Export limit exceeded: 348174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348174 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348174 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-53187 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 9.8 Critical |
| Due to an issue in configuration, code that was intended for debugging purposes was included in the market release of the ASPECT FW allowing an attacker to bypass authentication. This vulnerability may allow an attacker to change the system time, access files, and make function calls without prior authentication. This issue affects all versions of ASPECT prior to 3.08.04-s01 | ||||
| CVE-2024-29651 | 1 Apidevtools | 1 Json-schema-ref-parser | 2026-04-15 | 8.1 High |
| A Prototype Pollution issue in API Dev Tools json-schema-ref-parser v.11.0.0 and v.11.1.0 allows a remote attacker to execute arbitrary code via the bundle()`, `parse()`, `resolve()`, `dereference() functions. | ||||
| CVE-2024-29666 | 2026-04-15 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. | ||||
| CVE-2024-6550 | 1 Nikunj | 1 Gravity Forms Multiple Form Instances | 2026-04-15 | 5.3 Medium |
| The Gravity Forms: Multiple Form Instances plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.1. This is due to the plugin leaving test files with display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2024-29667 | 1 Tongtianxing Technology Co Ltd | 1 Cmsv6 | 2026-04-15 | 9.8 Critical |
| SQL Injection vulnerability in Tongtianxing Technology Co., Ltd CMSV6 v.7.31.0.2 through v.7.31.0.3 allows a remote attacker to escalate privileges and obtain sensitive information via the ids parameter. | ||||
| CVE-2025-0606 | 1 Logo Software | 1 Logo Cloud | 2026-04-15 | 6 Medium |
| Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.This issue affects Logo Cloud: before 0.67. | ||||
| CVE-2024-29732 | 2026-04-15 | 9.8 Critical | ||
| A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter. | ||||
| CVE-2024-29734 | 1 Fujidenolo Solutions Co Ltd. | 1 Sonicdicom Media Viewer | 2026-04-15 | 7.8 High |
| Uncontrolled search path element issue exists in SonicDICOM Media Viewer 2.3.2 and earlier, which may lead to insecurely loading Dynamic Link Libraries. As a result, arbitrary code may be executed with the privileges of the running application. | ||||
| CVE-2025-0607 | 1 Logo Software | 1 Logo Cloud | 2026-04-15 | 4.3 Medium |
| Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57. | ||||
| CVE-2024-6570 | 2 Codeat, Wordpress | 2 Glossary, Wordpress | 2026-04-15 | 5.3 Medium |
| The Glossary plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.2.26. This is due the plugin utilizing wpdesk and not preventing direct access to the test files along with display_errors being enabled. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | ||||
| CVE-2025-0608 | 1 Logo Software | 1 Logo Cloud | 2026-04-15 | 5.5 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6. | ||||
| CVE-2024-29947 | 2026-04-15 | 2.7 Low | ||
| There is a NULL dereference pointer vulnerability in some Hikvision NVRs. Due to an insufficient validation of a parameter in a message, an attacker may send specially crafted messages to an affected product, causing a process abnormality. | ||||
| CVE-2024-29948 | 2026-04-15 | 3.8 Low | ||
| There is an out-of-bounds read vulnerability in some Hikvision NVRs. An authenticated attacker could exploit this vulnerability by sending specially crafted messages to a vulnerable device, causing a service abnormality. | ||||
| CVE-2024-29970 | 2026-04-15 | 9.8 Critical | ||
| Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. | ||||
| CVE-2020-12491 | 2026-04-15 | N/A | ||
| Improper control of framework service permissions with possibility of some sensitive device information leakage. | ||||
| CVE-2024-30120 | 1 Hcl Software | 1 Dryice Optibot Reset Station | 2026-04-15 | 2.9 Low |
| HCL DRYiCE Optibot Reset Station is impacted by an Unused Parameter in the web application. | ||||
| CVE-2024-3016 | 2026-04-15 | 9.1 Critical | ||
| NEC Platforms DT900 and DT900S Series 5.0.0.0 – v5.3.4.4, v5.4.0.0 – v5.6.0.20 allows an attacker to access a non-documented the system settings to change settings via local network with unauthenticated user. | ||||
| CVE-2024-27901 | 2026-04-15 | 7.2 High | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2023-20516 | 1 Amd | 7 Instinct Mi210, Instinct Mi250, Radeon and 4 more | 2026-04-15 | 3.3 Low |
| Improper handling of insufficiency privileges in the ASP could allow a privileged attacker to modify Translation Map Registers (TMRs) potentially resulting in loss of confidentiality or integrity. | ||||
| CVE-2025-62181 | 1 Pegasystems | 1 Pega Infinity | 2026-04-15 | 5.3 Medium |
| Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated basic-authentication feature and other more secure authentication mechanisms are recommended. A fix is being provided in the 24.1.4, 24.2.4, and 25.1.1 patch releases. Please note: Basic credentials authentication service type is deprecated started in 24.2 version: https://docs.pega.com/bundle/platform/page/platform/release-notes/security/whats-new-security-242.html. | ||||