Export limit exceeded: 346730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346730 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346730 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22263 | 2026-04-15 | 8.8 High | ||
| Spring Cloud Data Flow is a microservices-based Streaming and Batch data processing in Cloud Foundry and Kubernetes. The Skipper server has the ability to receive upload package requests. However, due to improper sanitization for upload path, a malicious user who has access to skipper server api can use a crafted upload request to write arbitrary file to any location on file system, may even compromises the server. | ||||
| CVE-2024-22264 | 1 Vmware | 1 Vmware Avi Load Balancer | 2026-04-15 | 7.2 High |
| VMware Avi Load Balancer contains a privilege escalation vulnerability. A malicious actor with admin privileges on VMware Avi Load Balancer can create, modify, execute and delete files as a root user on the host system. | ||||
| CVE-2024-22276 | 2026-04-15 | 5.3 Medium | ||
| VMware Cloud Director Object Storage Extension contains an Insertion of Sensitive Information vulnerability. A malicious actor with adjacent access to web/proxy server logging may be able to obtain sensitive information from URLs that are logged. | ||||
| CVE-2024-2229 | 2026-04-15 | 7.8 High | ||
| CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. | ||||
| CVE-2024-22303 | 1 Favethemes | 1 Houzez | 2026-04-15 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 3.2.4. | ||||
| CVE-2024-22311 | 2026-04-15 | 7.1 High | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N Squared Simply Schedule Appointments allows Reflected XSS.This issue affects Simply Schedule Appointments: from n/a through 1.6.6.20. | ||||
| CVE-2024-23594 | 2026-04-15 | 6.4 Medium | ||
| A buffer overflow vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to execute arbitrary code. | ||||
| CVE-2024-22374 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 6.5 Medium |
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-22376 | 1 Intel | 1 Ethernet Adapter Complete Driver Pack | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path element in some installation software for Intel(R) Ethernet Adapter Driver Pack before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22378 | 1 Intel | 1 Unite | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Intel Unite(R) Client Extended Display Plugin software installers before version 1.1.352.157 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22379 | 2026-04-15 | 6.7 Medium | ||
| Uncontrolled search path in some Intel(R) Inspector software before version 2024.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-22383 | 1 Gallagher | 1 Controller 7000 | 2026-04-15 | 6.2 Medium |
| Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)). | ||||
| CVE-2024-22384 | 2026-04-15 | 2.8 Low | ||
| Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-22385 | 2026-04-15 | 4.4 Medium | ||
| Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before 3.7.4. | ||||
| CVE-2024-22390 | 2026-04-15 | 4.4 Medium | ||
| Improper input validation in firmware for some Intel(R) FPGA products before version 2.9.1 may allow denial of service. | ||||
| CVE-2024-22398 | 1 Sonicwall | 1 Email Security | 2026-04-15 | 4.9 Medium |
| An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. | ||||
| CVE-2025-54364 | 1 Microsoft | 1 Knack | 2026-04-15 | N/A |
| Microsoft Knack 0.12.0 allows Regular expression Denial of Service (ReDoS) in the knack.introspection module. option_descriptions employs an inefficient regular expression pattern: "\s(:param)\s+(.+?)\s:(.*)" that is susceptible to catastrophic backtracking when processing crafted docstrings containing a large volume of whitespace without a terminating colon. An attacker who can control or inject docstring content into affected applications can trigger excessive CPU consumption. This software is used by Azure CLI. | ||||
| CVE-2025-54369 | 1 Node-saml | 1 Node-saml | 2026-04-15 | N/A |
| Node-SAML is a SAML library not dependent on any frameworks that runs in Node. In versions 5.0.1 and below, Node-SAML loads the assertion from the (unsigned) original response document. This is different than the parts that are verified when checking signature. This allows an attacker to modify authentication details within a valid SAML assertion. For example, in one attack it is possible to remove any character from the SAML assertion username. This issue is fixed in version 5.1.0. | ||||
| CVE-2025-54384 | 1 Ckan | 1 Ckan | 2026-04-15 | 6.3 Medium |
| CKAN is an open-source DMS (data management system) for powering data hubs and data portals. Prior to 2.10.9 and 2.11.4, the helpers.markdown_extract() function did not perform sufficient sanitization of input data before wrapping in an HTML literal element. This helper is used to render user-provided data on dataset, resource, organization or group pages (plus any page provided by an extension that used that helper function), leading to a potential XSS vector. This vulnerability has been fixed in CKAN 2.10.9 and 2.11.4. | ||||
| CVE-2024-2257 | 2026-04-15 | 9.1 Critical | ||
| This vulnerability exists in Digisol Router (DG-GR1321: Hardware version 3.7L; Firmware version : v3.2.02) due to improper implementation of password policies. An attacker with physical access could exploit this by creating password that do not adhere to the defined security standards/policy on the vulnerable system. Successful exploitation of this vulnerability could allow the attacker to expose the router to potential security threats. | ||||