Export limit exceeded: 366625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57157 | 2026-04-15 | 9.8 Critical | ||
| Incorrect access control in Jantent v1.1 allows attackers to bypass authentication and access sensitive APIs without a token. | ||||
| CVE-2024-57174 | 2026-04-15 | 8.1 High | ||
| A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access sensitive information. | ||||
| CVE-2024-57177 | 2026-04-15 | 7.3 High | ||
| A host header injection vulnerability exists in the NPM package of perfood/couch-auth <= 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information | ||||
| CVE-2024-57272 | 2026-04-15 | 6.1 Medium | ||
| SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2024-57238 | 2026-04-15 | 7.3 High | ||
| Prolink 4G LTE Mobile Wi-Fi DL-7203E V4.0.0B05 is vulnerable to SQL Injection in in the /reqproc/proc_get endpoint. The vulnerability allows an attacker to manipulate SQL queries by injecting malicious SQL code into the order_by parameter. | ||||
| CVE-2024-5726 | 2 Wordpress, Wpdiscover | 2 Wordpress, Timeline Event History | 2026-04-15 | 8.8 High |
| The Timeline Event History plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1 via deserialization of untrusted input 'timelines-data' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-57261 | 1 Pengutronix | 1 Barebox | 2026-04-15 | 7.1 High |
| In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258. | ||||
| CVE-2024-57262 | 1 Pengutronix | 1 Barebox | 2026-04-15 | 7.1 High |
| In barebox before 2025.01.0, ext4fs_read_symlink has an integer overflow for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite, a related issue to CVE-2024-57256. | ||||
| CVE-2024-57276 | 2026-04-15 | 7.3 High | ||
| In Electronic Arts Dragon Age Origins 1.05, the DAUpdaterSVC service contains an unquoted service path vulnerability. This service is configured with insecure permissions, allowing users to modify the executable file path used by the service. The service runs with NT AUTHORITY\SYSTEM privileges, enabling attackers to escalate privileges by replacing or placing a malicious executable in the service path. | ||||
| CVE-2024-57277 | 2026-04-15 | 5.7 Medium | ||
| InnoShop V.0.3.8 and below is vulnerable to Cross Site Scripting (XSS) via SVG file upload. | ||||
| CVE-2024-57278 | 2026-04-15 | 5.4 Medium | ||
| A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads. When a victim accesses a crafted URL containing the malicious input, the script executes in the victim's browser context. | ||||
| CVE-2024-5731 | 2026-04-15 | 6.8 Medium | ||
| A vulnerability in the IPS Manager, Central Manager, and Local Manager communication workflow allows an attacker to control the destination of a request by manipulating the parameter, thereby leveraging sensitive information. | ||||
| CVE-2024-57336 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access. | ||||
| CVE-2024-57337 | 2026-04-15 | 6.5 Medium | ||
| An arbitrary file upload vulnerability in the opcode 500 functionality of M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file. | ||||
| CVE-2024-57338 | 2026-04-15 | 6.5 Medium | ||
| An arbitrary file upload vulnerability in M2Soft CROWNIX Report & ERS v5.x to v5.5.14.1070, v7.x to v7.4.3.960, and v8.x to v8.2.0.345 allows attackers to execute arbitrary code via supplying a crafted file. | ||||
| CVE-2024-57360 | 1 Gnu | 1 Binutils | 2026-04-15 | 5.5 Medium |
| https://www.gnu.org/software/binutils/ nm >=2.43 is affected by: Incorrect Access Control. The type of exploitation is: local. The component is: `nm --without-symbol-version` function. | ||||
| CVE-2024-57372 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters | ||||
| CVE-2024-57373 | 2026-04-15 | 8.1 High | ||
| Cross Site Request Forgery (CSRF) vulnerability in LifestyleStore v1.0 allows a remote attacker to execute unauthorized actions on behalf of an authenticated user, potentially leading to account modifications or data compromise. | ||||
| CVE-2024-57375 | 2026-04-15 | 2.4 Low | ||
| Andamiro Pump It Up 20th Anniversary (aka Double X or XX/2019) 1.00.0-2.08.3 allows a physically proximate attacker to cause a denial of service (application crash) via certain deselect actions. | ||||
| CVE-2024-57378 | 2026-04-15 | 7.3 High | ||
| Wazuh SIEM version 4.8.2 is affected by a broken access control vulnerability. This issue allows the unauthorized creation of internal users without assigning any existing user role, potentially leading to privilege escalation or unauthorized access to sensitive resources. | ||||