Export limit exceeded: 346754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346754 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346754 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23793 | 1 Otrs | 2 Otrs, Otrs Community Edition | 2026-04-15 | 6.3 Medium |
| The file upload feature in OTRS and ((OTRS)) Community Edition has a path traversal vulnerability. This issue permits authenticated agents or customer users to upload potentially harmful files to directories accessible by the web server, potentially leading to the execution of local code like Perl scripts. This issue affects OTRS: from 7.0.X through 7.0.49, 8.0.X, 2023.X, from 2024.X through 2024.3.2; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2024-23912 | 2026-04-15 | 4 Medium | ||
| Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_File() function is used to read a malformed DICOM data, it might result in over-reading memory buffer and could cause memory access violation. | ||||
| CVE-2024-23919 | 2026-04-15 | 5.3 Medium | ||
| Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23984 | 2026-04-15 | 5.3 Medium | ||
| Observable discrepancy in RAPL interface for some Intel(R) Processors may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-23980 | 2026-04-15 | 7.5 High | ||
| Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-23995 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting (XSS) in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container. | ||||
| CVE-2024-24042 | 1 Devan-kerman | 1 Arrp | 2026-04-15 | 8.8 High |
| Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. | ||||
| CVE-2024-24043 | 1 Speedy11cz | 1 Mcrpx | 2026-04-15 | 5.5 Medium |
| Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. | ||||
| CVE-2024-24230 | 1 Komm.one | 1 Cms | 2026-04-15 | 7.5 High |
| Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command. | ||||
| CVE-2024-24294 | 1 Blackprint | 1 Blackprint Engine | 2026-04-15 | 9.8 Critical |
| A Prototype Pollution issue in Blackprint @blackprint/engine v.0.9.0 allows an attacker to execute arbitrary code via the _utils.setDeepProperty function of engine.min.js. | ||||
| CVE-2024-24312 | 2026-04-15 | 7.5 High | ||
| SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. | ||||
| CVE-2024-2435 | 2026-04-15 | 4.3 Medium | ||
| For an attacker with pre-existing access to send a signal to a workflow, the attacker can make the signal name a script that executes when a victim views that signal. The XSS is in the timeline page displaying the workflow execution details of the workflow that was sent the crafted signal. Access to send a signal to a workflow is determined by how you configured the authorizer on your server. This includes any entity with permission to directly call SignalWorkflowExecution or SignalWithStartWorkflowExecution, or any entity can deploy a worker that has access to call workflow progress APIs (specifically RespondWorkflowTaskCompleted). | ||||
| CVE-2024-2442 | 2026-04-15 | 7.5 High | ||
| Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system. | ||||
| CVE-2024-24442 | 2026-04-15 | 7.5 High | ||
| A NULL pointer dereference in the ngap_app::handle_receive routine of OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted NGAP message. | ||||
| CVE-2024-24444 | 2026-04-15 | 7.5 High | ||
| Improper file descriptor handling for closed connections in OpenAirInterface CN5G AMF (oai-cn5g-amf) up to v2.0.0 allows attackers to cause a Denial of Service (DoS) by repeatedly establishing SCTP connections with the N2 interface. | ||||
| CVE-2024-24446 | 1 Openairinterface | 1 Cn5g Amf | 2026-04-15 | 6.5 Medium |
| An uninitialized pointer dereference in OpenAirInterface CN5G AMF up to v2.0.0 allows attackers to cause a Denial of Service (DoS) via a crafted InitialContextSetupResponse message sent to the AMF. | ||||
| CVE-2024-24453 | 2026-04-15 | 5.9 Medium | ||
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | ||||
| CVE-2024-24450 | 2026-04-15 | 5.3 Medium | ||
| Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. | ||||
| CVE-2024-2453 | 1 Advantech | 1 Webaccess/scada | 2026-04-15 | 6.4 Medium |
| There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. | ||||
| CVE-2025-54461 | 1 Neojapan | 1 Chatluck | 2026-04-15 | N/A |
| ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user. | ||||