Export limit exceeded: 346380 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346380 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0099 | 2026-04-15 | 7.8 High | ||
| NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could cause buffer overrun in the host. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | ||||
| CVE-2024-41917 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-04-15 | 7.5 High |
| Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-6069 | 1 Genetech Products | 5 Content Registration, Front End User Profile Login Form, Invitation Based Registrations and 2 more | 2026-04-15 | 8.8 High |
| The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pieregister_install_addon function in all versions up to, and including, 3.8.3.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to install arbitrary plugins. As a result attackers might achieve code execution on the targeted server | ||||
| CVE-2024-0105 | 2026-04-15 | 8.9 High | ||
| NVIDIA ConnectX Firmware contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | ||||
| CVE-2024-0106 | 2026-04-15 | 8.7 High | ||
| NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit (DPU) contains a vulnerability where an attacker may cause an improper handling of insufficient privileges issue. A successful exploit of this vulnerability may lead to denial of service, data tampering, and limited information disclosure. | ||||
| CVE-2025-9060 | 1 Msoft | 1 Mflash | 2026-04-15 | 9.1 Critical |
| A vulnerability has been found in the MSoft MFlash application that allows execution of arbitrary code on the server. The issue occurs in the integration configuration functionality that is only available to MFlash administrators. The vulnerability is related to insufficient validation of parameters when setting up security components. This issue affects MFlash v. 8.0 and possibly others. To mitigate apply 8.2-653 hotfix 11.06.2025 and above. | ||||
| CVE-2024-0112 | 2026-04-15 | 7.5 High | ||
| NVIDIA Jetson AGX Orin™ and NVIDIA IGX Orin software contain a vulnerability where an attacker can cause an improper input validation issue by escalating certain permissions to a limited degree. A successful exploit of this vulnerability might lead to code execution, denial of service, data corruption, information disclosure, or escalation of privilege. | ||||
| CVE-2024-41924 | 1 Ec-cube | 1 Ec-cube | 2026-04-15 | 7.2 High |
| Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities. | ||||
| CVE-2024-6078 | 1 Rockwellautomation | 1 Datamosaix | 2026-04-15 | N/A |
| CVE-2024-6078 IMPACT An improper authentication vulnerability exists in the affected product, which could allow a malicious user to generate cookies for any user ID without the use of a username or password. If exploited, a malicious user could take over the account of a legitimate user. The malicious user would be able to view and modify data stored in the cloud. | ||||
| CVE-2024-0119 | 1 Nvidia | 3 Cloud Gaming Guest, Gpu Display Driver, Virtual Gpu | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0121 | 1 Nvidia | 3 Cloud Gaming Guest, Gpu Display Driver, Virtual Gpu | 2026-04-15 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds read. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-0126 | 1 Nvidia | 3 Cloud Gaming Virtual Gpu, Gpu Display Driver, Virtual Gpu Manager | 2026-04-15 | 8.2 High |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability which could allow a privileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-41925 | 1 Optigo | 1 Ons-s8 Firmware | 2026-04-15 | 9.8 Critical |
| The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. | ||||
| CVE-2024-0138 | 1 Nvidia | 1 Base Command Manager | 2026-04-15 | 9.8 Critical |
| NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2024-41928 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 8.4 High |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
| CVE-2024-0145 | 2026-04-15 | 6.8 Medium | ||
| NVIDIA nvJPEG2000 library contains a vulnerability where an attacker can cause a heap-based buffer overflow issue by means of a specially crafted JPEG2000 file. A successful exploit of this vulnerability might lead to code execution and data tampering. | ||||
| CVE-2024-0146 | 2026-04-15 | 7.8 High | ||
| NVIDIA vGPU software contains a vulnerability in the Virtual GPU Manager, where a malicious guest could cause memory corruption. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, or data tampering. | ||||
| CVE-2024-41929 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2026-04-15 | 8.8 High |
| Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2024-0148 | 2026-04-15 | 7.6 High | ||
| NVIDIA Jetson Linux and IGX OS image contains a vulnerability in the UEFI firmware RCM boot mode, where an unprivileged attacker with physical access to the device could load untrusted code. A successful exploit might lead to code execution, escalation of privileges, data tampering, denial of service, and information disclosure. The scope of the impacts can extend to other components. | ||||
| CVE-2024-4193 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||