Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-41887 | 2026-04-15 | N/A | ||
| Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | ||||
| CVE-2024-41970 | 2026-04-15 | 5.7 Medium | ||
| A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | ||||
| CVE-2024-4190 | 2026-04-15 | 8.1 High | ||
| Stored Cross-Site Scripting (XSS) vulnerabilities have been identified in OpenText ArcSight Logger. The vulnerabilities could be remotely exploited. | ||||
| CVE-2024-41971 | 2026-04-15 | 8.1 High | ||
| A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. | ||||
| CVE-2024-41908 | 1 Siemens | 6 Nx 1957 Firmware, Nx 1961 Firmware, Nx 1965 Firmware and 3 more | 2026-04-15 | 7.8 High |
| A vulnerability has been identified in NX (All versions < V2406.3000). The affected applications contains an out of bounds read vulnerability while parsing specially crafted PRT files. This could allow an attacker to crash the application or execute code in the context of the current process. | ||||
| CVE-2024-41917 | 1 Intel | 1 Battery Life Diagnostic Tool | 2026-04-15 | 7.5 High |
| Time-of-check time-of-use race condition for some Intel(R) Battery Life Diagnostic Tool software before version 2.4.1 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-41924 | 1 Ec-cube | 1 Ec-cube | 2026-04-15 | 7.2 High |
| Acceptance of extraneous untrusted data with trusted data vulnerability exists in EC-CUBE 4 series. If this vulnerability is exploited, an attacker who obtained the administrative privilege may install an arbitrary PHP package. If the obsolete versions of PHP packages are installed, the product may be affected by some known vulnerabilities. | ||||
| CVE-2024-41925 | 1 Optigo | 1 Ons-s8 Firmware | 2026-04-15 | 9.8 Critical |
| The web service for ONS-S8 - Spectra Aggregation Switch includes functions which do not properly validate user input, allowing an attacker to traverse directories, bypass authentication, and execute remote code. | ||||
| CVE-2024-41928 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 8.4 High |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
| CVE-2024-41929 | 1 Takenaka Engineering | 9 Ahd04t-a Firmware, Ahd08t-a Firmware, Ahd16t-a Firmware and 6 more | 2026-04-15 | 8.8 High |
| Improper authentication vulnerability in multiple digital video recorders provided by TAKENAKA ENGINEERING CO., LTD. allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2024-4193 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Testimonial Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'testimonialcategory' shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-41930 | 2026-04-15 | 6.1 Medium | ||
| Cross-site scripting vulnerability exists in MF Teacher Performance Management System version 6. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who accessed the website using the product. | ||||
| CVE-2024-41934 | 2026-04-15 | 5.9 Medium | ||
| Improper access control in some Intel(R) GPA software before version 2024.3 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-41943 | 2026-04-15 | 4.6 Medium | ||
| I, Librarian is an open-source version of a PDF managing SaaS. PDF notes are displayed on the Item Summary page without any form of validation or sanitation. An attacker can exploit this vulnerability by inserting a payload in the PDF notes that contains malicious code or script. This code will then be executed when the page is loaded in the browser. The vulnerability was fixed in version 5.11.1. | ||||
| CVE-2024-41944 | 2026-04-15 | 6.5 Medium | ||
| Xibo is a content management system (CMS). An SQL injection vulnerability was discovered in the `report/data/proofofplayReport` API route inside the CMS. This allows an authenticated user to to obtain and modify arbitrary data from the Xibo database by injecting specially crafted values in to the `sortBy` parameter. Users should upgrade to version 3.3.12 or 4.0.14 which fix this issue. | ||||
| CVE-2024-41945 | 2026-04-15 | 3.1 Low | ||
| fuels-ts is a library for interacting with Fuel v2. The typescript SDK has no awareness of to-be-spent transactions causing some transactions to fail or silently get pruned as they are funded with already used UTXOs. The problem occurs, because the `fund` function in `fuels-ts/packages/account/src/account.ts` gets the needed ressources statelessly with the function `getResourcesToSpend` without taking into consideration already used UTXOs. This issue will lead to unexpected SDK behaviour, such as a transaction not getting included in the `txpool` / in a block or a previous transaction silently getting removed from the `txpool` and replaced with a new one. | ||||
| CVE-2024-41950 | 1 Deepset | 1 Haystack | 2026-04-15 | 7.5 High |
| Haystack is an end-to-end LLM framework that allows you to build applications powered by LLMs, Transformer models, vector search and more. Haystack clients that let their users create and run Pipelines from scratch are vulnerable to remote code executions. Certain Components in Haystack use Jinja2 templates, if anyone can create and render that template on the client machine they run any code. The vulnerability has been fixed with Haystack `2.3.1`. | ||||
| CVE-2024-41951 | 2026-04-15 | 4.4 Medium | ||
| Pheonix App is a Python application designed to streamline various tasks, from managing files to playing mini-games. The issue is that the map of encoding/decoding languages are visible in code. The Problem was patched in 0.2.4. | ||||
| CVE-2024-41956 | 1 Charmbracelet | 1 Soft-serve | 2026-04-15 | 8.1 High |
| Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by the client to git subprocesses. This includes environment variables that control program execution, such as LD_PRELOAD. This vulnerability is fixed in 0.7.5. | ||||
| CVE-2024-41969 | 2026-04-15 | 8.8 High | ||
| A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | ||||