Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-36349 | 2026-04-15 | 3.8 Low | ||
| A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage. | ||||
| CVE-2024-3583 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-3585 | 1 Send Pdf For Contact Form 7 Project | 1 Send Pdf For Contact Form 7 | 2026-04-15 | 5.3 Medium |
| The Send PDF for Contact Form 7 plugin for WordPress is vulnerable to unauthorized access of form submissions due to a missing capability check on the hooks function in all versions up to, and including, 1.0.2.3. This makes it possible for unauthenticated attackers to download information about contact form entries with PDFs. | ||||
| CVE-2024-3595 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Pure Chat – Live Chat Plugin & More! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the purechatwid and purechatwname parameter in all versions up to, and including, 2.22 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-36038 | 1 Zohocorp | 1 Manageengine Opmanager Plus | 2026-04-15 | 6.3 Medium |
| Zoho ManageEngine ITOM products versions from 128234 to 128248 are affected by the stored cross-site scripting vulnerability in the proxy server option. | ||||
| CVE-2024-36039 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.3 Medium |
| PyMySQL through 1.1.0 allows SQL injection if used with untrusted JSON input because keys are not escaped by escape_dict. | ||||
| CVE-2024-36043 | 2026-04-15 | 6.1 Medium | ||
| question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink property. | ||||
| CVE-2024-36049 | 1 Aptos | 1 Wisal | 2026-04-15 | 6.5 Medium |
| Aptos Wisal payroll accounting before 7.1.6 uses hardcoded credentials in the Windows client to fetch the complete list of usernames and passwords from the database server, using an unencrypted connection. This allows attackers in a machine-in-the-middle position read and write access to personally identifiable information (PII) and especially payroll data and the ability to impersonate legitimate users with respect to the audit log. | ||||
| CVE-2024-36050 | 1 Nixos | 1 Nix | 2026-04-15 | 4.3 Medium |
| Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request. | ||||
| CVE-2024-36053 | 1 Linuxmint | 1 Mintupload | 2026-04-15 | 9 Critical |
| In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in check_connection, drop_data_received_cb, and Service.remove. A user can modify a service name in a ~/.linuxmint/mintUpload/services/service file. | ||||
| CVE-2024-36054 | 1 Marvin Test | 1 Hw Driver | 2026-04-15 | 7.4 High |
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily read kernel memory (and consequently gain all privileges) via IOCTL 0x9c4064b8 (via MmMapIoSpace) and IOCTL 0x9c406490 (via ZwMapViewOfSection). | ||||
| CVE-2024-36055 | 2026-04-15 | 5.5 Medium | ||
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory with read/write access via the MmMapIoSpace API (IOCTL 0x9c40a4f8, 0x9c40a4e8, 0x9c40a4c0, 0x9c40a4c4, 0x9c40a4ec, and seven others), leading to a denial of service (BSOD). | ||||
| CVE-2024-36056 | 1 Marvin Test | 1 Hw Driver | 2026-04-15 | 5.4 Medium |
| Hw64.sys in Marvin Test HW.exe before 5.0.5.0 allows unprivileged user-mode processes to arbitrarily map physical memory via IOCTL 0x9c406490 (for IoAllocateMdl, MmBuildMdlForNonPagedPool, and MmMapLockedPages), leading to NT AUTHORITY\SYSTEM privilege escalation. | ||||
| CVE-2024-34345 | 2026-04-15 | 8.1 High | ||
| The CycloneDX JavaScript library contains the core functionality of OWASP CycloneDX for JavaScript. In 6.7.0, XML External entity injections were possible, when running the provided XML Validator on arbitrary input. This issue was fixed in version 6.7.1. | ||||
| CVE-2024-34342 | 2026-04-15 | 7.1 High | ||
| react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. This vulnerability is fixed in 7.7.3 and 8.0.2. | ||||
| CVE-2024-34341 | 1 Basecamp | 1 Trix | 2026-04-15 | 5.4 Medium |
| Trix is a rich text editor. The Trix editor, versions prior to 2.1.1, is vulnerable to arbitrary code execution when copying and pasting content from the web or other documents with markup into the editor. The vulnerability stems from improper sanitization of pasted content, allowing an attacker to embed malicious scripts which are executed within the context of the application. Users should upgrade to Trix editor version 2.1.1 or later, which incorporates proper sanitization of input from copied content. | ||||
| CVE-2024-33223 | 2026-04-15 | 8.8 High | ||
| An issue in the component IOMap64.sys of ASUSTeK Computer Inc ASUS GPU TweakII v1.4.5.2 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-33224 | 1 Realtek | 1 Io Driver | 2026-04-15 | 8.4 High |
| An issue in the component rtkio64.sys of Realtek Semiconductor Corp Realtek lO Driver v1.008.0823.2017 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-33225 | 1 Dell | 1 Realtek High Definition Audio Driver | 2026-04-15 | 7.8 High |
| An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtek(r) High Definition Audio Function Driver v6.0.9549.1 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2024-33226 | 2026-04-15 | 9.9 Critical | ||
| An issue in the component Access64.sys of Wistron Corporation TBT Force Power Control v1.0.0.0 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||