Export limit exceeded: 351439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80923 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3079 | 2026-04-15 | 8.7 High | ||
| A passback vulnerability which relates to office/small office multifunction printers and laser printers. | ||||
| CVE-2024-10674 | 1 Themehunk | 1 Th Shop Mania | 2026-04-15 | 8.8 High |
| The Th Shop Mania theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the th_shop_mania_install_and_activate_callback() function in all versions up to, and including, 1.4.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins which can be leveraged to exploit other vulnerabilities and achieve remote code execution and privilege escalation. | ||||
| CVE-2020-10095 | 2026-04-15 | 8.1 High | ||
| Various Lexmark devices have CSRF that allows an attacker to modify the configuration of the device. | ||||
| CVE-2025-3078 | 2026-04-15 | 8.7 High | ||
| A passback vulnerability which relates to production printers and office multifunction printers. | ||||
| CVE-2024-56800 | 2026-04-15 | 7.4 High | ||
| Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses. | ||||
| CVE-2024-54008 | 2026-04-15 | 7.2 High | ||
| An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. | ||||
| CVE-2024-33582 | 1 Lenovo | 1 Service Framework | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2025-65753 | 1 Gryphon | 1 Guardian Gryphon | 2026-04-15 | 7.5 High |
| An issue in the TLS certification mechanism of Guardian Gryphon v01.06.0006.22 allows attackers to execute commands as root. | ||||
| CVE-2020-36982 | 1 Motorola-device-manager | 1 Motorola Device Manager | 2026-04-15 | 7.8 High |
| Motorola Device Manager 2.5.4 contains an unquoted service path vulnerability in the MotoHelperService.exe service that allows local users to potentially inject malicious code. Attackers can exploit the unquoted path in the service configuration to execute arbitrary code with elevated system privileges during service startup. | ||||
| CVE-2024-56732 | 2026-04-15 | 8.8 High | ||
| HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | ||||
| CVE-2024-5672 | 2026-04-15 | 7.2 High | ||
| A high privileged remote attacker can execute arbitrary system commands via GET requests due to improper neutralization of special elements used in an OS command. | ||||
| CVE-2025-40063 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same definition of context alloc and free ops In commit 42d9f6c77479 ("crypto: acomp - Move scomp stream allocation code into acomp"), the crypto_acomp_streams struct was made to rely on having the alloc_ctx and free_ctx operations defined in the same order as the scomp_alg struct. But in that same commit, the alloc_ctx and free_ctx members of scomp_alg may be randomized by structure layout randomization, since they are contained in a pure ops structure (containing only function pointers). If the pointers within scomp_alg are randomized, but those in crypto_acomp_streams are not, then the order may no longer match. This fixes the problem by removing the union from scomp_alg so that both crypto_acomp_streams and scomp_alg will share the same definition of alloc_ctx and free_ctx, ensuring they will always have the same layout. | ||||
| CVE-2024-9935 | 1 Redefiningtheweb | 1 Pdf Generator Addon For Elementor Page Builder | 2026-04-15 | 7.5 High |
| The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 2.0.0 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-24569 may be a duplicate of this issue. | ||||
| CVE-2024-55500 | 2026-04-15 | 8.8 High | ||
| Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. | ||||
| CVE-2025-11045 | 1 Wayos | 5 Lq-04, Lq-05, Lq-06 and 2 more | 2026-04-15 | 7.3 High |
| A vulnerability was identified in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. The attack can be initiated remotely. The exploit is publicly available and might be used. | ||||
| CVE-2025-40763 | 1 Siemens | 1 Altair Grid Engine | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in Altair Grid Engine (All versions < V2026.0.0). Affected products do not properly validate environment variables when loading shared libraries, allowing path hijacking through malicious library substitution. This could allow a local attacker to execute arbitrary code with superuser privileges by manipulating the environment variable and placing a malicious library in the controlled path. | ||||
| CVE-2024-33787 | 2026-04-15 | 8.2 High | ||
| Hengan Weighing Management Information Query Platform 2019-2021 53.25 was discovered to contain a SQL injection vulnerability via the tuser_Number parameter at search_user.aspx. | ||||
| CVE-2023-52235 | 1 Spacex Starlink Wi Fi Router Gen 2 | 1 Spacex Starlink Wi Fi Router Gen 2 | 2026-04-15 | 8.8 High |
| SpaceX Starlink Wi-Fi router GEN 2 before 2023.53.0 and Starlink Dish before 07dd2798-ff15-4722-a9ee-de28928aed34 allow CSRF (e.g., for a reboot) via a DNS Rebinding attack. | ||||
| CVE-2024-33818 | 1 Globitel | 1 Speechlog | 2026-04-15 | 7.5 High |
| Globitel KSA SpeechLog v8.1 was discovered to contain an Insecure Direct Object Reference (IDOR) via the userID parameter. | ||||
| CVE-2024-33831 | 1 Ymfe | 1 Yapi | 2026-04-15 | 7.4 High |
| A stored cross-site scripting (XSS) vulnerability in the Advanced Expectation - Response module of yapi v1.10.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field. | ||||