Search Results (364976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28717 1 Openstack 1 Storlets 2026-04-15 4.9 Medium
An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component.
CVE-2024-28726 1 Dlink 1 Dwr-2000m Firmware 2026-04-15 8 High
An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function.
CVE-2024-28728 1 Dlink 1 Dwr-2000m 2026-04-15 6.6 Medium
Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field.
CVE-2024-28734 1 Unit4 1 Financials 2026-04-15 6.1 Medium
Cross Site Scripting vulnerability in Unit4 Financials by Coda prior to 2023Q4 allows a remote attacker to run arbitrary code via a crafted GET request using the cols parameter.
CVE-2024-28736 1 Debezium Community Project 1 Debezium-ui 2026-04-15 7.1 High
An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function.
CVE-2024-28741 1 Engindemirbilek 1 Northstarc2 2026-04-15 8.8 High
Cross Site Scripting vulnerability in EginDemirbilek NorthStar C2 v1 allows a remote attacker to execute arbitrary code via the login.php component.
CVE-2024-28744 1 Furunosystems 2 Acera 9010-08 Firmware, Acera 9010-24 Firmware 2026-04-15 8.8 High
The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration.
CVE-2024-28745 2026-04-15 3.3 Low
Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack.
CVE-2024-28747 1 Ifm 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware 2026-04-15 9.8 Critical
An unauthenticated remote attacker can use the hard-coded credentials to access the SmartSPS devices with high privileges.
CVE-2024-28748 1 Ifm 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware 2026-04-15 7.2 High
A remote attacker with high privileges may use a reading file function to inject OS commands.
CVE-2024-28749 1 Ifm 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware 2026-04-15 7.2 High
A remote attacker with high privileges may use a writing file function to inject OS commands.
CVE-2024-28750 1 Ifm 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware 2026-04-15 7.2 High
A remote attacker with high privileges may use a deleting file function to inject OS commands.
CVE-2024-28751 1 Ifm 2 Smart Plc Ac14xx Firmware, Smart Plc Ac4xxs Firmware 2026-04-15 9.1 Critical
An high privileged remote attacker can enable telnet access that accepts hardcoded credentials.
CVE-2024-28759 2026-04-15 4.3 Medium
A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09.
CVE-2024-2876 2026-04-15 9.8 Critical
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
CVE-2024-28815 1 Mitel 2 Cmg Suite, Inattend 2026-04-15 9.8 Critical
A vulnerability in the BluStar component of Mitel InAttend 2.6 SP4 through 2.7 and CMG 8.5 SP4 through 8.6 could allow access to sensitive information, changes to the system configuration, or execution of arbitrary commands within the context of the system.
CVE-2024-28816 1 Aaravrajsingh 1 Chatbot 2026-04-15 7.1 High
Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php.
CVE-2024-2882 2026-04-15 N/A
SDG Technologies PnPSCADA allows a remote attacker to attach various entities without requiring system authentication. This breach could potentially lead to unauthorized control, data manipulation, and access to sensitive information within the SCADA system.
CVE-2024-28820 1 Threerings 1 Openvpn-auth-ldap 2026-04-15 6.3 Medium
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this field and cause a buffer overflow.
CVE-2024-28823 2026-04-15 6.1 Medium
Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html.