Search Results (366624 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-57174 2026-04-15 8.1 High
A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access sensitive information.
CVE-2024-57177 2026-04-15 7.3 High
A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information
CVE-2024-57272 2026-04-15 6.1 Medium
SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS).
CVE-2024-57238 2026-04-15 7.3 High
Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter.
CVE-2024-5726 2 Wordpress, Wpdiscover 2 Wordpress, Timeline Event History 2026-04-15 8.8 High
The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.
CVE-2024-57261 1 Pengutronix 1 Barebox 2026-04-15 7.1 High
In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.
CVE-2024-57262 1 Pengutronix 1 Barebox 2026-04-15 7.1 High
In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256.
CVE-2024-57276 2026-04-15 7.3 High
In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path.
CVE-2024-57277 2026-04-15 5.7 Medium
InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload.
CVE-2024-57278 2026-04-15 5.4 Medium
A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context.
CVE-2024-5731 2026-04-15 6.8 Medium
A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information.
CVE-2024-57336 2026-04-15 6.5 Medium
Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access.
CVE-2024-57337 2026-04-15 6.5 Medium
An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.
CVE-2024-57338 2026-04-15 6.5 Medium
An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file.
CVE-2024-57360 1 Gnu 1 Binutils 2026-04-15 5.5 Medium
https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function.
CVE-2024-57372 2026-04-15 6.1 Medium
Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters
CVE-2024-57373 2026-04-15 8.1 High
Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise.
CVE-2024-57375 2026-04-15 2.4 Low
Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions.
CVE-2024-57378 2026-04-15 7.3 High
Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources.
CVE-2024-57395 2026-04-15 9.8 Critical
Password Vulnerability in Safety production process management system v1.0 allows a remote attacker to escalate privileges, execute arbitrary code and obtain sensitive information via the password and account number parameters.