Export limit exceeded: 347228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347228 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347228 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47464 | 2026-04-15 | 6.8 Medium | ||
| An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote unauthorized access to files. | ||||
| CVE-2024-47463 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 7.2 High |
| An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution (RCE) on the underlying operating system. | ||||
| CVE-2025-6893 | 1 Moxa | 7 Edf-g1002-bp, Edr-8010, Edr-g9010 and 4 more | 2026-04-15 | N/A |
| An Execution with Unnecessary Privileges vulnerability has been identified in Moxa’s network security appliances and routers. A flaw in broken access control has been identified in the /api/v1/setting/data endpoint of the affected device. This flaw allows a low-privileged authenticated user to call the API without the required permissions, thereby gaining the ability to access or modify system configuration data. Successful exploitation may lead to privilege escalation, allowing the attacker to access or modify sensitive system settings. While the overall impact is high, there is no loss of confidentiality or integrity within any subsequent systems. | ||||
| CVE-2024-4441 | 2026-04-15 | 8.1 High | ||
| The XML Sitemap & Google News plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.8 via the 'feed' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-44414 | 1 Wayos | 1 Fbm 292w Firmware | 2026-04-15 | 8.8 High |
| A vulnerability was discovered in FBM_292W-21.03.10V, which has been classified as critical. This issue affects the sub_4901E0 function in the msp_info.htm file. Manipulation of the path parameter can lead to command injection. | ||||
| CVE-2024-44415 | 1 Dlink | 1 Di-8200 Firmware | 2026-04-15 | 6.5 Medium |
| A vulnerability was discovered in DI_8200-16.07.26A1, There is a buffer overflow in the dbsrv_asp function; The strcpy function is executed without checking the length of the string, leading to a buffer overflow. | ||||
| CVE-2024-44439 | 1 Shanghai Zhouma Network Technology Co | 1 Intelligent Manufacturing Collaborative Internet Of Things | 2026-04-15 | 5.9 Medium |
| An issue in Shanghai Zhouma Network Technology CO., Ltd IMS Intelligent Manufacturing Collaborative Internet of Things System v.1.9.1 allows a remote attacker to escalate privileges via the open port. | ||||
| CVE-2024-44449 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Quorum onQ OS v.6.0.0.5.2064 allows a remote attacker to obtain sensitive information via the msg parameter in the Login page. | ||||
| CVE-2024-44450 | 2026-04-15 | 5.4 Medium | ||
| Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. | ||||
| CVE-2024-4446 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Content Views – Post Grid & Filter, Recent Posts, Category Posts, & More (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘pagingType’ parameter in all versions up to, and including, 3.7.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-44540 | 1 Ubiquiti | 1 Airmax Firmware | 2026-04-15 | 6.6 Medium |
| Ubiquiti AirMax firmware version firmware version 8 allows attackers with physical access to gain a privileged command shell via the UART Debugging Port. | ||||
| CVE-2024-44541 | 1 Evilnapsis | 1 Inventio-lite | 2026-04-15 | 9.8 Critical |
| evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin." | ||||
| CVE-2024-4461 | 2026-04-15 | 7.8 High | ||
| Unquoted path or search item vulnerability in SugarSync versions prior to 4.1.3 for Windows. This misconfiguration could allow an unauthorized local user to inject arbitrary code into the unquoted service path, resulting in privilege escalation. | ||||
| CVE-2024-4462 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.4 Medium |
| The Nafeza Prayer Time plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-4466 | 2026-04-15 | 9.8 Critical | ||
| SQL injection vulnerability in Gescen on the centrosdigitales.net platform. This vulnerability allows an attacker to send a specially crafted SQL query to the pass parameter and retrieve all the data stored in the database. | ||||
| CVE-2024-44667 | 1 Shenzhen Haichangxing Technology | 1 Hcx H822 Firmware | 2026-04-15 | 8 High |
| Shenzhen Haichangxing Technology Co., Ltd HCX H822 4G LTE Router M7628NNxISPxUIv2_v1.0.1557.15.35_P0 is vulnerable to Incorrect Access Control. Unauthenticated factory mode reset and command injection leads to information exposure and root shell access. | ||||
| CVE-2024-44678 | 1 Gigastone | 1 Travel Router R101 Firmware | 2026-04-15 | 8 High |
| Gigastone TR1 Travel Router R101 v1.0.2 is vulnerable to Command Injection. This allows an authenticated attacker to execute arbitrary commands on the device by sending a crafted HTTP request to the ssid parameter in the request. | ||||
| CVE-2024-44771 | 2026-04-15 | 6.1 Medium | ||
| BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. | ||||
| CVE-2024-44786 | 1 Meabillis Cms | 1 Meabillis Cms | 2026-04-15 | 7.5 High |
| Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | ||||
| CVE-2024-44807 | 1 D-zero | 2 Burgereditor, Burgereditor Limited Edition | 2026-04-15 | 5.3 Medium |
| A directory listing issue in the baserCMS plugin in D-ZERO CO., LTD. BurgerEditor and BurgerEditor Limited Edition before 2.25.1 allows remote attackers to obtain sensitive information by exposing a list of the uploaded files. | ||||