medium
The FunnelKit WordPress plugin before 3.12.0.1 does not sanitize user input before echoing it back in some of its checkout-related AJAX actions, allowing attackers to conduct reflected XSS attacks against logged-in users.
CVE-2025-10622 1 Redhat 4 Satellite, Satellite Capsule, Satellite Maintenance and 1 more 2026-04-15 8 High
A flaw was found in Red Hat Satellite (Foreman component). This vulnerability allows an authenticated user with edit_settings permissions to achieve arbitrary command execution on the underlying operating system via insufficient server-side validation of command whitelisting.
CVE-2025-10686 1 Wordpress 1 Wordpress 2026-04-15 7.2 High
The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files.
CVE-2025-10873 3 Elementinvader, Elementor, Wordpress 3 Elementinvader Addons For Elementor, Elementor, Wordpress 2026-04-15 5.3 Medium
The ElementInvader Addons for Elementor WordPress plugin before 1.4.1 allows unauthenticated user to send arbitrary e-mails to arbitrary addresses due to missing authorization on the elementinvader_addons_for_elementor_forms_send_form action.