Export limit exceeded: 12765 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12765 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36441 | 1 Swissphone | 1 Dical-red 4009 | 2026-04-15 | 5.4 Medium |
| Swissphone DiCal-RED 4009 devices allow an unauthenticated attacker use a port-2101 TCP connection to gain access to operation messages that are received by the device. | ||||
| CVE-2024-36443 | 2026-04-15 | 7.6 High | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | ||||
| CVE-2024-36532 | 1 Openkruise | 1 Kruise | 2026-04-15 | 10 Critical |
| Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-37019 | 1 Northern.tech | 1 Mender | 2026-04-15 | 9.8 Critical |
| Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||||
| CVE-2024-38310 | 2026-04-15 | 8.2 High | ||
| Improper access control in some Intel(R) Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-10952 | 1 Geyang | 1 Ml-logger | 2026-04-15 | 5.3 Medium |
| A security flaw has been discovered in geyang ml-logger up to acf255bade5be6ad88d90735c8367b28cbe3a743. Affected by this issue is the function stream_handler of the file ml_logger/server.py of the component File Handler. Performing manipulation of the argument key results in information disclosure. The attack can be initiated remotely. The exploit has been released to the public and may be exploited. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. | ||||
| CVE-2024-39597 | 1 Sap | 2 Commerce Cloud, Commerce Hycom | 2026-04-15 | 7.2 High |
| In SAP Commerce, a user can misuse the forgotten password functionality to gain access to a Composable Storefront B2B site for which early login and registration is activated, without requiring the merchant to approve the account beforehand. If the site is not configured as isolated site, this can also grant access to other non-isolated early login sites, even if registration is not enabled for those other sites. | ||||
| CVE-2024-42194 | 2026-04-15 | 3.1 Low | ||
| An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call. | ||||
| CVE-2024-43101 | 2026-04-15 | 5.3 Medium | ||
| Improper access control for some Intel(R) Data Center GPU Flex Series for Windows driver software before version 31.0.101.4255 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2025-10571 | 1 Abb | 1 Ability Edgenius | 2026-04-15 | 9.6 Critical |
| Authentication Bypass Using an Alternate Path or Channel vulnerability in ABB ABB Ability Edgenius.This issue affects ABB Ability Edgenius: 3.2.0.0, 3.2.1.1. | ||||
| CVE-2024-47910 | 1 Sonarsource | 1 Sonarqube | 2026-04-15 | 7.2 High |
| An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | ||||
| CVE-2025-2080 | 2026-04-15 | N/A | ||
| Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 contain an exposed web management service that could allow an attacker to bypass authentication measures and gain controls over utilities within the products. | ||||
| CVE-2024-5163 | 1 Tecno | 1 Com.transsion.carlcare | 2026-04-15 | 9.8 Critical |
| Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security risks. | ||||
| CVE-2024-5168 | 2026-04-15 | 9.8 Critical | ||
| Improper access control vulnerability in Prodys' Quantum Audio codec affecting versions 2.3.4t and below. This vulnerability could allow an unauthenticated user to bypass authentication entirely and execute arbitrary API requests against the web application. | ||||
| CVE-2024-45438 | 2026-04-15 | 9.1 Critical | ||
| An issue was discovered in TitanHQ SpamTitan Email Security Gateway 8.00.x before 8.00.101 and 8.01.x before 8.01.14. The file quarantine.php within the SpamTitan interface allows unauthenticated users to trigger account-level actions using a crafted GET request. Notably, when a non-existent email address is provided as part of the email parameter, SpamTitan will automatically create a user record and associate quarantine settings with it - all without requiring authentication. | ||||
| CVE-2025-10538 | 1 Lg | 2 Lnd7210, Lnv7210r | 2026-04-15 | N/A |
| An authentication bypass vulnerability exists in LG Innotek camera models LND7210 and LNV7210R. The vulnerability allows a malicious actor to gain access to camera information including user account information. | ||||
| CVE-2024-5201 | 2026-04-15 | 8.8 High | ||
| Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request | ||||
| CVE-2025-15135 | 2026-04-15 | 6.3 Medium | ||
| A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launched remotely. The exploit has been made available to the public and could be exploited. Upgrading to version 4.0.0 will fix this issue. It is recommended to upgrade the affected component. | ||||
| CVE-2024-5650 | 2026-04-15 | 8.5 High | ||
| DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to execute arbitrary programs with the authority of the SYSTEM account. The affected products and versions are as follows: CENTUM CS 3000 R3.08.10 to R3.09.50 CENTUM VP R4.01.00 to R4.03.00, R5.01.00 to R5.04.20, R6.01.00 to R6.11.10. | ||||
| CVE-2024-10729 | 1 Tychesoftwares | 1 Booking And Appointment Plugin For Woo Commerce | 2026-04-15 | 8.8 High |
| The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. | ||||