Export limit exceeded: 353908 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 81731 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81731 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33274 | 2026-04-15 | 7.5 High | ||
| Directory Traversal vulnerability in FME Modules customfields v.2.2.7 and before allows a remote attacker to obtain sensitive information via the Custom Checkout Fields, Add Custom Fields to Checkout parameter of the ajax.php | ||||
| CVE-2024-33292 | 1 Realisation | 1 Mgsd | 2026-04-15 | 8.2 High |
| SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. | ||||
| CVE-2024-48797 | 1 Pcs Engineering | 1 Preston Cinema | 2026-04-15 | 7.5 High |
| An issue in PCS Engineering Preston Cinema (com.prestoncinema.app) 0.2.0 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48798 | 1 Hubble Connected | 1 Hubble Connected | 2026-04-15 | 7.5 High |
| An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48799 | 2026-04-15 | 7.5 High | ||
| An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-38658 | 1 Fujielectric | 2 V-server, V-server Lite | 2026-04-15 | 7.8 High |
| There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | ||||
| CVE-2024-48822 | 1 Automatic Systems | 1 Maintenance Slimlane | 2026-04-15 | 8.8 High |
| Privilege escalation in Automatic Systems Maintenance SlimLane 29565_d74ecce0c1081d50546db573a499941b10799fb7 allows a remote attacker to escalate privileges via the FtpConfig.php page. | ||||
| CVE-2024-31502 | 1 Munyweki | 1 Insurance Management System | 2026-04-15 | 8.1 High |
| An issue in Insurance Management System v.1.0.0 and before allows a remote attacker to escalate privileges via a crafted POST request to /admin/core/new_staff. | ||||
| CVE-2024-47461 | 1 Arubanetworks | 2 Arubaos, Instant | 2026-04-15 | 7.2 High |
| An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to fully compromise the underlying host operating system. | ||||
| CVE-2024-43444 | 1 Otrs | 1 Otrs | 2026-04-15 | 8.2 High |
| Passwords of agents and customers are displayed in plain text in the OTRS admin log module if certain configurations regarding the authentication sources match and debugging for the authentication backend has been enabled. This issue affects: * OTRS from 7.0.X through 7.0.50 * OTRS 8.0.X * OTRS 2023.X * OTRS from 2024.X through 2024.5.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | ||||
| CVE-2024-33469 | 2026-04-15 | 7.9 High | ||
| An issue in Team Amaze Amaze File Manager v.3.8.5 and fixed in v.3.10 allows a local attacker to execute arbitrary code via the onCreate method of DatabaseViewerActivity.java. | ||||
| CVE-2024-33465 | 1 Mjdm | 1 Majordomo | 2026-04-15 | 7.1 High |
| Cross Site Scripting vulnerability in MajorDoMo before v.0662e5e allows an attacker to escalate privileges via the the thumb/thumb.php component. | ||||
| CVE-2024-0122 | 2026-04-15 | 7.6 High | ||
| NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. | ||||
| CVE-2024-33471 | 2026-04-15 | 7.2 High | ||
| An issue in the Sensor Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to SMTP credentials in plaintext via a crafted AJAX request. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-4303 | 2026-04-15 | 8.8 High | ||
| ArmorX Android APP's multi-factor authentication (MFA) for the login function is not properly implemented. Remote attackers who obtain user credentials can bypass MFA, allowing them to successfully log into the APP. | ||||
| CVE-2024-48141 | 1 Zhipu Ai | 1 Codegeex | 2026-04-15 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Zhipu AI CodeGeeX v2.17.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2025-65073 | 1 Openstack | 1 Keystone | 2026-04-15 | 7.5 High |
| OpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide Keystone authorization. | ||||
| CVE-2024-48140 | 1 Butterflyeffectpte | 1 Monica | 2026-04-15 | 7.5 High |
| A prompt injection vulnerability in the chatbox of Butterfly Effect Limited Monica Your AI Copilot powered by ChatGPT4 v6.3.0 allows attackers to access and exfiltrate all previous and subsequent chat data between the user and the AI assistant via a crafted message. | ||||
| CVE-2024-48123 | 2026-04-15 | 8.4 High | ||
| An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. | ||||
| CVE-2024-48093 | 1 Operately | 1 Operately | 2026-04-15 | 8 High |
| Unrestricted File Upload in the Discussions tab in Operately v.0.1.0 allows a privileged user to achieve Remote Code Execution via uploading and executing malicious files without validating file extensions or content types. | ||||