Export limit exceeded: 80898 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (80898 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-9508 | 2026-04-15 | 7.8 High | ||
| Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. | ||||
| CVE-2025-52890 | 2026-04-15 | 8.1 High | ||
| Incus is a system container and virtual machine manager. When using an ACL on a device connected to a bridge, Incus versions 6.12 and 6.13generates nftables rules that partially bypass security options `security.mac_filtering`, `security.ipv4_filtering` and `security.ipv6_filtering`. This can lead to ARP spoofing on the bridge and to fully spoof another VM/container on the same bridge. Commit 254dfd2483ab8de39b47c2258b7f1cf0759231c8 contains a patch for the issue. | ||||
| CVE-2020-37045 | 1 Veritas | 2 Netbackup, Netbackup Firmware | 2026-04-15 | 7.8 High |
| Veritas NetBackup 7.0 contains an unquoted service path vulnerability in the NetBackup INET Daemon service that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files\Veritas\NetBackup\bin\bpinetd.exe to inject malicious code that would execute with elevated LocalSystem privileges. | ||||
| CVE-2024-24844 | 2 Ideabox, Wordpress | 2 Powerpack Pro For Elementor, Wordpress | 2026-04-15 | 7.5 High |
| Missing Authorization vulnerability in IdeaBox Creations PowerPack Pro for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PowerPack Pro for Elementor: from n/a through 2.10.6. | ||||
| CVE-2021-26383 | 1 Amd | 9 Instinct Mi210, Instinct Mi250, Radeon Pro V520 and 6 more | 2026-04-15 | 7.9 High |
| Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability. | ||||
| CVE-2024-10633 | 2026-04-15 | 7.3 High | ||
| The Quiz Maker Business, Developer, and Agency plugins for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.8.0 (Business), up to, and including, 21.8.0 (Developer), and up to, and including, 31.8.0 (Agency). This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-24791 | 2 Go Standard Library, Redhat | 20 Net\/http, Amq Streams, Ceph Storage and 17 more | 2026-04-15 | 7.5 High |
| The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an "Expect: 100-continue" header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state, where the next request sent on the connection will fail. An attacker sending a request to a net/http/httputil.ReverseProxy proxy can exploit this mishandling to cause a denial of service by sending "Expect: 100-continue" requests which elicit a non-informational response from the backend. Each such request leaves the proxy with an invalid connection, and causes one subsequent request using that connection to fail. | ||||
| CVE-2024-42845 | 1 Invesalius | 1 Invesalius | 2026-04-15 | 8 High |
| An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. | ||||
| CVE-2023-31343 | 2026-04-15 | 7.5 High | ||
| Improper input validation in the SMM handler may allow a privileged attacker to overwrite SMRAM, potentially leading to arbitrary code execution. | ||||
| CVE-2023-53691 | 1 Hikvision | 1 Isecure Center | 2026-04-15 | 8.3 High |
| Hikvision CSMP (Comprehensive Security Management Platform) iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025. | ||||
| CVE-2025-25333 | 2026-04-15 | 7.5 High | ||
| An issue in IKEA CN iOS 4.13.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-46933 | 2026-04-15 | 7.7 High | ||
| An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access. | ||||
| CVE-2024-4762 | 1 Lenovo | 2 Accessories And Display Manager, Display Control Center | 2026-04-15 | 7.8 High |
| An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | ||||
| CVE-2024-43271 | 1 Themelocation | 1 Widgets For Woocommerce Products On Elementor | 2026-04-15 | 8.5 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Themelocation Woo Products Widgets For Elementor allows PHP Local File Inclusion.This issue affects Woo Products Widgets For Elementor: from n/a through 2.0.0. | ||||
| CVE-2024-48080 | 1 Aedes Project | 1 Aedes | 2026-04-15 | 7.5 High |
| An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. NOTE: the Supplier indicates that exploitation cannot occur because of the protection mechanism in the validateTopic function in lib/utils.js. | ||||
| CVE-2024-11618 | 1 Ipc | 1 Unigy Management System | 2026-04-15 | 7.3 High |
| A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-11643 | 1 Allaccessible | 1 Accessibility | 2026-04-15 | 8.8 High |
| The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2024-43403 | 1 Kanisterio | 1 Kanister | 2026-04-15 | 8.8 High |
| Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with a ClusterRole called edit via ClusterRoleBinding. The "edit" ClusterRole is one of Kubernetes default-created ClusterRole, and it has the create/patch/udpate verbs of daemonset resources, create verb of serviceaccount/token resources, and impersonate verb of serviceaccounts resources. A malicious user can leverage access the worker node which has this component to make a cluster-level privilege escalation. | ||||
| CVE-2024-11857 | 2026-04-15 | 7.8 High | ||
| Bluetooth HCI Adaptor from Realtek has a Link Following vulnerability. Local attackers with regular privileges can create a symbolic link with the same name as a specific file, causing the product to delete arbitrary files pointed to by the link. Subsequently, attackers can leverage arbitrary file deletion to privilege escalation. | ||||
| CVE-2024-7134 | 1 Liquidpoll | 1 Liquidpoll | 2026-04-15 | 7.2 High |
| The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘form_data’ parameter in all versions up to, and including, 3.3.78 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||