Export limit exceeded: 346758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24453 | 2026-04-15 | 5.9 Medium | ||
| An invalid memory access when handling the ProtocolIE_ID field of E-RAB NotToBeModifiedBearerModInd information element in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload. | ||||
| CVE-2024-24450 | 2026-04-15 | 5.3 Medium | ||
| Stack-based memcpy buffer overflow in the ngap_handle_pdu_session_resource_setup_response routine in OpenAirInterface CN5G AMF <= 2.0.0 allows a remote attacker with access to the N2 interface to carry out denial of service against the AMF and potentially execute code by sending a PDU Session Resource Setup Response with a suffciently large FailedToSetupList IE. | ||||
| CVE-2024-2453 | 1 Advantech | 1 Webaccess/scada | 2026-04-15 | 6.4 Medium |
| There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. | ||||
| CVE-2025-54461 | 1 Neojapan | 1 Chatluck | 2026-04-15 | N/A |
| ChatLuck contains an insufficient granularity of access control vulnerability in Invitation of Guest Users. If exploited, an uninvited guest user may register itself as a guest user. | ||||
| CVE-2024-24582 | 1 Redhat | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2026-04-15 | 7.5 High |
| Improper input validation in XmlCli feature for UEFI firmware for some Intel(R) processors may allow privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2462 | 2026-04-15 | N/A | ||
| Allow attackers to intercept or falsify data exchanges between the client and the server | ||||
| CVE-2024-2467 | 1 Redhat | 2 Enterprise Linux, Openssl | 2026-04-15 | 5.9 Medium |
| A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. | ||||
| CVE-2024-24710 | 2 Slickremix, Wordpress | 2 Feed Them Social, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in SlickRemix Feed Them Social.This issue affects Feed Them Social: from n/a through 4.2.0. | ||||
| CVE-2024-24711 | 1 Wedevs | 1 Woocommerce Conversion Tracking | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. | ||||
| CVE-2024-24715 | 2026-04-15 | 6.5 Medium | ||
| Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0. | ||||
| CVE-2024-2474 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-24787 | 1 Golang | 1 Go | 2026-04-15 | 6.4 Medium |
| On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the -lto_library flag in a "#cgo LDFLAGS" directive. | ||||
| CVE-2024-24792 | 2026-04-15 | 7.5 High | ||
| Parsing a corrupt or malicious image with invalid color indices can cause a panic. | ||||
| CVE-2024-24805 | 2 Deepak Anand, Wordpress | 2 Wp Dummy Content Generator, Wordpress | 2026-04-15 | 4.3 Medium |
| Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. | ||||
| CVE-2025-54471 | 1 Suse | 1 Neuvector | 2026-04-15 | 6.5 Medium |
| NeuVector used a hard-coded cryptographic key embedded in the source code. At compilation time, the key value was replaced with the secret key value and used to encrypt sensitive configurations when NeuVector stores the data. | ||||
| CVE-2024-24856 | 2026-04-15 | 5.3 Medium | ||
| The memory allocation function ACPI_ALLOCATE_ZEROED does not guarantee a successful allocation, but the subsequent code directly dereferences the pointer that receives it, which may lead to null pointer dereference. To fix this issue, a null pointer check should be added. If it is null, return exception code AE_NO_MEMORY. | ||||
| CVE-2024-32468 | 2026-04-15 | 5.4 Medium | ||
| Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages. | ||||
| CVE-2024-24890 | 2026-04-15 | 7.8 High | ||
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. | ||||
| CVE-2024-24970 | 2026-04-15 | 6.5 Medium | ||
| Potential vulnerabilities have been identified in the HP Display Control software component within the HP Application Enabling Software Driver which might allow escalation of privilege. | ||||
| CVE-2025-54317 | 1 Logpoint | 1 Logpoint | 2026-04-15 | 8.4 High |
| An issue was discovered in Logpoint before 7.6.0. An attacker with operator privileges can exploit a path traversal vulnerability when creating a Layout Template, which can lead to remote code execution (RCE). | ||||