Export limit exceeded: 367104 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (367104 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47407 | 1 Myscada | 2 Mypro Manager, Mypro Runtime | 2026-04-15 | 10 Critical |
| A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | ||||
| CVE-2024-48394 | 2026-04-15 | 7.8 High | ||
| A Time-of-Check to Time-of-Use (TOCTOU) vulnerability has been identified in the driver of the NDD Print solution, which could allow an unprivileged user to exploit this flaw and gain SYSTEM-level access on the device. The vulnerability affects version 5.24.3 and before of the software. | ||||
| CVE-2024-54147 | 2026-04-15 | 6.8 Medium | ||
| Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers) may have all GraphQL request and response headers and bodies fully compromised including authorization tokens. The attack also allows obtaining full access to any signed-in Altair GraphQL Cloud account and replacing payment checkout pages with a malicious website. Version 8.0.5 fixes the issue. | ||||
| CVE-2024-54853 | 2026-04-15 | 5.4 Medium | ||
| A Stored Cross-Site Scripting (XSS) vulnerability was identified affecting Skybox Change Manager versions 13.2.170 and earlier that allows remote authenticated users to store malicious payloads in the affected field that would then execute in an unsuspecting victim's browser. | ||||
| CVE-2024-55565 | 1 Redhat | 11 Acm, Ansible Automation Platform, Discovery and 8 more | 2026-04-15 | 4.3 Medium |
| nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. | ||||
| CVE-2024-55566 | 2026-04-15 | 6.6 Medium | ||
| ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users. | ||||
| CVE-2024-55601 | 2026-04-15 | 5.4 Medium | ||
| Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates. | ||||
| CVE-2024-57077 | 2026-04-15 | 9.1 Critical | ||
| The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence. | ||||
| CVE-2024-57063 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57064 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.setValue function of @syncfusion/ej2-spreadsheet v27.2.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. NOTE: the Supplier disputes this because they found that the lib.setValue function is not utilized. | ||||
| CVE-2024-57065 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57066 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57699 | 1 Redhat | 4 Apache Camel Hawtio, Apache Camel Spring Boot, Camel Quarkus and 1 more | 2026-04-15 | 7.5 High |
| A security issue was found in Netplex Json-smart 2.5.0 through 2.5.1. When loading a specially crafted JSON input, containing a large number of ’{’, a stack exhaustion can be trigger, which could allow an attacker to cause a Denial of Service (DoS). This issue exists because of an incomplete fix for CVE-2023-1370. | ||||
| CVE-2024-6981 | 1 Omntec | 1 Proteus Tank Monitoring | 2026-04-15 | 9.8 Critical |
| OMNTEC Proteus Tank Monitoring OEL8000III Series could allow an attacker to perform administrative actions without proper authentication. | ||||
| CVE-2024-8310 | 1 Opwglobal | 1 Sitesentinel Firmware | 2026-04-15 | 9.8 Critical |
| OPW Fuel Management Systems SiteSentinel could allow an attacker to bypass authentication to the server and obtain full admin privileges. | ||||
| CVE-2024-9275 | 1 Jeanmarc77 | 1 123solar | 2026-04-15 | 6.3 Medium |
| A vulnerability was found in jeanmarc77 123solar up to 1.8.4.5. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin_invt2.php. The manipulation of the argument PROTOCOLx leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-0014 | 2026-04-15 | 7.3 High | ||
| Incorrect default permissions on the AMD Ryzen(TM) AI installation folder could allow an attacker to achieve privilege escalation, potentially resulting in arbitrary code execution. | ||||
| CVE-2025-0858 | 2026-04-15 | N/A | ||
| A vulnerability was discovered in the firmware builds up to 8.2.1.0820 in certain Poly devices. The firmware flaw does not properly prevent path traversal and could lead to information disclosure. | ||||
| CVE-2025-1025 | 1 Cockpit-hq | 1 Cockpit | 2026-04-15 | 7.5 High |
| Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. | ||||
| CVE-2025-10259 | 1 Mitsubishi | 1 Melsec Iq-f Series | 2026-04-15 | 5.3 Medium |
| Improper Validation of Specified Quantity in Input vulnerability in TCP Communication Function on Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote attacker to disconnect the connection by sending specially crafted TCP packets to cause a denial-of-service (DoS) condition on the products. There is no impact on connections other than the attacked one. | ||||