Export limit exceeded: 366256 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366256 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31313 | 1 Amd | 2 Instinct Mi210, Instinct Mi250 | 2026-04-15 | 7.2 High |
| An unintended proxy or intermediary in the AMD power management firmware (PMFW) could allow a privileged attacker to send malformed messages to the system management unit (SMU) potentially resulting in arbitrary code execution. | ||||
| CVE-2021-26280 | 2026-04-15 | 7.9 High | ||
| Locally installed application can bypass the permission check and perform system operations that require permission. | ||||
| CVE-2011-10034 | 1 Irai | 1 Automgen | 2026-04-15 | N/A |
| AUTOMGEN versions up to and including 8.0.0.7 (also referenced as 8.022) contain a vulnerability in that project file handling frees an object and subsequently dereferences the stale pointer when processing certain malformed fields. The dangling-pointer use enables an attacker to influence an indirect call through attacker-controlled memory, resulting in denial-of-service. In some conditions, remote code execution may be possible. | ||||
| CVE-2011-20002 | 1 Siemens | 3 Simatic, Simatic S7-1200, Simatic S7-1200 Cpu | 2026-04-15 | 7.4 High |
| A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family (incl. SIPLUS variants) (All versions < V2.0.2), SIMATIC S7-1200 CPU V2 family (incl. SIPLUS variants) (All versions < V2.0.2). Affected controllers are vulnerable to capture-replay in the communication with the engineering software. This could allow an on-path attacker between the engineering software and the controller to execute any previously recorded commands at a later time (e.g. set the controller to STOP), regardless whether or not the controller had a password configured. | ||||
| CVE-2016-15055 | 1 Jvckenwood | 1 Vn-t216vpru | 2026-04-15 | N/A |
| JVC VN-T IP-camera models firmware versions up to 2016-08-22 (confirmed on the VN-T216VPRU model) contain a directory traversal vulnerability in the checkcgi endpoint that accepts a user-controlled file parameter. An unauthenticated remote attacker can leverage this vulnerability to read arbitrary files on the device. | ||||
| CVE-2017-20211 | 1 Ucancode | 1 E-xd++ Visualization Enterprise Suite | 2026-04-15 | N/A |
| UCanCode E-XD++ Visualization Enterprise Suite contains an untrusted pointer dereference vulnerability via the TKDRAWCAD.TKDrawCADCtrl.1 ActiveX control. This is because it exposes a RotateShape method that dereferences a user-supplied pointer without sufficient validation. A crafted input may cause the control to dereference an attacker-controlled pointer, enabling remote code execution in the context of the hosting process. The vulnerability requires user interaction (instantiation of the ActiveX control via a web page or a file). | ||||
| CVE-2021-4455 | 2026-04-15 | 9.8 Critical | ||
| The Wordpress Plugin Smart Product Review plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | ||||
| CVE-2021-4463 | 1 Shenzhen Longjing Technology | 1 Bems Api | 2026-04-15 | N/A |
| Longjing Technology BEMS API versions up to and including 1.21 contains an unauthenticated arbitrary file download vulnerability in the 'downloads' endpoint. The 'fileName' parameter is not properly sanitized, allowing attackers to craft traversal sequences and access sensitive files outside the intended directory. | ||||
| CVE-2022-41573 | 2026-04-15 | 9.8 Critical | ||
| An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution. | ||||
| CVE-2022-4983 | 1 Tec-it | 1 Tbarcode Ocx | 2026-04-15 | N/A |
| TEC-IT TBarCode version 11.15 contains a vulnerability in the TBarCode11.ocx ActiveX/OCX control's licensing handling (INI-file based) that can be abused to cause remote creation of files on the host filesystem. Depending on where files can be created and which filenames are allowed, this can allow attackers to write files that lead to code execution or persistence under the context of the hosting process. | ||||
| CVE-2023-20508 | 2026-04-15 | 5 Medium | ||
| Improper access control in the ASP could allow a privileged attacker to perform an out-of-bounds write to a memory location not controlled by the attacker, potentially leading to loss of confidentiality, integrity, or availability. | ||||
| CVE-2023-20581 | 2026-04-15 | 2.5 Low | ||
| Improper access control in the IOMMU may allow a privileged attacker to bypass RMP checks, potentially leading to a loss of guest memory integrity. | ||||
| CVE-2023-20582 | 2026-04-15 | 5.3 Medium | ||
| Improper handling of invalid nested page table entries in the IOMMU may allow a privileged attacker to induce page table entry (PTE) faults to bypass RMP checks in SEV-SNP, potentially leading to a loss of guest memory integrity. | ||||
| CVE-2023-30421 | 1 Mjson Project | 1 Mjson | 2026-04-15 | 2.9 Low |
| mystrtod in mjson 1.2.7 requires more than a billion iterations during processing of certain digit strings such as 8891110122900e913013935755114. | ||||
| CVE-2023-31331 | 2026-04-15 | 3 Low | ||
| Improper access control in the DRTM firmware could allow a privileged attacker to perform multiple driver initializations, resulting in stack memory corruption that could potentially lead to loss of integrity or availability. | ||||
| CVE-2023-31342 | 2026-04-15 | 7.5 High | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | ||||
| CVE-2023-31343 | 2026-04-15 | 7.5 High | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | ||||
| CVE-2023-31360 | 2026-04-15 | 7.3 High | ||
| Incorrect default permissions in the AMD Integrated Management Technology (AIM-T) Manageability Service installation directory could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2023-31361 | 2026-04-15 | 7.3 High | ||
| A DLL hijacking vulnerability in AMD Integrated Management Technology (AIM-T) Manageability Service could allow an attacker to achieve privilege escalation potentially resulting in arbitrary code execution. | ||||
| CVE-2023-37482 | 2026-04-15 | 5.3 Medium | ||
| The login functionality of the web server in affected devices does not normalize the response times of login attempts. An unauthenticated remote attacker could exploit this side-channel information to distinguish between valid and invalid usernames. | ||||