Export limit exceeded: 366303 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366303 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48730 | 2026-04-15 | 6.5 Medium | ||
| The default configuration in ETSI Open-Source MANO (OSM) v.14.x, v.15.x, v.16.x, v.17.x does not impose any restrictions on the authentication attempts performed by the default admin user, allowing a remote attacker to escalate privileges. | ||||
| CVE-2024-48735 | 1 Sas | 1 Studio | 2026-04-15 | 7.7 High |
| Directory Traversal in /SASStudio/sasexec/sessions/{sessionID}/workspace/{InternalPath} in SAS Studio 9.4 allows remote attacker to access internal files by manipulating default path during file download. NOTE: this is disputed by the vendor because these filesystem paths are allowed for authorized users. | ||||
| CVE-2024-48734 | 1 Sas | 1 Studio | 2026-04-15 | 8.8 High |
| Unrestricted file upload in /SASStudio/SASStudio/sasexec/{sessionID}/{InternalPath} in SAS Studio 9.4 allows remote attacker to upload malicious files. NOTE: this is disputed by the vendor because file upload is allowed for authorized users. | ||||
| CVE-2024-48746 | 1 Lensvisual | 1 Lensvisual | 2026-04-15 | 9.8 Critical |
| An issue in Lens Visual integration with Power BI v.4.0.0.3 allows a remote attacker to execute arbitrary code via the Natural language processing component | ||||
| CVE-2024-48747 | 1 Alist Project | 1 Alist | 2026-04-15 | 6.8 Medium |
| An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. | ||||
| CVE-2024-48768 | 1 Almando | 1 Almando Control Firmware | 2026-04-15 | 7.5 High |
| An issue in almaodo GmbH appinventor.ai_google.almando_control 2.3.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48769 | 1 Burg-wchter Kg | 1 Burg-wchter Kg Firmware | 2026-04-15 | 9.1 Critical |
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48772 | 1 C-chip | 1 C-chip Firmware | 2026-04-15 | 9.1 Critical |
| An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48773 | 1 Wo-smart | 1 Morepro Firmware | 2026-04-15 | 7.5 High |
| An issue in WoFit v.7.2.3 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48774 | 2026-04-15 | 7.5 High | ||
| An issue in Fermax Asia Pacific Pte Ltd com.fermax.vida 2.4.6 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48771 | 1 Almando | 1 Almando Play Firmware | 2026-04-15 | 7.5 High |
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48779 | 1 Wanxingtechnology | 1 Yitu Project Management Software | 2026-04-15 | 9.8 Critical |
| An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. | ||||
| CVE-2024-48781 | 1 Wanxingtechnology | 1 Yitu Project Management Kirin Edition | 2026-04-15 | 9.8 Critical |
| An issue in Wanxing Technology Yitu Project Management Kirin Edition 2.3.6 allows a remote attacker to execute arbitrary code via a specially constructed so file/opt/EdrawProj-2/plugins/imageformat. | ||||
| CVE-2024-48782 | 1 Dycms | 1 Dycms | 2026-04-15 | 9.8 Critical |
| File Upload vulnerability in DYCMS Open-Source Version v2.0.9.41 allows a remote attacker to execute arbitrary code via the application only detecting the extension of image files in the front-end. | ||||
| CVE-2024-48786 | 1 Switchbot | 1 Switchbot Firmware | 2026-04-15 | 9.1 Critical |
| An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48784 | 1 Sampmax | 1 Sampmax Firmware | 2026-04-15 | 9.8 Critical |
| An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48789 | 1 Inatronic | 1 Drivedeck | 2026-04-15 | 7.5 High |
| An issue in INATRONIC com.inatronic.drivedeck.home 2.6.23 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48790 | 1 Ilife | 1 Com Ilife Home Global | 2026-04-15 | 5.3 Medium |
| An issue in ILIFE com.ilife.home.global 1.8.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48791 | 1 Plug N Play Camera | 1 Plug N Play Camera | 2026-04-15 | 7.5 High |
| An issue in Plug n Play Camera com.starvedia.mCamView.zwave 5.5.1 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-48792 | 1 Hideez | 1 Com.hideez Firmware | 2026-04-15 | 7.5 High |
| An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||