Export limit exceeded: 351284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80869 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46386 | 2026-04-15 | 8.8 High | ||
| CWE-639 Authorization Bypass Through User-Controlled Key | ||||
| CVE-2024-31484 | 1 Siemens | 2 Cpc80 Central Processing\/communication, Cpci85 Central Processing\/communication | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in CPC80 Central Processing/Communication (All versions < V16.41), CPCI85 Central Processing/Communication (All versions < V5.30), CPCX26 Central Processing/Communication (All versions < V06.02), ETA4 Ethernet Interface IEC60870-5-104 (All versions < V10.46), ETA5 Ethernet Int. 1x100TX IEC61850 Ed.2 (All versions < V03.27), PCCX26 Ax 1703 PE, Contr, Communication Element (All versions < V06.05). The affected devices contain an improper null termination vulnerability while parsing a specific HTTP header. This could allow an attacker to execute code in the context of the current process or lead to denial of service condition. | ||||
| CVE-2025-0675 | 2026-04-15 | 7.5 High | ||
| Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure. | ||||
| CVE-2025-23356 | 1 Nvidia | 1 Isaac Lab | 2026-04-15 | 8.4 High |
| NVIDIA Isaac Lab contains a vulnerability in SB3 configuration parsing. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2024-10587 | 1 Funnelforms | 1 Interactive Contact Form And Multi Step Form Builder With Drag And Drop Editor Funnelforms Free | 2026-04-15 | 8.8 High |
| The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.5.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2025-2415 | 1 Akinsoft | 1 Myrezzta | 2026-04-15 | 8.6 High |
| Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft MyRezzta allows Authentication Bypass.This issue affects MyRezzta: from s2.03.01 before v2.05.01. | ||||
| CVE-2023-5410 | 1 Hp Inc | 4 Business Desktop Pcs, Business Notebook Pcs, Thin Client and 1 more | 2026-04-15 | 8.2 High |
| A potential security vulnerability has been reported in the system BIOS of certain HP PC products, which might allow memory tampering. HP is releasing mitigation for the potential vulnerability. | ||||
| CVE-2024-36432 | 1 Supermicro | 4 X11dpg-hgx2 Firmware, X11pdg-ot Firmware, X11pdg-qt Firmware and 1 more | 2026-04-15 | 7.5 High |
| An arbitrary memory write vulnerability was discovered in Supermicro X11DPG-HGX2, X11PDG-QT, X11PDG-OT, and X11PDG-SN motherboards with BIOS firmware before 4.4. | ||||
| CVE-2024-5705 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2026-04-15 | 8.8 High |
| The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. | ||||
| CVE-2024-36427 | 1 Targit | 1 Decision Suite | 2026-04-15 | 8.1 High |
| The file-serving function in TARGIT Decision Suite before 24.06.19002 (TARGIT Decision Suite 2024 – June) allows authenticated attackers to read or write to server files via a crafted file request. This can allow code execution via a .xview file. | ||||
| CVE-2024-5706 | 2026-04-15 | 8.8 High | ||
| The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers during the creation of Community Dashboards, allowing control of system-level data sources. An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users. | ||||
| CVE-2024-36426 | 1 Targit | 1 Decision Suite 23.2.15007.0 | 2026-04-15 | 7.5 High |
| In TARGIT Decision Suite 23.2.15007.0 before Autumn 2023, the session token is part of the URL and may be sent in a cleartext HTTP session. | ||||
| CVE-2024-11952 | 1 Webcodingplace | 1 Classic Addons Wp Bakery Page Builder Plugin For Wordpress | 2026-04-15 | 7.5 High |
| The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. | ||||
| CVE-2024-39840 | 1 Factorio | 1 Factorio | 2026-04-15 | 8.8 High |
| Factorio before 1.1.101 allows a crafted server to execute arbitrary code on clients via a custom map that leverages the ability of certain Lua base module functions to execute bytecode and generate fake objects. | ||||
| CVE-2024-57066 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.deep function of @ndhoule/defaults v2.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57068 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.mutateMergeDeep function of @tanstack/form-core v0.35.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-12254 | 2 Python Software Foundation, Redhat | 3 Cpython, Enterprise Linux, Rhel Eus | 2026-04-15 | 7.5 High |
| Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. | ||||
| CVE-2024-57069 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib function of expand-object v0.4.2 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57071 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.combine function of php-parser v3.2.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-40516 | 1 H3c | 1 Rc3000 Firmware | 2026-04-15 | 8.8 High |
| An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality. | ||||