Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10809 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10809 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49581 | 1 Palantir | 1 Foundry | 2026-04-15 | 6.5 Medium |
| Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances. | ||||
| CVE-2024-4958 | 2026-04-15 | 7.1 High | ||
| The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it possible for authenticated attackers, with contributor-level permissions and above, to import a registration form with a default user role of administrator. If an administrator approves or publishes a post or page with the shortcode to the imported form, any user can register as an administrator. | ||||
| CVE-2024-49501 | 2026-04-15 | N/A | ||
| Sysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attacker may access the program which is protected by Data Protection function. | ||||
| CVE-2024-48792 | 1 Hideez | 1 Com.hideez Firmware | 2026-04-15 | 7.5 High |
| An issue in Hideez com.hideez 2.7.8.3 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48787 | 1 Revic Optics | 1 Revic Ops Firmware | 2026-04-15 | 9.1 Critical |
| An issue in Revic Optics Revic Ops (us.revic.revicops) 1.12.5 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48786 | 1 Switchbot | 1 Switchbot Firmware | 2026-04-15 | 9.1 Critical |
| An issue in SWITCHBOT INC SwitchBot (com.theswitchbot.switchbot) 5.0.4 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48784 | 1 Sampmax | 1 Sampmax Firmware | 2026-04-15 | 9.8 Critical |
| An Incorrect Access Control issue in SAMPMAX com.sampmax.homemax 2.1.2.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48778 | 1 Giant Manufacturing | 1 Ridelink Firmware | 2026-04-15 | 9.1 Critical |
| An issue in GIANT MANUFACTURING CO., LTD RideLink (tw.giant.ridelink) 2.0.7 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48772 | 1 C-chip | 1 C-chip Firmware | 2026-04-15 | 9.1 Critical |
| An issue in C-CHIP (com.cchip.cchipamaota) v.1.2.8 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2024-48769 | 1 Burg-wchter Kg | 1 Burg-wchter Kg Firmware | 2026-04-15 | 9.1 Critical |
| An issue in BURG-WCHTER KG de.burgwachter.keyapp.app 4.5.0 allows a remote attacker to obtain sensitve information via the firmware update process. | ||||
| CVE-2024-48651 | 1 Proftpd | 1 Proftpd | 2026-04-15 | 7.5 High |
| In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. | ||||
| CVE-2024-48645 | 1 Arm32x | 1 Command Block Ide | 2026-04-15 | 7.5 High |
| In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server. | ||||
| CVE-2024-48548 | 1 Cloud Smart Lock | 1 Cloud Smart Lock Firmware | 2026-04-15 | 9.3 Critical |
| The APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attackers to arbitrarily construct a request to use the app to bind to unknown devices by finding a valid serial number via a bruteforce attack. | ||||
| CVE-2024-48547 | 1 Dreamcatcher Iot Technology | 1 Dreamcatcher Life Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48546 | 1 Shenzhen Yingsheng Technology Co | 1 Wear Sync Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48545 | 1 Ivyiot | 1 Ivy Smart Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48544 | 1 Ledvance | 1 Sylvania Smart Home Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48542 | 1 Yamaha | 1 Headphones Controller Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48541 | 1 Ruochan | 1 Smart Firmware | 2026-04-15 | 8.4 High |
| Incorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||
| CVE-2024-48540 | 1 Shenzhen Xiaohe Lejia Technology Co | 1 Xiaohesmart Firmware | 2026-04-15 | 6.2 Medium |
| Incorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the APK file. | ||||