Search Results (365295 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33905 2026-04-15 4.6 Medium
In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type.
CVE-2024-34010 1 Acronis 1 Cyber Protect Cloud Agent 2026-04-15 N/A
Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575.
CVE-2024-34011 2026-04-15 N/A
Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758.
CVE-2024-34013 1 Acronis 1 True Image 2026-04-15 N/A
Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571.
CVE-2024-34014 2026-04-15 N/A
Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181.
CVE-2024-34015 2026-04-15 N/A
Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892.
CVE-2024-34016 1 Acronis 1 Cyber Protect Cloud Agent 2026-04-15 N/A
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235.
CVE-2024-34020 1 Hcode 1 Hcode 2026-04-15 6.5 Medium
A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1.
CVE-2024-34022 1 Intel 1 Thunderbolt Share Software 2026-04-15 6.7 Medium
Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34023 2026-04-15 8.4 High
Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34024 2026-04-15 6.3 Medium
Observable response discrepancy issue exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, an unauthenticated remote attacker may determine if a username is valid or not.
CVE-2024-34028 1 Intel 1 Graphics Offline Compiler For Opencl Code Software 2026-04-15 6.7 Medium
Uncontrolled search path in some Intel(R) Graphics Offline Compiler for OpenCL(TM) Code software for Windows before version 2024.1.0.142, graphics driver 31.0.101.5445 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34034 2026-04-15 5.7 Medium
An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component.
CVE-2024-34035 2026-04-15 5.7 Medium
An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.
CVE-2024-34036 2026-04-15 4.3 Medium
An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp.
CVE-2024-34044 2026-04-15 5.3 Medium
The O-RAN E2T I-Release buildPrometheusList function can have a NULL pointer dereference because peerInfo can be NULL.
CVE-2024-34045 2026-04-15 7.5 High
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->counters[IN_INITI][MSG_COUNTER][ProcedureCode_id_E2setup]->Increment().
CVE-2024-34046 1 O-ran-sc 1 E2 2026-04-15 7.5 High
The O-RAN E2T I-Release Prometheus metric Increment function can crash in sctpThread.cpp for message.peerInfo->sctpParams->e2tCounters[IN_SUCC][MSG_COUNTER][ProcedureCode_id_RICsubscription]->Increment().
CVE-2024-34051 1 Dolibarr 1 Dolibarr 2026-04-15 4.6 Medium
A Reflected Cross-site scripting (XSS) vulnerability located in htdocs/compta/paiement/card.php of Dolibarr before 19.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into the facid parameter.
CVE-2024-34058 1 Nethesis 1 Nethserver 2026-04-15 8.8 High
The WebTop package for NethServer 7 and 8 allows stored XSS (for example, via the Subject field if an e-mail message).