Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45102 | 1 Lenovo | 1 Xclarity Administrator | 2026-04-15 | 6.8 Medium |
| A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | ||||
| CVE-2024-45105 | 1 Lenovo | 99 Thinkagile Hx1331 Firmware, Thinkagile Hx2330 Firmware, Thinkagile Hx2331 Firmware and 96 more | 2026-04-15 | 6.7 Medium |
| An internal product security audit discovered a UEFI SMM (System Management Mode) callout vulnerability in some ThinkSystem servers that could allow a local attacker with elevated privileges to execute arbitrary code. | ||||
| CVE-2024-4511 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical has been found in Shanghai Sunfull Automation BACnet Server HMI1002-ARM 2.0.4. This affects an unknown part of the component Message Handler. The manipulation leads to buffer overflow. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-263115. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45160 | 1 Lemonldap-ng | 1 Lemonldap-ng | 2026-04-15 | 9.1 Critical |
| Incorrect credential validation in LemonLDAP::NG 2.18.x and 2.19.x before 2.19.2 allows attackers to bypass OAuth2 client authentication via an empty client_password parameter (client secret). | ||||
| CVE-2024-45161 | 1 Blu-castle | 1 Bcum221e | 2026-04-15 | 4.6 Medium |
| A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This can be exploited via a URL, an image load, an XMLHttpRequest, etc. and can result in exposure of data or unintended code execution. | ||||
| CVE-2024-45162 | 1 Blu-castle | 1 Bcum221e | 2026-04-15 | 9.8 Critical |
| A stack-based buffer overflow issue was discovered in the phddns client in Blu-Castle BCUM221E 1.0.0P220507 via the password field. | ||||
| CVE-2024-45163 | 1 Mirai | 1 Botnet | 2026-04-15 | 9.1 Critical |
| The Mirai botnet through 2024-08-19 mishandles simultaneous TCP connections to the CNC (command and control) server. Unauthenticated sessions remain open, causing resource consumption. For example, an attacker can send a recognized username (such as root), or can send arbitrary data. | ||||
| CVE-2024-45199 | 2026-04-15 | 8.8 High | ||
| insightsoftware Hive JDBC through 2.6.13 has a remote code execution vulnerability. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This can further lead to remote code execution. | ||||
| CVE-2024-45205 | 1 Ui | 1 Unifi | 2026-04-15 | N/A |
| An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). | ||||
| CVE-2024-45208 | 1 Versa | 1 Director | 2026-04-15 | 9.8 Critical |
| The Versa Director SD-WAN orchestration platform which makes use of Cisco NCS application service. Active and Standby Directors communicate over TCP ports 4566 and 4570 to exchange High Availability (HA) information using a shared password. Affected versions of Versa Director bound to these ports on all interfaces. An attacker that can access the Versa Director could access the NCS service on port 4566 and exploit it to perform unauthorized administrative actions and perform remote code execution. Customers are recommended to follow the hardening guide. Versa Networks is not aware of any reported instance where this vulnerability was exploited. Proof of concept for this vulnerability has been disclosed by third party security researchers. | ||||
| CVE-2024-45229 | 1 Versa | 1 Director | 2026-04-15 | N/A |
| The Versa Director offers REST APIs for orchestration and management. By design, certain APIs, such as the login screen, banner display, and device registration, do not require authentication. However, it was discovered that for Directors directly connected to the Internet, one of these APIs can be exploited by injecting invalid arguments into a GET request, potentially exposing the authentication tokens of other currently logged-in users. These tokens can then be used to invoke additional APIs on port 9183. This exploit does not disclose any username or password information. Currently, there are no workarounds in Versa Director. However, if there is Web Application Firewall (WAF) or API Gateway fronting the Versa Director, it can be used to block access to the URLs of vulnerable API. /vnms/devicereg/device/* (on ports 9182 & 9183) and /versa/vnms/devicereg/device/* (on port 443). Versa recommends that Directors be upgraded to one of the remediated software versions. This vulnerability is not exploitable on Versa Directors not exposed to the Internet.We have validated that no Versa-hosted head ends have been affected by this vulnerability. Please contact Versa Technical Support or Versa account team for any further assistance. | ||||
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2026-04-15 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2024-45240 | 1 Tiktok | 1 Tiktok | 2026-04-15 | 7.4 High |
| The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.) | ||||
| CVE-2024-45241 | 1 Centralsquare | 1 Crywolf | 2026-04-15 | 7.5 High |
| A traversal vulnerability in GeneralDocs.aspx in CentralSquare CryWolf (False Alarm Management) through 2024-08-09 allows unauthenticated attackers to read files outside of the working web directory via the rpt parameter, leading to the disclosure of sensitive information. | ||||
| CVE-2024-45242 | 1 Engeniustech | 1 Enh1350ext Firmware | 2026-04-15 | 7.8 High |
| EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions. | ||||
| CVE-2024-45253 | 1 Avigilon | 1 Videolq Icvr Hd Camera | 2026-04-15 | 7.5 High |
| Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-45254 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2026-04-15 | 7.5 High |
| VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-45250 | 2026-04-15 | 4.3 Medium | ||
| ZKteco – CWE 200 Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-45251 | 1 Elsight | 1 Halo Firmware | 2026-04-15 | 9.8 Critical |
| Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-45252 | 1 Elsight | 1 Halo Firmware | 2026-04-15 | 9.8 Critical |
| Elsight – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||