Export limit exceeded: 346993 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346993 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23605 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-40254 | 1 Freerdp | 1 Freerdp | 2026-04-27 | 4.2 Medium |
| FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by-one in the path traversal filter in `channels/drive/client/drive_file.c`. The `contains_dotdot()` function catches `../` and `..\` mid-path but misses `..` when it's the last component with no trailing separator. A rogue RDP server can read, list, or write files one directory above the client's shared folder through RDPDR requests. This requires the victim to connect with drive redirection enabled. Version 3.25.0 patches the issue. | ||||
| CVE-2025-62889 | 3 Elementor, Kingaddons, Wordpress | 3 Elementor, King Addons For Elementor, Wordpress | 2026-04-27 | 6.5 Medium |
| Missing Authorization vulnerability in KingAddons.com King Addons for Elementor king-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects King Addons for Elementor: from n/a through <= 51.1.61. | ||||
| CVE-2024-21836 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-62890 | 2 Premmerce, Wordpress | 2 Brands For Woocommerce, Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Premmerce Premmerce Brands for WooCommerce premmerce-woocommerce-brands allows Cross Site Request Forgery.This issue affects Premmerce Brands for WooCommerce: from n/a through <= 1.2.13. | ||||
| CVE-2024-21802 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-4157 | 1 Chargepoint | 3 Home Flex, Home Flex Cph50, Home Flex Cph50 Firmware | 2026-04-27 | N/A |
| ChargePoint Home Flex revssh Service Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26338. | ||||
| CVE-2025-62891 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Jory Hogeveen Off-Canvas Sidebars & Menus (Slidebars) off-canvas-sidebars allows Cross Site Request Forgery.This issue affects Off-Canvas Sidebars & Menus (Slidebars): from n/a through <= 0.5.8.5. | ||||
| CVE-2026-4156 | 1 Chargepoint | 3 Home Flex, Home Flex Cph50, Home Flex Cph50 Firmware | 2026-04-27 | N/A |
| ChargePoint Home Flex OCPP getpreq Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of ChargePoint Home Flex EV chargers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of OCPP messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-26339. | ||||
| CVE-2026-4155 | 1 Chargepoint | 3 Home Flex, Home Flex Cph50, Home Flex Cph50 Firmware | 2026-04-27 | N/A |
| ChargePoint Home Flex Inclusion of Sensitive Information in Source Code Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the genpw script. The issue results from the inclusion of a secret cryptographic seed value within the script. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-26340. | ||||
| CVE-2025-62892 | 2 Sunshinephotocart, Wordpress | 2 Sunshine Photo Cart, Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Sunshine Photo Cart: from n/a through <= 3.5.3. | ||||
| CVE-2024-23496 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2026-7135 | 1 Gpac | 1 Gpac | 2026-04-27 | 5.3 Medium |
| A security flaw has been discovered in GPAC up to 26.03-DEV-rev105-g8f39a1eb3-master. Affected by this vulnerability is the function elng_box_read of the file src/isomedia/box_code_base.c of the component MP4Box. Performing a manipulation of the argument elng results in out-of-bounds read. The attack needs to be approached locally. The exploit has been released to the public and may be used for attacks. The patch is named cf6ac48c972eaaee2af270adc3f36615325deb3e. The affected component should be upgraded. | ||||
| CVE-2024-21825 | 1 Ggml | 1 Llama.cpp | 2026-04-27 | 8.8 High |
| A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2025-62896 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 7.1 High |
| Cross-Site Request Forgery (CSRF) vulnerability in digitaldonkey Multilang Contact Form multilang-contact-form allows Stored XSS.This issue affects Multilang Contact Form: from n/a through <= 1.5. | ||||
| CVE-2025-62916 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in Travon WP Flights & Hotels Booking WP Plugin adiaha-hotel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flights & Hotels Booking WP Plugin: from n/a through <= 3.1. | ||||
| CVE-2025-62918 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in ignitionwp IgnitionDeck ignitiondeck allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IgnitionDeck: from n/a through <= 2.0.15. | ||||
| CVE-2025-62919 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.4 Medium |
| Missing Authorization vulnerability in themeshopy TS Demo Importer ts-demo-importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TS Demo Importer: from n/a through <= 0.1.3. | ||||
| CVE-2025-62922 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in Shambhu Patnaik Export Categories export-categories allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Export Categories: from n/a through <= 1.0. | ||||
| CVE-2025-67582 | 1 Wordpress | 1 Wordpress | 2026-04-27 | 5.3 Medium |
| Missing Authorization vulnerability in wbcomdesigns Wbcom Designs lock-my-bp allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wbcom Designs: from n/a through <= 2.1.1. | ||||