Export limit exceeded: 43313 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (43313 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36573 | 1 Almela | 1 Obx | 2026-04-15 | 9.8 Critical |
| almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. | ||||
| CVE-2024-36574 | 1 Amirziai | 1 Flatten Json | 2026-04-15 | 6.3 Medium |
| A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) | ||||
| CVE-2024-7013 | 1 Panasonic | 1 Control Fpwin Pro | 2026-04-15 | 7.8 High |
| Stack-based buffer overflow in Control FPWIN Pro version 7.7.2.0 and all previous versions may allow attackers to execute arbitrary code via a specially crafted project file. | ||||
| CVE-2024-36577 | 1 Apphp | 1 Apphp Js-object-resolver | 2026-04-15 | 8.3 High |
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | ||||
| CVE-2024-36578 | 1 Akbr | 1 Update | 2026-04-15 | 5.9 Medium |
| akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. | ||||
| CVE-2024-36580 | 2026-04-15 | 9.8 Critical | ||
| A Prototype Pollution issue in cdr0 sg 1.0.10 allows an attacker to execute arbitrary code. | ||||
| CVE-2024-36582 | 1 Alykoshin | 1 Mini-deep-assign | 2026-04-15 | 9.8 Critical |
| alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) | ||||
| CVE-2023-28362 | 1 Redhat | 1 Satellite | 2026-04-15 | 4 Medium |
| The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | ||||
| CVE-2023-28902 | 2026-04-15 | 3.3 Low | ||
| An integer underflow in the image processing binary of the MIB3 infotainment unit allows an attacker with local access to the vehicle to cause denial-of-service of the infotainment system. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2023-28905 | 2026-04-15 | 8 High | ||
| A heap buffer overflow in the image processing binary of the MIB3 infotainment unit allows an attacker to execute arbitrary code on it. The vulnerability was originally discovered in Skoda Superb III car with MIB3 infotainment unit OEM part number 3V0035820. The list of affected MIB3 OEM part numbers is provided in the referenced resources. | ||||
| CVE-2024-5801 | 2026-04-15 | N/A | ||
| Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | ||||
| CVE-2024-57970 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4 Medium |
| libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. | ||||
| CVE-2024-22363 | 2026-04-15 | 7.5 High | ||
| SheetJS Community Edition before 0.20.2 is vulnerable.to Regular Expression Denial of Service (ReDoS). | ||||
| CVE-2025-26789 | 2026-04-15 | N/A | ||
| An issue was discovered in Logpoint AgentX before 1.5.0. A vulnerability caused by limited access controls allowed li-admin users to access sensitive information about AgentX Manager in a Logpoint deployment. | ||||
| CVE-2024-57086 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57063 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib function of php-date-formatter v1.3.6 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57065 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.createPath function of utile v0.3.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-38363 | 1 Airbyte | 1 Airbytehq | 2026-04-15 | 8.6 High |
| Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2. | ||||
| CVE-2025-46333 | 2026-04-15 | N/A | ||
| z2d is a pure Zig 2D graphics library. Versions of z2d after `0.5.1` and up to and including `0.6.0`, when writing from one surface to another using `z2d.compositor.StrideCompositor.run`, and higher-level operations when the anti-aliasing mode is set to `.default` (such as `Context.fill`, `Context.stroke`, `painter.fill`, and `painter.stroke`), the source surface can be completely out-of-bounds on the x-axis, but not on the y-axis, by way of a negative offset. This results in an overflow of the value controlling the length of the stride. In non-safe optimization modes (consumers compiling with `ReleaseFast` or `ReleaseSmall`), this could potentially lead to invalid memory accesses or corruption. This issue is patched in version `0.6.1`. Users on an untagged version after `v0.5.1` and before `v0.6.1` are advised to update to address the vulnerability. Those still on Zig `0.13.0` are recommended to downgrade to `v0.5.1`. | ||||
| CVE-2025-26408 | 2026-04-15 | 6.1 Medium | ||
| The JTAG interface of Wattsense Bridge devices can be accessed with physical access to the PCB. After connecting to the interface, full access to the device is possible. This enables an attacker to extract information, modify and debug the device's firmware. All known versions are affected. | ||||