Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366624 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366624 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57401 | 2026-04-15 | 9.8 Critical | ||
| SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. | ||||
| CVE-2024-57412 | 1 Sun | 1 Omnios | 2026-04-15 | 7.5 High |
| An issue in SunOS Omnios v5.11 allows attackers to cause a Denial of Service (DoS) via repeatedly sending crafted TCP packets. | ||||
| CVE-2024-5743 | 2026-04-15 | 9.8 Critical | ||
| An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42. | ||||
| CVE-2024-57491 | 2026-04-15 | 8.8 High | ||
| Authentication Bypass vulnerability in jobx up to v1.0.1-RELEASE allows an attacker can exploit this vulnerability to access sensitive API without any token via the preHandle function. | ||||
| CVE-2024-57494 | 1 Neto | 1 Ecommerce Cms | 2026-04-15 | 6.5 Medium |
| Cross Site Scripting vulnerability in Neto E-Commerce CMS v.6.313.0 through v.6.3115 allows a remote attacker to escalate privileges via the kw parameter. | ||||
| CVE-2024-57509 | 2026-04-15 | 7.8 High | ||
| Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_File::ParseStream and related functions. | ||||
| CVE-2024-57510 | 2026-04-15 | 7.8 High | ||
| Buffer Overflow vulnerability in Bento4 mp42avc v.3bdc891602d19789b8e8626e4a3e613a937b4d35 allows a local attacker to execute arbitrary code via the AP4_MemoryByteStream::WritePartial. | ||||
| CVE-2024-57513 | 2026-04-15 | 6.5 Medium | ||
| A floating-point exception (FPE) vulnerability exists in the AP4_TfraAtom::AP4_TfraAtom function in Bento4. | ||||
| CVE-2024-57514 | 2026-04-15 | 4.8 Medium | ||
| The TP-Link Archer A20 v3 router is vulnerable to Cross-site Scripting (XSS) due to improper handling of directory listing paths in the web interface. When a specially crafted URL is visited, the router's web page renders the directory listing and executes arbitrary JavaScript embedded in the URL. This allows the attacker to inject malicious code into the page, executing JavaScript on the victim's browser, which could then be used for further malicious actions. The vulnerability was identified in the 1.0.6 Build 20231011 rel.85717(5553) version. | ||||
| CVE-2024-5752 | 1 Stitionai | 1 Devika | 2026-04-15 | N/A |
| A path traversal vulnerability exists in stitionai/devika, specifically in the project creation functionality. In the affected version beacf6edaa205a5a5370525407a6db45137873b3, the project name is not validated, allowing an attacker to create a project with a crafted name that traverses directories. This can lead to arbitrary file overwrite when the application generates code and saves it to the specified project directory, potentially resulting in remote code execution. | ||||
| CVE-2024-5753 | 1 Vanna-ai | 1 Vanna | 2026-04-15 | N/A |
| vanna-ai/vanna version v0.3.4 is vulnerable to SQL injection in some file-critical functions such as `pg_read_file()`. This vulnerability allows unauthenticated remote users to read arbitrary local files on the victim server, including sensitive files like `/etc/passwd`, by exploiting the exposed SQL queries via a Python Flask API. | ||||
| CVE-2024-57595 | 1 Dlink | 1 Dir-825 | 2026-04-15 | 9.8 Critical |
| DLINK DIR-825 REVB 2.03 devices have an OS command injection vulnerability in the CGl interface apc_client_pin.cgi, which allows remote attackers to execute arbitrary commands via the parameter "wps_pin" passed to the apc_client_pin.cgi binary through a POST request. | ||||
| CVE-2024-57608 | 2026-04-15 | 6.5 Medium | ||
| An issue in Via Browser 6.1.0 allows a a remote attacker to execute arbitrary code via the mark.via.Shell component. | ||||
| CVE-2024-5768 | 2026-04-15 | 6.4 Medium | ||
| The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mimo_update_provider' function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update shipping provider information, including adding stored cross-site scripting. | ||||
| CVE-2024-5769 | 2026-04-15 | 4.3 Medium | ||
| The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings. | ||||
| CVE-2024-57708 | 2026-04-15 | 5.7 Medium | ||
| An issue in OneTrust SDK v.6.33.0 allows a local attacker to cause a denial of service via the Object.setPrototypeOf, __proto__, and Object.assign components. NOTE: this is disputed by the Supplier who does not agree it is a prototype pollution vulnerability. | ||||
| CVE-2024-5771 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-57716 | 2026-04-15 | 7.5 High | ||
| An issue in trenoncourt AutoQueryable v.1.7.0 allows a remote attacker to obtain sensitive information via the Unselectable function. | ||||
| CVE-2024-57783 | 2026-04-15 | 8.1 High | ||
| The desktop application in Dot through 0.9.3 allows XSS and resultant command execution because user input and LLM output are appended to the DOM with innerHTML (in render.js), and because the Electron window can access Node.js APIs. | ||||
| CVE-2024-57784 | 2026-04-15 | 5.5 Medium | ||
| An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. | ||||