Export limit exceeded: 366897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366897 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-9938 2026-04-15 6.1 Medium
The Bounce Handler MailPoet 3 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-9951 1 Opajaap 1 Wp Photo Album Plus 2026-04-15 6.1 Medium
The WP Photo Album Plus plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wppa-tab' parameter in all versions up to, and including, 8.8.05.003 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-9972 1 Changate 1 Property Management System 2026-04-15 9.8 Critical
Property Management System from ChanGate has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
CVE-2024-9977 1 Mitrastar 1 Gpt-2541gnac 2026-04-15 4.7 Medium
A vulnerability, which was classified as critical, was found in MitraStar GPT-2541GNAC BR_g5.6_1.11(WVK.0)b26. Affected is an unknown function of the file /cgi-bin/settings-firewall.cgi of the component Firewall Settings Page. The manipulation of the argument SrcInterface leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. We tried to contact the vendor early about the disclosure but the official mail address was not working properly.
CVE-2024-9979 1 Redhat 2 Ansible Automation Platform, Enterprise Linux 2026-04-15 5.3 Medium
A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.
CVE-2024-9982 1 Esi Technology 1 Aim Line Marketing Platform 2026-04-15 9.8 Critical
AIM LINE Marketing Platform from Esi Technology does not properly validate a specific query parameter. When the LINE Campaign Module is enabled, unauthenticated remote attackers can inject arbitrary FetchXml commands to read, modify, and delete database content.
CVE-2024-9991 1 Signify Innovations India 7 Phillips Smart Bulb 10-watt Firmware, Phillips Smart Bulb 12-watt Firmware, Phillips Smart Bulb 9-watt Firmware and 4 more 2026-04-15 N/A
This vulnerability exists in Philips lighting devices due to storage of Wi-Fi credentials in plain text within the device firmware. An attacker with physical access could exploit this by extracting the firmware and analyzing the binary data to obtain the plaintext Wi-Fi credentials stored on the vulnerable device. Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to the Wi-Fi network to which vulnerable device is connected.
CVE-2024-9999 1 Progress Software 1 Ws Ftp Server 2026-04-15 6.5 Medium
In WS_FTP Server versions before 8.8.9 (2022.0.9), an Incorrect Implementation of Authentication Algorithm in the Web Transfer Module allows users to skip the second-factor verification and log in with username and password only.
CVE-2025-0009 1 Amd 9 Athlon, Radeon Pro V520, Radeon Pro V620 and 6 more 2026-04-15 5.5 Medium
A NULL pointer dereference in AMD Crash Defender could allow an attacker to write a NULL output to a log file potentially resulting in a system crash and loss of availability.
CVE-2025-0010 1 Amd 10 Athlon, Graphics Driver, Instinct Mi200 and 7 more 2026-04-15 6.1 Medium
An out of bounds write in the Linux graphics driver could allow an attacker to overflow the buffer potentially resulting in loss of confidentiality, integrity, or availability.
CVE-2025-0011 1 Amd 12 Radeon, Radeon Pro V520, Radeon Pro V620 and 9 more 2026-04-15 3.3 Low
Improper removal of sensitive information before storage or transfer in AMD Crash Defender could allow an attacker to obtain kernel address information potentially resulting in loss of confidentiality.
CVE-2025-0012 1 Amd 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors 2026-04-15 N/A
Improper handling of overlap between the segmented reverse map table (RMP) and system management mode (SMM) memory could allow a privileged attacker corrupt or partially infer SMM memory resulting in loss of integrity or confidentiality.
CVE-2025-0034 1 Amd 2 Instinct Mi300x, Instinct Mi325x 2026-04-15 4.7 Medium
Insufficient parameter sanitization in TEE SOC Driver could allow an attacker to issue a malformed DRV_SOC_CMD_ID_SRIOV_SPATIAL_PART and cause read or write past the end of allocated arrays, potentially resulting in a loss of platform integrity or denial of service.
CVE-2025-0029 1 Amd 2 Epyc 9005 Series Processors, Epyc Embedded 9005 Series Processors 2026-04-15 N/A
Improper handling of error condition during host-induced faults can allow a local high-privileged attack to selectively drop guest DMA writes, potentially resulting in a loss of SEV-SNP guest memory integrity
CVE-2025-0031 1 Amd 9 Epyc 7003 Series Processors, Epyc 8004 Series Processors, Epyc 9004 Series Processors and 6 more 2026-04-15 N/A
A use after free in the SEV firmware could allow a malicous hypervisor to activate a migrated guest with the SINGLE_SOCKET policy on a different socket than the migration agent potentially resulting in loss of integrity.
CVE-2025-0032 1 Amd 8 Epyc, Epyc 9000, Epyc 9005 and 5 more 2026-04-15 7.2 High
Improper cleanup in AMD CPU microcode patch loading could allow an attacker with local administrator privilege to load malicious CPU microcode, potentially resulting in loss of integrity of x86 instruction execution.
CVE-2025-0033 1 Amd 3 Epyc, Epyc 7003, Epyc 9005 2026-04-15 6 Medium
Improper access control within AMD SEV-SNP could allow an admin privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity.
CVE-2025-0036 2026-04-15 3.2 Low
In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locations as well as returning incorrect cryptographic data.
CVE-2025-0037 2026-04-15 6.6 Medium
In AMD Versal Adaptive SoC devices, the lack of address validation when executing PLM runtime services through the PLM firmware can allow access to isolated or protected memory spaces, resulting in the loss of integrity and confidentiality.
CVE-2025-0325 2026-04-15 4.3 Medium
A Guard Tour VAPIX API parameter allowed the use of arbitrary values and can be incorrectly called, allowing an attacker to block access to the guard tour configuration page in the web interface of the Axis device.