Export limit exceeded: 367120 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367120 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-8506 1 495300897 1 Wx-shop 2026-04-15 3.5 Low
A vulnerability was found in 495300897 wx-shop up to de1b66331368695779cfc6e4d11a64caddf8716e and classified as problematic. This issue affects some unknown processing of the file /user/editUI. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVE-2025-9338 1 Asus 1 Armoury Crate 2026-04-15 N/A
A improper restriction of operations within the bounds of a memory buffer exists in AsIO3.sys driver. This vulnerability can be triggered by manually executing a specially crafted process, potentially leading to local privilage escalation. For additional information, please refer to the 'Security Update for Armoury Crate App' section of the ASUS Security Advisory.
CVE-2025-9970 1 Abb 1 Mconfig 2026-04-15 7.4 High
Cleartext Storage of Sensitive Information in Memory vulnerability in ABB MConfig.This issue affects MConfig: through 1.4.9.21.
CVE-2025-60639 2026-04-15 6.5 Medium
Hardcoded credentials in gsigel14 ATLAS-EPIC commit f29312c (2025-05-26).
CVE-2025-57174 2026-04-15 9.8 Critical
An issue was discovered in Siklu Communications Etherhaul 8010TX and 1200FX devices, Firmware 7.4.0 through 10.7.3 and possibly other previous versions. The rfpiped service listening on TCP port 555 which uses static AES encryption keys hardcoded in the binary. These keys are identical across all devices, allowing attackers to craft encrypted packets that execute arbitrary commands without authentication. This is a failed patch for CVE-2017-7318. This issue may affect other Etherhaul series devices with shared firmware.
CVE-2020-35546 2026-04-15 9.1 Critical
Lexmark MX6500 LW75.JD.P296 and previous devices have Incorrect Access Control via the access control settings.
CVE-2023-46948 1 Temenos 1 T24 2026-04-15 5.4 Medium
A reflected Cross-Site Scripting (XSS) vulnerability was found on Temenos T24 Browser R19.40 that enables a remote attacker to execute arbitrary JavaScript code via the skin parameter in the about.jsp and genrequest.jsp components.
CVE-2024-25885 1 Xhtml2pdf 1 Xhtml2pdf 2026-04-15 7.5 High
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
CVE-2024-24443 2026-04-15 6.5 Medium
An uninitialized pointer dereference in the ngap_handle_pdu_session_resource_setup_response routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted PDU Session Resource Setup Response.
CVE-2024-27620 1 Everywall 1 Ladder 2026-04-15 7.5 High
An issue in Ladder v.0.0.1 thru v.0.0.21 allows a remote attacker to obtain sensitive information via a crafted request to the API.
CVE-2024-28699 1 Json 1 Pdf2json 2026-04-15 7.8 High
A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function.
CVE-2024-28722 1 Innovaphone 1 Innovaphone Pbx 2026-04-15 6.3 Medium
Cross Site Scripting vulnerability in Innovaphone myPBX v.14r1, v.13r3, v.12r2 allows a remote attacker to execute arbitrary code via the query parameter to the /CMD0/xml_modes.xml endpoint
CVE-2024-33270 1 Prestashop 1 Prestashop 2026-04-15 7.5 High
An issue in FME Modules fileuploads v.2.0.3 and before and fixed in v2.0.4 allows a remote attacker to obtain sensitive information via the uploadfiles.php component.
CVE-2024-32359 1 Carina 1 Carina 2026-04-15 6.9 Medium
An RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtain the secrets of the entire cluster and further take over the cluster.
CVE-2024-34896 2026-04-15 7.5 High
An issue in Nedis SmartLife Video Doorbell (WIFICDP10GY), Nedis SmartLife IOS v1.4.0 causes users who are disconnected from a previous peer-to-peer connection with the device to still have access to live video feed.
CVE-2024-37816 2026-04-15 4.2 Medium
Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow.
CVE-2024-36543 1 Strimza Project 1 Kafka Connect Rest Api 2026-04-15 9.8 Critical
Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API.
CVE-2024-40083 1 Viloliving 1 Vilo 5 Mesh Wifi System Firmware 2026-04-15 9.6 Critical
A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer.
CVE-2024-42831 1 Elaine 1 Marketing Automation 2026-04-15 6.1 Medium
A reflected cross-site scripting (XSS) vulnerability in Elaine's Realtime CRM Automation v6.18.17 allows attackers to execute arbitrary JavaScript code in the web browser of a user via injecting a crafted payload into the dialog parameter at wrapper_dialog.php.
CVE-2024-44765 1 Mgt-commerce 1 Cloudpanel 2026-04-15 6.5 Medium
An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality.