Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-56957 | 2026-04-15 | 6.5 Medium | ||
| An issue in Kingsoft Office Software Corporation Limited WPS Office iOS 12.20.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56959 | 2026-04-15 | 6.5 Medium | ||
| An issue in Mashang Consumer Finance Co., Ltd Anyihua iOS 3.6.2 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56960 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tianjin Xiaowu Information technology Co., Ltd BeiKe Holdings iOS 1.3.50 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56962 | 2026-04-15 | 6.5 Medium | ||
| An issue in Tencent Technology (Shanghai) Co., Ltd WeSing iOS v9.3.39 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56963 | 2026-04-15 | 6.5 Medium | ||
| An issue in Beijing Sogou Technology Development Co., Ltd Sogou Input iOS 12.2.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56964 | 2026-04-15 | 6.5 Medium | ||
| An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56965 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56966 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56967 | 2026-04-15 | 6.5 Medium | ||
| An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56968 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | ||||
| CVE-2024-56969 | 2026-04-15 | 6.5 Medium | ||
| An issue in Pixocial Technology (Singapore) Pte. Ltd BeautyPlus iOS 7.8.010 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56971 | 2026-04-15 | 6.5 Medium | ||
| An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56972 | 2026-04-15 | 6.5 Medium | ||
| An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56973 | 2026-04-15 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Alvaria, Inc Unified IP Unified Director before v.7.2SP2 allows a remote attacker to execute arbitrary code via the source and filename parameters to the ProcessUploadFromURL.jsp component. | ||||
| CVE-2024-5704 | 2026-04-15 | 4.3 Medium | ||
| The XPlainer – WooCommerce Product FAQ [WooCommerce Accordion FAQ Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions (i.e. ffw_insert_new_faq, ffw_hide_discount_notice, ffw_delete_all_faqs, ffw_delete_single_faq, etc...) in all versions up to, and including, 1.7.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to add new and update existing FAQs, FAQ lists, and modify FAQ associations with products. | ||||
| CVE-2024-5705 | 1 Hitachi | 1 Vantara Pentaho Business Analytics Server | 2026-04-15 | 8.8 High |
| The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. (CWE-863) Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, have modules enabled by default that allow execution of system level processes. When access control checks are incorrectly applied, users can access data or perform actions that they should not be allowed to perform. This can lead to a wide range of problems, including information exposures and denial of service. | ||||
| CVE-2024-57055 | 2026-04-15 | 5 Medium | ||
| Server-Side Access Control Bypass vulnerability in WombatDialer before 25.02 could allow unauthorized users to potentially call certain services without the necessary access level. This issue is limited to services used by the client (not the general-use JSON services) and requires reverse engineering of the proprietary serialization protocol, making it difficult to exploit. | ||||
| CVE-2024-57056 | 2026-04-15 | 5.4 Medium | ||
| Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session. | ||||
| CVE-2024-5706 | 2026-04-15 | 8.8 High | ||
| The product receives input from an upstream component, but it does not restrict or incorrectly restricts the input before it is used as an identifier for a resource that may be outside the intended sphere of control. (CWE-99) Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, do not restrict JNDI identifiers during the creation of Community Dashboards, allowing control of system-level data sources. An attacker could gain access to or modify sensitive data or system resources. This could allow access to protected files or directories including configuration files and files containing sensitive information, which can lead to remote code execution by unauthorized users. | ||||
| CVE-2024-57061 | 2026-04-15 | 9.8 Critical | ||
| An issue in Termius Version 9.9.0 through v.9.16.0 allows a physically proximate attacker to execute arbitrary code via the insecure Electron Fuses configuration. | ||||