Export limit exceeded: 346708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346708 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-48771 | 1 Almando | 1 Almando Play Firmware | 2026-04-15 | 7.5 High |
| An issue in almando GmbH Almando Play APP (com.almando.play) 1.8.2 allows a remote attacker to obtain sensitive information via the firmware update process | ||||
| CVE-2024-27458 | 1 Hp | 40 Elite Dragonfly Firmware, Elite Dragonfly G2 Firmware, Elite Dragonfly Max Firmware and 37 more | 2026-04-15 | 8.8 High |
| A potential security vulnerability has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. HP is releasing mitigation for the potential vulnerability. Customers using HP Programmable Key are recommended to update HP Hotkey Support. | ||||
| CVE-2024-48772 | 1 C-chip | 1 C-chip Firmware | 2026-04-15 | 9.1 Critical |
| An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-2746 | 2026-04-15 | 8.8 High | ||
| Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question. On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker. | ||||
| CVE-2024-48779 | 1 Wanxingtechnology | 1 Yitu Project Management Software | 2026-04-15 | 9.8 Critical |
| An issue in Wanxing Technology's Yitu project Management Software 3.2.2 allows a remote attacker to execute arbitrary code via the platformpluginpath parameter to specify that the qt plugin loads the directory. | ||||
| CVE-2024-27488 | 1 Zlmediakit | 1 Zlmediakit | 2026-04-15 | 9.8 Critical |
| Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful api interface, but the secret is hardcoded by default. | ||||
| CVE-2024-48788 | 1 Yescam | 1 Yescam Firmware | 2026-04-15 | 7.5 High |
| An issue in YESCAM (com.yescom.YesCam.zwave) 1.0.2 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-27489 | 1 Weimengcms | 1 Wmcms | 2026-04-15 | 7.5 High |
| An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. | ||||
| CVE-2025-12638 | 1 Keras | 1 Keras | 2026-04-15 | N/A |
| Keras version 3.11.3 is affected by a path traversal vulnerability in the keras.utils.get_file() function when extracting tar archives. The vulnerability arises because the function uses Python's tarfile.extractall() method without the security-critical filter='data' parameter. Although Keras attempts to filter unsafe paths using filter_safe_paths(), this filtering occurs before extraction, and a PATH_MAX symlink resolution bug triggers during extraction. This bug causes symlink resolution to fail due to path length limits, resulting in a security bypass that allows files to be written outside the intended extraction directory. This can lead to arbitrary file writes outside the cache directory, enabling potential system compromise or malicious code execution. The vulnerability affects Keras installations that process tar archives with get_file() and does not affect versions where this extraction method is secured with the appropriate filter parameter. | ||||
| CVE-2024-27518 | 1 Superantispyware | 1 Professional X | 2026-04-15 | 7.8 High |
| An issue in SUPERAntiSyware Professional X 10.0.1262 and 10.0.1264 allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:\Program Files\SUPERAntiSpyware folder. | ||||
| CVE-2024-2756 | 2 Php, Redhat | 2 Archive Tar, Enterprise Linux | 2026-04-15 | 6.5 Medium |
| Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications. | ||||
| CVE-2024-48795 | 1 Creative Labs Pte Ltd | 1 Com Creative Apps Xficonnect | 2026-04-15 | 5.3 Medium |
| An issue in Creative Labs Pte Ltd com.creative.apps.xficonnect 2.00.02 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-27575 | 1 Inotec | 1 Gmbh Webserver | 2026-04-15 | 7.5 High |
| INOTEC Sicherheitstechnik WebServer CPS220/64 3.3.19 allows a remote attacker to read arbitrary files via absolute path traversal, such as with the /cgi-bin/display?file=/etc/passwd URI. | ||||
| CVE-2024-48813 | 1 Employee Management System Project | 1 Employee Management System | 2026-04-15 | 8.8 High |
| SQL injection vulnerability in employee-management-system-php-and-mysql-free-download.html taskmatic 1.0 allows a remote attacker to execute arbitrary code via the admin_id parameter of the /update-employee.php component. | ||||
| CVE-2024-2758 | 2026-04-15 | 6.3 Medium | ||
| Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. | ||||
| CVE-2024-27627 | 1 Supercali | 1 Supercali | 2026-04-15 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. | ||||
| CVE-2024-48821 | 1 Automatic Systems | 1 Maintenance Slimlane | 2026-04-15 | 6.1 Medium |
| Cross Site Scripting vulnerability in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php component. | ||||
| CVE-2024-9907 | 1 Qilecms | 1 Qilecms | 2026-04-15 | 3.7 Low |
| A vulnerability classified as problematic was found in QileCMS up to 1.1.3. This vulnerability affects the function sendEmail of the file /qilecms/user/controller/Forget.php of the component Verification Code Handler. The manipulation leads to weak password recovery. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-27706 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. | ||||
| CVE-2024-48823 | 1 Automatic Systems | 1 Maintenance Slimlane | 2026-04-15 | 9.8 Critical |
| Local file inclusion in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the PassageAutoServer.php page. | ||||