Export limit exceeded: 81249 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81249 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-12471 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | ||||
| CVE-2024-4438 | 1 Redhat | 1 Openstack | 2026-04-15 | 7.5 High |
| The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead. | ||||
| CVE-2024-44413 | 1 Dlink | 1 Di-8200 Firmware | 2026-04-15 | 8.8 High |
| A vulnerability was discovered in DI_8200-16.07.26A1, which has been classified as critical. This issue affects the upgrade_filter_asp function in the upgrade_filter.asp file. Manipulation of the path parameter can lead to command injection. | ||||
| CVE-2024-12511 | 2026-04-15 | 7.6 High | ||
| With address book access, SMB/FTP settings could be modified, redirecting scans and possibly capturing credentials. This requires enabled scan functions and printer access. | ||||
| CVE-2024-8175 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | ||||
| CVE-2024-45240 | 1 Tiktok | 1 Tiktok | 2026-04-15 | 7.4 High |
| The TikTok (aka com.zhiliaoapp.musically) application before 34.5.5 for Android allows the takeover of Lynxview JavaScript interfaces via deeplink traversal (in the application's exposed WebView). (On Android 12 and later, this is only exploitable by third-party applications.) | ||||
| CVE-2024-12742 | 1 Ni | 1 G Web Development Software | 2026-04-15 | 7.8 High |
| A deserialization of untrusted data vulnerability exists in NI G Web Development Software that may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects G Web Development Software 2022 Q3 and prior versions. | ||||
| CVE-2024-12757 | 2026-04-15 | 8.6 High | ||
| Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | ||||
| CVE-2024-45242 | 1 Engeniustech | 1 Enh1350ext Firmware | 2026-04-15 | 7.8 High |
| EnGenius ENH1350EXT A8J-ENH1350EXT devices through 3.9.3.2_c1.9.51 allow (blind) OS Command Injection via shell metacharacters to the Ping or Speed Test utility. During the time of initial setup, the device creates an open unsecured network whose admin panel is configured with the default credentials of admin/admin. An unauthorized attacker in proximity to the Wi-Fi network can exploit this window of time to execute arbitrary OS commands with root-level permissions. | ||||
| CVE-2024-45246 | 1 Dieboldnixdorf | 1 Vynamic View | 2026-04-15 | 7.3 High |
| Diebold Nixdorf – CWE-427: Uncontrolled Search Path Element | ||||
| CVE-2024-45248 | 1 Multi-dnc | 1 Multi-dnc | 2026-04-15 | 7.5 High |
| Multi-DNC – CWE-35: Path Traversal: '.../...//' | ||||
| CVE-2024-45253 | 1 Avigilon | 1 Videolq Icvr Hd Camera | 2026-04-15 | 7.5 High |
| Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-8278 | 1 Lenovo | 139 Thinkagile Hx1021 Edge Certified Node 3yr Firmware, Thinkagile Hx1320 Firmware, Thinkagile Hx1321 Firmware and 136 more | 2026-04-15 | 7.2 High |
| A privilege escalation vulnerability was discovered in XCC that could allow a valid, authenticated XCC user with elevated privileges to perform command injection via specially crafted IPMI commands. | ||||
| CVE-2024-12838 | 2026-04-15 | 8.8 High | ||
| The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. | ||||
| CVE-2024-12839 | 2026-04-15 | 8.8 High | ||
| The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device. | ||||
| CVE-2024-12848 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | ||||
| CVE-2024-45289 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 7.5 High |
| The fetch(3) library uses environment variables for passing certain information, including the revocation file pathname. The environment variable name used by fetch(1) to pass the filename to the library was incorrect, in effect ignoring the option. Fetch would still connect to a host presenting a certificate included in the revocation file passed to the --crl option. | ||||
| CVE-2025-49963 | 2 Growniche, Wordpress | 2 Simple Stripe Checkout, Wordpress | 2026-04-15 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in growniche Simple Stripe Checkout simple-stripe-checkout allows Reflected XSS.This issue affects Simple Stripe Checkout: from n/a through <= 1.1.28. | ||||
| CVE-2024-12859 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 8.8 High |
| The BoomBox Theme Extensions plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.8.0 via the 'boombox_listing' shortcode 'type' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php file type can be uploaded and included. | ||||
| CVE-2025-5260 | 2026-04-15 | 8.6 High | ||
| Server-Side Request Forgery (SSRF) vulnerability in Pik Online Yazılım Çözümleri A.Ş. Pik Online allows Server Side Request Forgery.This issue affects Pik Online: before 3.1.5. | ||||