Export limit exceeded: 364922 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364922 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-2740 2026-04-15 7.7 High
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.
CVE-2024-2741 2026-04-15 7.1 High
Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface.
CVE-2024-2742 2026-04-15 6.4 Medium
Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality.
CVE-2024-27440 2026-04-15 4.8 Medium
The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate.
CVE-2024-27448 1 Maildev 1 Maildev 2026-04-15 9.1 Critical
MailDev 2 through 2.1.0 allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file.
CVE-2024-27457 2026-04-15 2.5 Low
Improper check for unusual or exceptional conditions in Intel(R) TDX Module firmware before version 1.5.06 may allow a privileged user to potentially enable information disclosure via local access.
CVE-2024-27458 1 Hp 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more 2026-04-15 8.8 High
A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support.
CVE-2024-2746 2026-04-15 8.8 High
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.
CVE-2024-27488 1 Zlmediakit 1 Zlmediakit 2026-04-15 9.8 Critical
Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default.
CVE-2024-27489 1 Weimengcms 1 Wmcms 2026-04-15 7.5 High
An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request.
CVE-2024-27518 1 Superantispyware 1 Professional X 2026-04-15 7.8 High
An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder.
CVE-2024-2752 2026-04-15 5.5 Medium
The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-2756 2 Php, Redhat 2 Archive Tar, Enterprise Linux 2026-04-15 6.5 Medium
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
CVE-2024-27574 1 Trainme Acadamy 1 Ichin 2026-04-15 9.1 Critical
SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.
CVE-2024-27575 1 Inotec 1 Gmbh Webserver 2026-04-15 7.5 High
INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI.
CVE-2024-2758 2026-04-15 6.3 Medium
Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately.
CVE-2024-2759 1 Prestashopmodules 1 Apaczka 2026-04-15 7.5 High
Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4.
CVE-2024-27593 1 Eramba 1 Eramba 2026-04-15 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Filter function of Eramba Version 3.22.3 Community Edition allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the filter name field. This vulnerability has been fixed in version 3.23.0.
CVE-2024-2760 2026-04-15 5.5 Medium
Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver.
CVE-2024-27609 2026-04-15 6.5 Medium
Bonita before 2023.2-u2 allows stored XSS via a UI screen in the administration panel.