Export limit exceeded: 347839 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347839 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36442 | 2026-04-15 | 8.8 High | ||
| cgi-bin/fdmcgiwebv2.cgi on Swissphone DiCal-RED 4009 devices allows an authenticated attacker to gain access to arbitrary files on the device's file system. | ||||
| CVE-2024-36443 | 2026-04-15 | 7.6 High | ||
| Swissphone DiCal-RED 4009 devices allow a remote attacker to gain read access to almost the whole file system via anonymous FTP. | ||||
| CVE-2024-36458 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions. | ||||
| CVE-2024-36455 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request. | ||||
| CVE-2024-36456 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file. | ||||
| CVE-2024-36457 | 1 Broadcom | 1 Symantec Privileged Access Management | 2026-04-15 | N/A |
| The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint. | ||||
| CVE-2024-36677 | 2026-04-15 | 7.5 High | ||
| In the module "Login as customer PRO" (loginascustomerpro) <1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen. | ||||
| CVE-2024-9111 | 2 Pickplugins, Wordpress | 2 Product Designer, Wordpress | 2026-04-15 | 6.4 Medium |
| The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.36 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | ||||
| CVE-2024-36495 | 1 Faronics | 1 Winselect | 2026-04-15 | 7.7 High |
| The application Faronics WINSelect (Standard + Enterprise) saves its configuration in an encrypted file on the file system which "Everyone" has read and write access to, path to file: C:\ProgramData\WINSelect\WINSelect.wsd The path for the affected WINSelect Enterprise configuration file is: C:\ProgramData\Faronics\StorageSpace\WS\WINSelect.wsd | ||||
| CVE-2024-36532 | 1 Openkruise | 1 Kruise | 2026-04-15 | 10 Critical |
| Insecure permissions in kruise v1.6.2 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. | ||||
| CVE-2024-36558 | 2026-04-15 | 7.5 High | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h suffers from Cleartext Transmission of Sensitive Information due to lack of encryption in device-server communication. | ||||
| CVE-2024-36554 | 2026-04-15 | 9.8 Critical | ||
| Forever KidsWatch Call Me KW-50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allow a malicious user to gain information about the device by sending an SMS to the device which returns sensitive information. | ||||
| CVE-2024-36555 | 2026-04-15 | 9.8 Critical | ||
| Built-in SMS-configuration command in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW-60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b allows malicious users to change the device IMEI-number which allows for forging the identity of the device. | ||||
| CVE-2024-36556 | 2026-04-15 | 9.1 Critical | ||
| Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h, and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b have a Hardcoded password vulnerability. | ||||
| CVE-2024-36557 | 2026-04-15 | 6.6 Medium | ||
| The device ID is based on IMEI in Forever KidsWatch Call Me KW50 R36_YDR_A3PW_GM7S_V1.0_2019_07_15_16.19.24_cob_h and Forever KidsWatch Call Me 2 KW60 R36CW_YDE_S4_A29_2_V1.0_2023.05.24_22.49.44_cob_b. If a malicious user changes the IMEI to the IMEI of a unit they registered in the mobile app, it is possible to hijack the device and control it from the app. | ||||
| CVE-2024-3656 | 1 Redhat | 3 Build Keycloak, Jboss Enterprise Application Platform, Red Hat Single Sign On | 2026-04-15 | 8.1 High |
| A flaw was found in Keycloak. Certain endpoints in Keycloak's admin REST API allow low-privilege users to access administrative functionalities. This flaw allows users to perform actions reserved for administrators, potentially leading to data breaches or system compromise. | ||||
| CVE-2024-36573 | 1 Almela | 1 Obx | 2026-04-15 | 9.8 Critical |
| almela obx before v.0.0.4 has a Prototype Pollution issue which allows arbitrary code execution via the obx/build/index.js:656), reduce (@almela/obx/build/index.js:470), Object.set (obx/build/index.js:269) component. | ||||
| CVE-2024-36574 | 1 Amirziai | 1 Flatten Json | 2026-04-15 | 6.3 Medium |
| A Prototype Pollution issue in flatten-json 1.0.1 allows an attacker to execute arbitrary code via module.exports.unflattenJSON (flatten-json/index.js:42) | ||||
| CVE-2024-36577 | 1 Apphp | 1 Apphp Js-object-resolver | 2026-04-15 | 8.3 High |
| apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty. | ||||
| CVE-2024-36578 | 1 Akbr | 1 Update | 2026-04-15 | 5.9 Medium |
| akbr update 1.0.0 is vulnerable to Prototype Pollution via update/index.js. | ||||