Export limit exceeded: 81879 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (81879 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-55354 | 2026-04-15 | 8.8 High | ||
| Lucee before 5.4.7.3 LTS and 6 before 6.1.1.118, when an attacker can place files on the server, is vulnerable to a protection mechanism failure that can let an attacker run code that would be expected to be blocked and access resources that would be expected to be protected. | ||||
| CVE-2023-53788 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/ca0132: fixup buffer overrun at tuning_ctl_set() tuning_ctl_set() might have buffer overrun at (X) if it didn't break from loop by matching (A). static int tuning_ctl_set(...) { for (i = 0; i < TUNING_CTLS_COUNT; i++) (A) if (nid == ca0132_tuning_ctls[i].nid) break; snd_hda_power_up(...); (X) dspio_set_param(..., ca0132_tuning_ctls[i].mid, ...); snd_hda_power_down(...); ^ return 1; } We will get below error by cppcheck sound/pci/hda/patch_ca0132.c:4229:2: note: After for loop, i has value 12 for (i = 0; i < TUNING_CTLS_COUNT; i++) ^ sound/pci/hda/patch_ca0132.c:4234:43: note: Array index out of bounds dspio_set_param(codec, ca0132_tuning_ctls[i].mid, 0x20, ^ This patch cares non match case. | ||||
| CVE-2025-23241 | 2 Intel, Linux | 2 Ethernet 800 Series Software, Linux Kernel | 2026-04-15 | 7.3 High |
| Integer overflow or wraparound in the Linux kernel-mode driver for some Intel(R) 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2019-25322 | 1 Heatmiser | 1 Heatmiser Netmonitor | 2026-04-15 | 7.5 High |
| Heatmiser Netmonitor 3.03 contains a hardcoded credentials vulnerability in the networkSetup.htm page with predictable admin login credentials. Attackers can access the device by using the hard-coded username 'admin' and password 'admin' in the hidden form input fields. | ||||
| CVE-2019-25325 | 2 Contec-touch, Thrive | 2 Smart Home Firmware, Smart Home | 2026-04-15 | 8.2 High |
| Thrive Smart Home 1.1 contains an SQL injection vulnerability in the checklogin.php endpoint that allows unauthenticated attackers to bypass authentication by manipulating the 'user' POST parameter. Attackers can inject malicious SQL code like ' or 1=1# to manipulate login queries and gain unauthorized access to the application. | ||||
| CVE-2025-69188 | 2 E-plugins, Wordpress | 2 Fitness Trainer, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins fitness-trainer fitness-trainer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects fitness-trainer: from n/a through <= 1.7.1. | ||||
| CVE-2019-25328 | 1 Xnsoft | 1 Xnconvert | 2026-04-15 | 7.5 High |
| XnConvert 1.82 contains a denial of service vulnerability in its registration code input field that allows attackers to crash the application. Attackers can generate a 9000-byte buffer of repeated characters and paste it into the registration code field to trigger an application crash. | ||||
| CVE-2019-25331 | 1 Avs4you | 1 Avs Audio Converter | 2026-04-15 | 8.4 High |
| AVS Audio Converter 9.1 contains a local buffer overflow vulnerability that allows local attackers to overwrite CPU registers by manipulating the 'Exit folder' input field. Attackers can craft a specially designed text file with 264 bytes of padding followed by register overwrite values to compromise the application and potentially execute arbitrary code. | ||||
| CVE-2019-25332 | 1 Internet-soft | 1 Ftp Commander Pro | 2026-04-15 | 8.4 High |
| FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential. | ||||
| CVE-2019-25291 | 1 Inim | 1 Smartliving Smartlan | 2026-04-15 | 7.5 High |
| INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models. | ||||
| CVE-2019-25335 | 1 Websitem | 1 7070 Hazır Profesyonel Web Sitesi | 2026-04-15 | 7.5 High |
| PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface. | ||||
| CVE-2025-69192 | 2 E-plugins, Wordpress | 2 Real Estate Pro, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins Real Estate Pro real-estate-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Pro: from n/a through <= 2.1.5. | ||||
| CVE-2025-69193 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-04-15 | 7.3 High |
| Missing Authorization vulnerability in e-plugins WP Membership wp-membership allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||
| CVE-2019-25341 | 1 Inettools | 1 Inettools For Ios | 2026-04-15 | 7.5 High |
| iNetTools for iOS 8.20 contains a denial of service vulnerability in the Whois feature that allows attackers to crash the application by manipulating input. Attackers can paste a specially crafted 98-character buffer into the Domain Name field to trigger an application crash. | ||||
| CVE-2019-25349 | 1 Scadaapp | 1 Scadaapp For Ios | 2026-04-15 | 7.5 High |
| ScadaApp for iOS 1.1.4.0 contains a denial of service vulnerability that allows attackers to crash the application by inputting an oversized buffer in the Servername field. Attackers can paste a 257-character buffer during login to trigger an application crash on iOS devices. | ||||
| CVE-2025-41682 | 1 Bender | 4 Cc612, Cc613, Icc13xx and 1 more | 2026-04-15 | 8.8 High |
| An authenticated, low-privileged attacker can obtain credentials stored on the charge controller including the manufacturer password. | ||||
| CVE-2019-20458 | 1 Epson | 1 Xp-255 | 2026-04-15 | 8.8 High |
| An issue was discovered on Epson Expression Home XP255 20.08.FM10I8 devices. By default, the device comes (and functions) without a password. The user is at no point prompted to set up a password on the device (leaving a number of devices without a password). In this case, anyone connecting to the web admin panel is capable of becoming admin without using any credentials. | ||||
| CVE-2019-25351 | 1 Centova Technologies Inc. | 1 Centova Cast | 2026-04-15 | 8.8 High |
| Centova Cast 3.2.11 contains a file download vulnerability that allows authenticated attackers to retrieve arbitrary system files through the server.copyfile API endpoint. Attackers can exploit the vulnerability by supplying crafted parameters to download sensitive files like /etc/passwd using curl and wget requests. | ||||
| CVE-2019-25354 | 1 Shenzhen Smarteye Digital Electronics | 1 Ismartviewpro | 2026-04-15 | 7.5 High |
| iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices. | ||||
| CVE-2025-69292 | 2 E-plugins, Wordpress | 2 Wp Membership, Wordpress | 2026-04-15 | 8.8 High |
| Incorrect Privilege Assignment vulnerability in e-plugins WP Membership wp-membership allows Privilege Escalation.This issue affects WP Membership: from n/a through <= 1.6.4. | ||||