Export limit exceeded: 364911 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364911 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2363 | 1 Aol | 1 Aim Triton | 2026-04-15 | 5.3 Medium |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-23674 | 1 Ausweisapp | 1 Online-ausweis-funktion | 2026-04-15 | 9.6 Critical |
| The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner." | ||||
| CVE-2024-2371 | 2026-04-15 | 6.2 Medium | ||
| Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. | ||||
| CVE-2024-23727 | 1 Kamivision | 1 Yi Iot | 2026-04-15 | 8.4 High |
| The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component. | ||||
| CVE-2024-23733 | 2026-04-15 | 7.5 High | ||
| The /WmAdmin/,/invoke/vm.server/login login page in the Integration Server in Software AG webMethods 10.15.0 before Core_Fix7 allows remote attackers to reach the administration panel and discover hostname and version information by sending an arbitrary username and a blank password to the /WmAdmin/#/login/ URI. | ||||
| CVE-2024-25657 | 1 Avsystem | 1 Unified Management Platform | 2026-04-15 | 5.4 Medium |
| An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. | ||||
| CVE-2024-23736 | 3 Bitbucket, Confluence, Jira | 3 Snotify, Snotify, Snotify | 2026-04-15 | 8.8 High |
| Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email. | ||||
| CVE-2024-23765 | 2026-04-15 | 4 Medium | ||
| An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway become unresponsive after sending 85 requests to this port. The content and length of the frame does not matter. The device needs to be restarted to resume operations. | ||||
| CVE-2024-23766 | 1 Hms-networks | 1 Anybus X-gateway Ab7832-f3 | 2026-04-15 | 7.5 High |
| An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes a web interface on port 80. An unauthenticated GET request to a specific URL triggers the reboot of the Anybus gateway (or at least most of its modules). An attacker can use this feature to carry out a denial of service attack by continuously sending GET requests to that URL. | ||||
| CVE-2024-23767 | 1 Hms-networks | 1 Anybus X-gateway Ab7832-f | 2026-04-15 | 8.8 High |
| An issue was discovered on HMS Anybus X-Gateway AB7832-F firmware version 3. The HICP protocol allows unauthenticated changes to a device's network configurations. | ||||
| CVE-2024-2377 | 2026-04-15 | 7.6 High | ||
| A vulnerability exists in the too permissive HTTP response header web server settings of the SDM600. An attacker can take advantage of this and possibly carry out privileged actions and access sensitive information. | ||||
| CVE-2024-23772 | 2026-04-15 | 6.6 Medium | ||
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-23773 | 1 Quest | 1 Kace Systems Management Appliance | 2026-04-15 | 7.8 High |
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file delete vulnerability exists in the KSchedulerSvc.exe component. Local attackers can delete any file of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-23774 | 2026-04-15 | 7.8 High | ||
| An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges. | ||||
| CVE-2024-2378 | 2026-04-15 | 8 High | ||
| A vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected installations. | ||||
| CVE-2024-23793 | 1 Otrs | 2 Otrs, Otrs Community Edition | 2026-04-15 | 6.3 Medium |
| The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2024-23815 | 1 Siemens | 1 Desigo Cc | 2026-04-15 | 7.5 High |
| A vulnerability has been identified in Desigo CC (All versions if access from Installed Clients to Desigo CC server is allowed from networks outside of a highly protected zone), Desigo CC (All versions if access from Installed Clients to Desigo CC server is only allowed within highly protected zones). The affected server application fails to authenticate specific client requests. Modification of the client binary could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database via the event port (default: 4998/tcp) | ||||
| CVE-2024-2382 | 2026-04-15 | 5.3 Medium | ||
| The Authorize.net Payment Gateway For WooCommerce plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 8.0. This is due to the plugin not properly verifying the authenticity of the request that updates a orders payment status. This makes it possible for unauthenticated attackers to update order payment statuses to paid bypassing any payment. | ||||
| CVE-2024-2384 | 2026-04-15 | 4.3 Medium | ||
| The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id | ||||
| CVE-2024-23843 | 2026-04-15 | 2.2 Low | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Genians Genian NAC V5.0, Genians Genian NAC LTS V5.0.This issue affects Genian NAC V5.0: from V5.0.0 through V5.0.60; Genian NAC LTS V5.0: from 5.0.0 LTS through 5.0.55 LTS(Revision 125558), from 5.0.0 LTS through 5.0.56 LTS(Revision 125560). | ||||