Export limit exceeded: 347341 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347341 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-54013 | 1 Hanwhavision | 1 Qnd-8080r | 2026-04-28 | N/A |
| Penetration Testing engineers at Amazon have identified a security flaw related to request handling in the web server component that could, under certain conditions, lead to unintended access to protected functions. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds | ||||
| CVE-2026-7229 | 1 Code-projects | 1 Coaching Management System | 2026-04-28 | 6.3 Medium |
| A vulnerability was found in code-projects Coaching Management System 1.0. This affects an unknown function of the file /cims/modules/admin/reply.php of the component POST Handler. Performing a manipulation of the argument complaintreply results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-7242 | 1 Totolink | 2 A8000ru, A8000ru Firmware | 2026-04-28 | 9.8 Critical |
| A vulnerability was determined in Totolink A8000RU 7.1cu.643_b20200521. Impacted is the function setOpenVpnClientCfg of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. Executing a manipulation of the argument enabled can lead to os command injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2024-54011 | 1 Hanwhavision | 1 Qnd-8080r | 2026-04-28 | N/A |
| Penetration Testing engineers at Amazon have discovered a flaw where the camera system fails to properly handle data supplied in certain requests, causing a service disruption. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2026-7238 | 1 Code-projects | 1 Online Music Site | 2026-04-28 | 4.7 Medium |
| A flaw has been found in code-projects Online Music Site 1.0. This affects an unknown part of the file /Administrator/PHP/AdminUpdateAlbum.php. This manipulation of the argument txtimage causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||||
| CVE-2026-7247 | 1 D-link | 1 Di-8100 | 2026-04-28 | 7.2 High |
| A vulnerability has been found in D-Link DI-8100 16.07.26A1. Affected by this issue is the function file_exten_asp of the file file_exten.asp of the component File Extension Handler. The manipulation of the argument Name leads to buffer overflow. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2026-7268 | 1 Sourcecodester | 1 Pizzafy Ecommerce System | 2026-04-28 | 6.3 Medium |
| A vulnerability has been found in SourceCodester Pizzafy Ecommerce System 1.0. This impacts the function save_category of the file /admin/ajax.php?action=save_category. Such manipulation of the argument Name leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-24118 | 1 Apple | 2 Ipados, Macos | 2026-04-28 | 9.8 Critical |
| The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2025-24087 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| The issue was addressed with additional permissions checks. This issue is fixed in macOS Sequoia 15.3. An app may be able to access protected user data. | ||||
| CVE-2025-24117 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 5.5 Medium |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, visionOS 2.3, watchOS 11.3. An app may be able to fingerprint the user. | ||||
| CVE-2025-24121 | 1 Apple | 1 Macos | 2026-04-28 | 3.3 Low |
| A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to modify protected parts of the file system. | ||||
| CVE-2025-24127 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2026-04-28 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.4, macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3, tvOS 18.3, visionOS 2.3. Parsing a file may lead to an unexpected app termination. | ||||
| CVE-2025-24146 | 1 Apple | 1 Macos | 2026-04-28 | 9.8 Critical |
| This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. Deleting a conversation in Messages may expose user contact information in system logging. | ||||
| CVE-2025-24106 | 1 Apple | 1 Macos | 2026-04-28 | 6.5 Medium |
| This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An app may be able to cause unexpected system termination. | ||||
| CVE-2025-24096 | 1 Apple | 1 Macos | 2026-04-28 | 5.5 Medium |
| This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.3. A malicious app may be able to access arbitrary files. | ||||
| CVE-2026-24303 | 1 Microsoft | 1 Partner Center | 2026-04-28 | 9.6 Critical |
| Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network. | ||||
| CVE-2026-28132 | 2 Villatheme, Wordpress | 2 Woocommerce Photo Reviews, Wordpress | 2026-04-28 | 5.3 Medium |
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in villatheme WooCommerce Photo Reviews woocommerce-photo-reviews allows Code Injection.This issue affects WooCommerce Photo Reviews: from n/a through <= 1.4.4. | ||||
| CVE-2026-28133 | 2 Wordpress, Wp Chill | 2 Wordpress, Filr | 2026-04-28 | 8.5 High |
| Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.14. | ||||
| CVE-2026-28123 | 2 Ancorathemes, Wordpress | 2 Veil, Wordpress | 2026-04-28 | 8.1 High |
| Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AncoraThemes Veil veil allows PHP Local File Inclusion.This issue affects Veil: from n/a through <= 1.9. | ||||
| CVE-2026-35431 | 1 Microsoft | 2 Entra Id, Microsoft Entra Id | 2026-04-28 | 10 Critical |
| Server-side request forgery (ssrf) in Microsoft Entra ID Entitlement Management allows an unauthorized attacker to perform spoofing over a network. | ||||