Export limit exceeded: 367104 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367104 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-45029 | 2026-04-15 | 6.5 Medium | ||
| WINSTAR WN572HP3 v230525 was discovered to contain a heap overflow via the CONTENT_LENGTH variable at /cgi-bin/upload.cgi. | ||||
| CVE-2025-50849 | 1 Cs-cart | 1 Cs-cart | 2026-04-15 | 8 High |
| CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickers through a parameter (company_id) sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate the request to target other users' accounts and toggle the sticker setting by modifying the company_id or other object identifiers. | ||||
| CVE-2025-51624 | 2026-04-15 | 7.6 High | ||
| Cross-site scripting (XSS) vulnerability in Zone Bitaqati thru 3.4.0. | ||||
| CVE-2025-26201 | 2026-04-15 | 9.1 Critical | ||
| Credential disclosure vulnerability via the /staff route in GreaterWMS <= 2.1.49 allows a remote unauthenticated attackers to bypass authentication and escalate privileges. | ||||
| CVE-2025-22936 | 2026-04-15 | 5.7 Medium | ||
| An issue in Smartcom Bulgaria AD Smartcom Ralink CPE/WiFi router SAM-4G1G-TT-W-VC, SAM-4F1F-TT-W-A1 allows a remote attacker to obtain sensitive information via the Weak default WiFi password generation algorithm in WiFi routers. | ||||
| CVE-2024-53345 | 2026-04-15 | 8.8 High | ||
| An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-53614 | 2026-04-15 | 6.5 Medium | ||
| A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. | ||||
| CVE-2024-51367 | 1 Husrev | 1 Blackboard | 2026-04-15 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. | ||||
| CVE-2024-51366 | 1 Omegat | 1 Omegat | 2026-04-15 | 9.8 Critical |
| An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. | ||||
| CVE-2024-51364 | 1 Gelcon | 1 Modbusmechanic | 2026-04-15 | 8.8 High |
| An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. | ||||
| CVE-2024-50942 | 1 Qiwenshare | 1 Qiwen-file | 2026-04-15 | 9.8 Critical |
| qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml. | ||||
| CVE-2024-48787 | 1 Revic Optics | 1 Revic Ops Firmware | 2026-04-15 | 9.1 Critical |
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-38796 | 1 Redhat | 5 Enterprise Linux, Rhel Aus, Rhel E4s and 2 more | 2026-04-15 | 5.9 Medium |
| EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability. | ||||
| CVE-2024-38809 | 2 Redhat, Vmware | 2 Apache Camel Spring Boot, Spring Framework | 2026-04-15 | 5.3 Medium |
| Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter. | ||||
| CVE-2024-39364 | 1 Advantech | 1 Adam-5630 | 2026-04-15 | 6.3 Medium |
| Advantech ADAM-5630 has built-in commands that can be executed without authenticating the user. These commands allow for restarting the operating system, rebooting the hardware, and stopping the execution. The commands can be sent to a simple HTTP request and are executed by the device automatically, without discrimination of origin or level of privileges of the user sending the commands. | ||||
| CVE-2024-43443 | 2026-04-15 | 4.9 Medium | ||
| Improper Neutralization of Input done by an attacker with admin privileges ('Cross-site Scripting') in Process Management modules of OTRS and ((OTRS)) Community Edition allows Cross-Site Scripting (XSS) within the Process Management targeting other admins. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | ||||
| CVE-2024-45773 | 1 Facebook | 1 Thrift | 2026-04-15 | 7.5 High |
| A use-after-free vulnerability involving upgradeToRocket requests can cause the application to crash or potentially result in code execution or other undesirable effects. This issue affects Facebook Thrift prior to v2024.09.09.00. | ||||
| CVE-2024-45863 | 1 Facebook | 1 Thrift | 2026-04-15 | 5.3 Medium |
| A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable effects. This issue affects Facebook Thrift from v2024.09.09.00 until v2024.09.23.00. | ||||
| CVE-2024-46441 | 1 Kacins | 1 Ypay | 2026-04-15 | 8.8 High |
| An arbitrary file upload vulnerability in YPay 1.2.0 allows attackers to execute arbitrary code via a ZIP archive to themePutFile in app/common/util/Upload.php (called from app/admin/controller/ypay/Home.php). The file extension of an uncompressed file is not checked. | ||||
| CVE-2024-46547 | 2026-04-15 | 7.5 High | ||
| A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks. | ||||