Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-33849 | 2026-04-15 | 6.5 Medium | ||
| ci solution CI-Out-of-Office Manager through 6.0.0.77 uses a Hard-coded Cryptographic Key. | ||||
| CVE-2024-33851 | 2026-04-15 | 4.3 Medium | ||
| phpecc, as used in paragonie/phpecc before 2.0.1, has a branch-based timing leak in Point addition. (This is related to phpecc/phpecc on GitHub, and the Matyas Danter ECC library.) | ||||
| CVE-2024-33862 | 1 Opcfoundation | 1 Ua-.netstandard | 2026-04-15 | 7.5 High |
| A buffer-management vulnerability in OPC Foundation OPCFoundation.NetStandard.Opc.Ua.Core before 1.05.374.54 could allow remote attackers to exhaust memory resources. It is triggered when the system receives an excessive number of messages from a remote source. This could potentially lead to a denial of service (DoS) condition, disrupting the normal operation of the system. | ||||
| CVE-2024-33872 | 1 Keyfactor | 1 Command | 2026-04-15 | 9.8 Critical |
| Keyfactor Command 10.5.x before 10.5.1 and 11.5.x before 11.5.1 allows SQL Injection which could result in code execution and escalation of privileges. | ||||
| CVE-2024-33883 | 2026-04-15 | 4 Medium | ||
| The ejs (aka Embedded JavaScript templates) package before 3.1.10 for Node.js lacks certain pollution protection. | ||||
| CVE-2024-33898 | 1 Axiros | 1 Axess | 2026-04-15 | 9.8 Critical |
| Axiros AXESS Auto Configuration Server (ACS) 4.x and 5.0.0 is affected by an Incorrect Access Control vulnerability. An authorization bypass allows remote attackers to achieve unauthenticated remote code execution. | ||||
| CVE-2024-33903 | 2026-04-15 | 5.9 Medium | ||
| In CARLA through 0.9.15.2, the collision sensor mishandles some situations involving pedestrians or bicycles, in part because the collision sensor function is not exposed to the Blueprint library. | ||||
| CVE-2024-33904 | 1 Hyprland | 1 Hyprland | 2026-04-15 | 7 High |
| In plugins/HookSystem.cpp in Hyprland through 0.39.1 (before 28c8561), through a race condition, a local attacker can cause execution of arbitrary assembly code by writing to a predictable temporary file. | ||||
| CVE-2024-33905 | 2026-04-15 | 4.6 Medium | ||
| In Telegram WebK before 2.0.0 (488), a crafted Mini Web App allows XSS via the postMessage web_app_open_link event type. | ||||
| CVE-2024-34804 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.4 Medium |
| Missing Authorization vulnerability in Tagembed.This issue affects Tagembed: from n/a through 5.8. | ||||
| CVE-2024-34010 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Local privilege escalation due to unquoted search path vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758, Acronis Cyber Protect 16 (Windows) before build 38690, Acronis True Image (Windows) before build 42386, Acronis True Image OEM (Windows) before build 42575. | ||||
| CVE-2024-34011 | 2026-04-15 | N/A | ||
| Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 37758. | ||||
| CVE-2024-34013 | 1 Acronis | 1 True Image | 2026-04-15 | N/A |
| Local privilege escalation due to OS command injection vulnerability. The following products are affected: Acronis True Image (macOS) before build 41396, Acronis True Image OEM (macOS) before build 42571. | ||||
| CVE-2024-34014 | 2026-04-15 | N/A | ||
| Arbitrary file overwrite during recovery due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892, Acronis Backup extension for Plesk (Linux) before build 1.8.6.599, Acronis Backup plugin for DirectAdmin (Linux) before build 1.2.2.181. | ||||
| CVE-2024-34015 | 2026-04-15 | N/A | ||
| Sensitive information disclosure during file browsing due to improper symbolic link handling. The following products are affected: Acronis Backup plugin for cPanel & WHM (Linux) before build 1.8.3.818, Acronis Backup plugin for cPanel & WHM (Linux) before build 1.9.1.892. | ||||
| CVE-2024-34016 | 1 Acronis | 1 Cyber Protect Cloud Agent | 2026-04-15 | N/A |
| Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 38235. | ||||
| CVE-2024-34020 | 1 Hcode | 1 Hcode | 2026-04-15 | 6.5 Medium |
| A stack-based buffer overflow was found in the putSDN() function of mail.c in hcode through 2.1. | ||||
| CVE-2024-34021 | 1 Elecom | 4 Wrc-2533gs2-b Firmware, Wrc-2533gs2-w Firmware, Wrc-2533gs2v-b Firmware and 1 more | 2026-04-15 | 6.8 Medium |
| Unrestricted upload of file with dangerous type vulnerability exists in ELECOM wireless LAN routers. A specially crafted file may be uploaded to the affected product by a logged-in user with an administrative privilege, resulting in an arbitrary OS command execution. | ||||
| CVE-2024-34022 | 1 Intel | 1 Thunderbolt Share Software | 2026-04-15 | 6.7 Medium |
| Improper Access Control in some Thunderbolt(TM) Share software before version 1.0.49.9 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-34023 | 2026-04-15 | 8.4 High | ||
| Untrusted pointer dereference in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||