Export limit exceeded: 350419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 350419 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350419 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28325 | 1 Asus | 1 Rt-n12\+ B1 | 2026-04-15 | 6.1 Medium |
| Asus RT-N12+ B1 router stores credentials in cleartext, which could allow local attackers to obtain unauthorized access and modify router settings. | ||||
| CVE-2025-62356 | 1 Qodo | 1 Gen Ide | 2026-04-15 | 7.5 High |
| A path traversal vulnerability in all versions of the Qodo Qodo Gen IDE enables a threat actor to read arbitrary local files in and outside of current projects on an end user’s system. The vulnerability can be reached directly and through indirect prompt injection. | ||||
| CVE-2024-2835 | 2026-04-15 | 8.7 High | ||
| A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText ArcSight Enterprise Security Manager and ArcSight Platform. The vulnerability could be remotely exploited. | ||||
| CVE-2025-5681 | 2026-04-15 | 6.5 Medium | ||
| Authorization Bypass Through User-Controlled Key vulnerability in Turtek Software Eyotek allows Exploitation of Trusted Identifiers.This issue affects Eyotek: before 23.06.2025. | ||||
| CVE-2024-28389 | 2026-04-15 | 9.8 Critical | ||
| SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method. | ||||
| CVE-2024-28394 | 1 Advancedplugins | 1 Reportsstatistics | 2026-04-15 | 9.8 Critical |
| An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. | ||||
| CVE-2025-5484 | 2026-04-15 | 8.3 High | ||
| A username and password are required to authenticate to the central SinoTrack device management interface. The username for all devices is an identifier printed on the receiver. The default password is well-known and common to all devices. Modification of the default password is not enforced during device setup. A malicious actor can retrieve device identifiers with either physical access or by capturing identifiers from pictures of the devices posted on publicly accessible websites such as eBay. | ||||
| CVE-2024-28436 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in D-Link DAP products DAP-2230, DAP-2310, DAP-2330, DAP-2360, DAP-2553, DAP-2590, DAP-2690, DAP-2695, DAP-3520, DAP-3662 allows a remote attacker to execute arbitrary code via the reload parameter in the session_login.php component. | ||||
| CVE-2025-5485 | 2026-04-15 | 8.6 High | ||
| User names used to access the web management interface are limited to the device identifier, which is a numerical identifier no more than 10 digits. A malicious actor can enumerate potential targets by incrementing or decrementing from known identifiers or through enumerating random digit sequences. | ||||
| CVE-2024-28519 | 1 Microworld Technologies | 1 Escan Anti-virus | 2026-04-15 | 7.8 High |
| A kernel handle leak issue in ProcObsrvesx.sys 4.0.0.49 in MicroWorld Technologies Inc eScan Antivirus could allow privilege escalation for low-privileged users. | ||||
| CVE-2024-28520 | 2026-04-15 | 6.5 Medium | ||
| File Upload vulnerability in Byzoro Networks Smart multi-service security gateway intelligent management platform version S210, allows an attacker to obtain sensitive information via the uploadfile.php component. | ||||
| CVE-2024-28627 | 1 Flipsnack | 1 Flipsnack | 2026-04-15 | 7.5 High |
| An issue in Flipsnack v.18/03/2024 allows a local attacker to obtain sensitive information via the reader.gz.js file. | ||||
| CVE-2024-28699 | 1 Json | 1 Pdf2json | 2026-04-15 | 7.8 High |
| A buffer overflow vulnerability in pdf2json v0.70 allows a local attacker to execute arbitrary code via the GString::copy() and ImgOutputDev::ImgOutputDev function. | ||||
| CVE-2024-56316 | 2026-04-15 | 7.5 High | ||
| In AXESS ACS (Auto Configuration Server) through 5.2.0, unsanitized user input in the TR069 API allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069 requests on TCP port 9675 or 7547. Rebooting does not resolve the permanent Denial of Service. | ||||
| CVE-2024-28717 | 1 Openstack | 1 Storlets | 2026-04-15 | 4.9 Medium |
| An issue in OpenStack Storlets yoga-eom allows a remote attacker to execute arbitrary code via the gateway.py component. | ||||
| CVE-2024-28726 | 1 Dlink | 1 Dwr-2000m Firmware | 2026-04-15 | 8 High |
| An issue in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to execute arbitrary code via a crafted payload to the Diagnostics function. | ||||
| CVE-2024-28728 | 1 Dlink | 1 Dwr-2000m | 2026-04-15 | 6.6 Medium |
| Cross Site Scripting vulnerability in DLink DWR 2000M 5G CPE With Wifi 6 Ax1800 and Dlink DWR 5G CPE DWR-2000M_1.34ME allows a local attacker to obtain sensitive information via a crafted payload to the WiFi SSID Name field. | ||||
| CVE-2024-28736 | 1 Debezium Community Project | 1 Debezium-ui | 2026-04-15 | 7.1 High |
| An issue in Debezium Community debezium-ui v.2.5 allows a local attacker to execute arbitrary code via the refresh page function. | ||||
| CVE-2024-28744 | 1 Furunosystems | 2 Acera 9010-08 Firmware, Acera 9010-24 Firmware | 2026-04-15 | 8.8 High |
| The password is empty in the initial configuration of ACERA 9010-08 firmware v02.04 and earlier, and ACERA 9010-24 firmware v02.04 and earlier. An unauthenticated attacker may log in to the product with no password, and obtain and/or alter information such as network configuration and user information. The products are affected only when running in non MS mode with the initial configuration. | ||||
| CVE-2024-28745 | 2026-04-15 | 3.3 Low | ||
| Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. | ||||