Export limit exceeded: 347811 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347811 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-39339 | 1 Globalsuzuki | 1 Smartplay Headunit Firmware | 2026-04-15 | 7.5 High |
| A vulnerability has been discovered in all versions of Smartplay headunits, which are widely used in Suzuki and Toyota cars. This misconfiguration can lead to information disclosure, leaking sensitive details such as diagnostic log traces, system logs, headunit passwords, and personally identifiable information (PII). The exposure of such information may have serious implications for user privacy and system integrity. | ||||
| CVE-2024-3928 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Dromara open-capacity-platform 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /actuator/heapdump of the component auth-server. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261367. | ||||
| CVE-2024-39223 | 1 Ginuerzh | 1 Gost | 2026-04-15 | 9.8 Critical |
| An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey | ||||
| CVE-2024-39205 | 1 Pyload-ng Project | 1 Pyload-ng | 2026-04-15 | 9.8 Critical |
| An issue in pyload-ng v0.5.0b3.dev85 running under python3.11 or below allows attackers to execute arbitrary code via a crafted HTTP request. | ||||
| CVE-2024-39207 | 2026-04-15 | 8.2 High | ||
| lua-shmem v1.0-1 was discovered to contain a buffer overflow via the shmem_write function. | ||||
| CVE-2024-39173 | 1 253153 | 1 Calculator-boilerplate | 2026-04-15 | 9.8 Critical |
| calculator-boilerplate v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the eval function at /routes/calculator.js. This vulnerability allows attackers to execute arbitrary code via a crafted payload injected into the input field. | ||||
| CVE-2024-39163 | 2026-04-15 | 8.8 High | ||
| binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. | ||||
| CVE-2024-39162 | 2026-04-15 | 6.1 Medium | ||
| pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2024-39208 | 1 Luciapplucky | 1 Luci-app-lucky | 2026-04-15 | 9.8 Critical |
| luci-app-lucky v2.8.3 was discovered to contain hardcoded credentials. | ||||
| CVE-2024-39132 | 2026-04-15 | 6.5 Medium | ||
| A NULL Pointer Dereference vulnerability in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function VerifyCommandLine() at /src/DumpTS.cpp. | ||||
| CVE-2024-39130 | 1 Wangf1978 | 1 Dumpts | 2026-04-15 | 7.5 High |
| A NULL Pointer Dereference discovered in DumpTS v0.1.0-nightly allows attackers to cause a denial of service via the function DumpOneStream() at /src/DumpStream.cpp. | ||||
| CVE-2024-3912 | 2026-04-15 | 9.8 Critical | ||
| Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the device. | ||||
| CVE-2024-39071 | 1 Fujiankelixun | 1 Command And Dispatch Platform | 2026-04-15 | 9.8 Critical |
| Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. | ||||
| CVE-2024-3904 | 2026-04-15 | 8.8 High | ||
| Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. | ||||
| CVE-2024-38999 | 1 Jrburke | 1 Requirejs | 2026-04-15 | 10 Critical |
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-3687 | 2026-04-15 | 3.5 Low | ||
| A vulnerability was found in bihell Dice 3.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-260474 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-37016 | 1 Mengshen | 1 M70 | 2026-04-15 | 6.8 Medium |
| Mengshen Wireless Door Alarm M70 2024-05-24 allows Authentication Bypass via a Capture-Replay approach. | ||||
| CVE-2024-37017 | 1 Debian | 1 As Dcp Lib | 2026-04-15 | 8.1 High |
| asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in libasdcp.so. | ||||
| CVE-2024-37018 | 1 Linuxfoundation | 1 Opendaylight | 2026-04-15 | 9.1 Critical |
| The OpenDaylight 0.15.3 controller allows topology poisoning via API requests because an application can manipulate the path that is taken by discovery packets. | ||||
| CVE-2024-37019 | 1 Northern.tech | 1 Mender | 2026-04-15 | 9.8 Critical |
| Northern.tech Mender Enterprise before 3.6.4 and 3.7.x before 3.7.4 has Weak Authentication. | ||||