Export limit exceeded: 346652 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346652 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47790 | 1 D3dsecurity | 1 D8801 | 2026-04-15 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by crafting a RTSP packet leading to unauthorized access to live feed of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2025-6099 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. | ||||
| CVE-2024-47789 | 1 D3dsecurity | 1 D8801 | 2026-04-15 | N/A |
| ** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of weak authentication scheme of the HTTP header protocol where authorization tag contain a Base-64 encoded username and password. A remote attacker could exploit this vulnerability by crafting a HTTP packet leading to exposure of user credentials of the targeted device. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-2493 | 2026-04-15 | 7.5 High | ||
| Session Hijacking vulnerability in Hitachi Ops Center Analyzer.This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.1-00. | ||||
| CVE-2025-60023 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 4 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and delete arbitrary directories on the target machine. | ||||
| CVE-2025-59776 | 1 Automationdirect | 8 P1-540, P1-550, P2-550 and 5 more | 2026-04-15 | 4 Medium |
| A relative path traversal vulnerability was discovered in Productivity Suite software version 4.4.1.19. The vulnerability allows an unauthenticated remote attacker to interact with the ProductivityService PLC simulator and create arbitrary directories on the target machine. | ||||
| CVE-2024-24899 | 2026-04-15 | 7.2 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. | ||||
| CVE-2024-47784 | 2026-04-15 | 2.6 Low | ||
| Unverified Password Change for ANC software that allows an authenticated attacker to bypass the old Password check in the password change form via a web HMI This issue affects ANC software version 1.1.4 and earlier. | ||||
| CVE-2024-24898 | 2026-04-15 | 6 Medium | ||
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in openEuler kernel on Linux allows Resource Leak Exposure. This vulnerability is associated with program files https://gitee.Com/openeuler/kernel/blob/openEuler-1.0-LTS/drivers/staging/gmjstcm/tcm.C. This issue affects kernel: from 4.19.90-2109.1.0.0108 before 4.19.90-2403.4.0.0244. | ||||
| CVE-2024-2461 | 2026-04-15 | N/A | ||
| If exploited an attacker could traverse the file system to access files or directories that would otherwise be inaccessible | ||||
| CVE-2025-7698 | 2 Canon, Canon Inc. | 10 Generic Plus Lips4 Printer Driver, Generic Plus Lipslx Printer Driver, Generic Plus Pcl6 Printer Driver and 7 more | 2026-04-15 | 5.9 Medium |
| Out-of-bounds read vulnerabilities in print processing of Generic Plus PCL6 Printer Driver / Generic Plus UFR II Printer Driver / Generic Plus LIPS4 Printer Driver / Generic Plus LIPSLX Printer Driver / Generic Plus PS Printer Driver / UFRII LT Printer Driver / CARPS2 Printer Driver / Generic FAX Driver / LIPS4 Printer Driver / LIPSLX Printer Driver / UFR II Printer Driver / PS Printer Driver / PCL6 Printer Driver | ||||
| CVE-2024-24700 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Benjamin Rojas WP Editor allows Reflected XSS.This issue affects WP Editor: from n/a through 1.2.8. | ||||
| CVE-2024-24703 | 2 Multivendorx, Wordpress | 2 Wc Marketplace, Wordpress | 2026-04-15 | 8.6 High |
| Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25. | ||||
| CVE-2025-2081 | 2026-04-15 | N/A | ||
| Optigo Networks Visual BACnet Capture Tool and Optigo Visual Networks Capture Tool version 3.1.2rc11 are vulnerable to an attacker impersonating the web application service and mislead victim clients. | ||||
| CVE-2024-24707 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 9.9 Critical |
| Improper Control of Generation of Code ('Code Injection') vulnerability in Cwicly Builder, SL. Cwicly allows Code Injection.This issue affects Cwicly: from n/a through 1.4.0.2. | ||||
| CVE-2024-24719 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. | ||||
| CVE-2025-48501 | 2026-04-15 | N/A | ||
| An OS command injection issue exists in Nimesa Backup and Recovery v2.3 and v2.4. If this vulnerability is exploited, an arbitrary OS commands may be executed on the server where the product is running. | ||||
| CVE-2024-2476 | 2026-04-15 | 4.3 Medium | ||
| The OceanWP theme for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the load_theme_panel_pane function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to expose sensitive information such as system/environment data and API keys. | ||||
| CVE-2024-24783 | 1 Redhat | 23 Advanced Cluster Security, Ansible Automation Platform, Ceph Storage and 20 more | 2026-04-15 | 5.9 Medium |
| Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. | ||||
| CVE-2024-24784 | 2 Go Standard Library, Redhat | 14 Net\/mail, Advanced Cluster Security, Ceph Storage and 11 more | 2026-04-15 | 7.5 High |
| The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. | ||||