Export limit exceeded: 11973 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43315 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24715 | 2026-04-15 | 6.5 Medium | ||
| Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. | ||||
| CVE-2024-30165 | 1 Amazon | 1 Aws Client Vpn | 2026-04-15 | 7.1 High |
| Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164. | ||||
| CVE-2024-30164 | 3 Apple, Codesys, Microsoft | 3 Macos, Linux, Windows | 2026-04-15 | 6.7 Medium |
| Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this vulnerability on macOS is not the same as CVE-2024-30165. | ||||
| CVE-2024-25253 | 1 Iobit | 1 Driver Booster | 2026-04-15 | 7.5 High |
| Driver Booster v10.6 was discovered to contain a buffer overflow via the Host parameter under the Customize proxy module. | ||||
| CVE-2024-51983 | 2026-04-15 | 7.5 High | ||
| An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device. | ||||
| CVE-2025-42941 | 1 Sap | 1 Fiori Launchpad | 2026-04-15 | 3.5 Low |
| SAP Fiori (Launchpad) is vulnerable to Reverse Tabnabbing vulnerability due to inadequate external navigation protections for its link (<a>) elements. An attacker with administrative user privileges could exploit this by leveraging compromised or malicious pages. While administrative access is necessary for certain configurations, the attacker does not need the administrative privileges to execute the attack. This could result in unintended manipulation of user sessions or exposure of sensitive information. The issue impacts the confidentiality and integrity of the system, but the availability remains unaffected. | ||||
| CVE-2024-48806 | 2026-04-15 | 6.8 Medium | ||
| Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field | ||||
| CVE-2024-29666 | 2026-04-15 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. | ||||
| CVE-2024-29651 | 1 Apidevtools | 1 Json-schema-ref-parser | 2026-04-15 | 8.1 High |
| A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. | ||||
| CVE-2025-42976 | 1 Sap | 2 Netweaver, Netweaver Application Server For Abap | 2026-04-15 | 8.1 High |
| SAP NetWeaver Application Server ABAP (BIC Document) allows an authenticated attacker to craft a request that, when submitted to a BIC Document application, could cause a memory corruption error. On successful exploitation, this results in the crash of the target component. Multiple submissions can make the target completely unavailable. A similarly crafted submission can be used to perform an out-of-bounds read operation as well, revealing sensitive information that is loaded in memory at that time. There is no ability to modify any information. | ||||
| CVE-2024-29421 | 1 Xmedcon | 1 Medcon | 2026-04-15 | 6.2 Medium |
| xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code. | ||||
| CVE-2025-32089 | 2 Broadcom, Dell | 2 Bcm5820x, Controlvault3 | 2026-04-15 | 8.8 High |
| A buffer overflow vulnerability exists in the CvManager_SBI functionality of Dell ControlVault3 prior to 5.15.14.19 and Dell ControlVault3 Plus prior to 6.2.36.47. A specially crafted ControlVault API call can lead to a arbitrary code execution. An attacker can issue an api call to trigger this vulnerability. | ||||
| CVE-2024-28759 | 2026-04-15 | 4.3 Medium | ||
| A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | ||||
| CVE-2024-28042 | 2026-04-15 | 8.4 High | ||
| SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. | ||||
| CVE-2024-27282 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.6 Medium |
| An issue was discovered in Ruby 3.x through 3.3.0. If attacker-supplied data is provided to the Ruby regex compiler, it is possible to extract arbitrary heap data relative to the start of the text, including pointers and sensitive strings. The fixed versions are 3.0.7, 3.1.5, 3.2.4, and 3.3.1. | ||||
| CVE-2024-27179 | 1 Toshibatec | 40 E-studio-2010-ac, E-studio-2015-nc, E-studio-2020 Ac and 37 more | 2026-04-15 | 4.7 Medium |
| Admin cookies are written in clear-text in logs. An attacker can retrieve them and bypass the authentication mechanism. As for the affected products/models/versions, see the reference URL. | ||||
| CVE-2024-50956 | 2026-04-15 | 6.5 Medium | ||
| A buffer overflow in the RecvSocketData function of Inovance HCPLC_AM401-CPU1608TPTN 21.38.0.0, HCPLC_AM402-CPU1608TPTN 41.38.0.0, and HCPLC_AM403-CPU1608TN 81.38.0.0 allows attackers to cause a Denial of Service (DoS) or execute arbitrary code via a crafted Modbus message. | ||||
| CVE-2025-26793 | 2026-04-15 | N/A | ||
| The Web GUI configuration panel of Hirsch (formerly Identiv and Viscount) Enterphone MESH through 2024 ships with default credentials (username freedom, password viscount). The administrator is not prompted to change these credentials on initial configuration, and changing the credentials requires many steps. Attackers can use the credentials over the Internet via mesh.webadmin.MESHAdminServlet to gain access to dozens of Canadian and U.S. apartment buildings and obtain building residents' PII. NOTE: the Supplier's perspective is that the "vulnerable systems are not following manufacturers' recommendations to change the default password." | ||||
| CVE-2024-27280 | 2 Redhat, Ruby-lang | 2 Enterprise Linux, Ruby | 2026-04-15 | 9.8 Critical |
| A buffer-overread issue was discovered in StringIO 3.0.1, as distributed in Ruby 3.0.x through 3.0.6 and 3.1.x through 3.1.4. The ungetbyte and ungetc methods on a StringIO can read past the end of a string, and a subsequent call to StringIO.gets may return the memory value. 3.0.3 is the main fixed version; however, for Ruby 3.0 users, a fixed version is stringio 3.0.1.1, and for Ruby 3.1 users, a fixed version is stringio 3.0.1.2. | ||||
| CVE-2022-50803 | 2026-04-15 | 9.8 Critical | ||
| JM-DATA ONU JF511-TV version 1.0.67 uses default credentials that allow attackers to gain unauthorized access to the device with administrative privileges. | ||||