Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33560 | 2 8theme, Wordpress | 2 Xstore, Wordpress | 2026-04-15 | 9 Critical |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in 8theme XStore allows PHP Local File Inclusion.This issue affects XStore: from n/a through 9.3.8. | ||||
| CVE-2024-33567 | 2026-04-15 | 9.8 Critical | ||
| Improper Privilege Management vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Privilege Escalation.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. | ||||
| CVE-2024-34515 | 2026-04-15 | 8.8 High | ||
| image-optimizer before 1.7.3 allows PHAR deserialization, e.g., the phar:// protocol in arguments to file_exists(). | ||||
| CVE-2024-33569 | 1 Connekthq | 1 Instant Images | 2026-04-15 | 7.2 High |
| Improper Privilege Management vulnerability in Darren Cooney Instant Images allows Privilege Escalation.This issue affects Instant Images: from n/a through 6.1.0. | ||||
| CVE-2024-33578 | 1 Lenovo | 1 Leyun | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Leyun that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33579 | 1 Lenovo | 1 Baiying | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Baiying that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33580 | 1 Lenovo | 1 Personal Cloud | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Personal Cloud that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33582 | 1 Lenovo | 1 Service Framework | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo Service Framework that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-33583 | 1 Siemens | 1 Simatic Rtls Locating Manager | 2026-04-15 | 3.3 Low |
| A vulnerability has been identified in SIMATIC RTLS Locating Manager (6GT2780-0DA00) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-0DA30) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA10) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA20) (All versions < V3.0.1.1), SIMATIC RTLS Locating Manager (6GT2780-1EA30) (All versions < V3.0.1.1). Affected application contains a hidden configuration item to enable debug functionality. This could allow an authenticated local attacker to gain insight into the internal configuration of the deployment. | ||||
| CVE-2024-33616 | 2026-04-15 | 5.3 Medium | ||
| Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-33605 | 2026-04-15 | 7.5 High | ||
| Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-33617 | 2026-04-15 | 5.9 Medium | ||
| Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access. | ||||
| CVE-2024-33610 | 2026-04-15 | 9.1 Critical | ||
| "sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | ||||
| CVE-2024-33611 | 2026-04-15 | 3.4 Low | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-33615 | 1 Cyberpower | 1 Powerpanel Business | 2026-04-15 | 8.8 High |
| A specially crafted Zip file containing path traversal characters can be imported to the CyberPower PowerPanel server, which allows file writing to the server outside the intended scope, and could allow an attacker to achieve remote code execution. | ||||
| CVE-2024-33620 | 2026-04-15 | 8.6 High | ||
| Absolute path traversal vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, the file contents including sensitive information on the server may be retrieved by an unauthenticated remote attacker. | ||||
| CVE-2024-33622 | 2026-04-15 | 6.5 Medium | ||
| Missing authentication for critical function vulnerability exists in ID Link Manager and FUJITSU Software TIME CREATOR. If this vulnerability is exploited, sensitive information may be obtained and/or the information stored in the database may be altered by a remote authenticated attacker. | ||||
| CVE-2024-33624 | 2026-04-15 | 4.3 Medium | ||
| Improper input validation for some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.60 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-33628 | 2 Wordpress, Xforwoocommerce | 2 Wordpress, Xforwoocommerce | 2026-04-15 | 8.8 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in XforWooCommerce allows PHP Local File Inclusion.This issue affects XforWooCommerce: from n/a through 2.0.2. | ||||