Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-53345 | 2026-04-15 | 8.8 High | ||
| An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | ||||
| CVE-2024-53375 | 1 Tp-link | 1 Archer Axe75 Firmware | 2026-04-15 | 8 High |
| An Authenticated Remote Code Execution (RCE) vulnerability affects the TP-Link Archer router series. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the activation of the HomeShield functionality. | ||||
| CVE-2024-53379 | 2026-04-15 | 7.5 High | ||
| Heap buffer overflow in the server site handshake implementation in Real Time Logic LLC's SharkSSL version (from 05/05/24) commit 64808a5e12c83b38f85c943dee0112e428dc2a43 allows a remote attacker to trigger a Denial-of-Service via a malformed Client-Hello message. | ||||
| CVE-2024-53408 | 2026-04-15 | 5.4 Medium | ||
| AVE System Web Client v2.1.131.13992 was discovered to contain a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2024-53426 | 1 Ntop | 1 Ntopng | 2026-04-15 | 6.2 Medium |
| A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function. | ||||
| CVE-2024-53429 | 1 Open62541 | 1 Open62541 | 2026-04-15 | 7.5 High |
| Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. | ||||
| CVE-2024-5343 | 2026-04-15 | 8.8 High | ||
| The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_create_article' and 'rbs_ajax_reset_views' functions. This makes it possible for unauthenticated attackers to create new posts and reset gallery view counts via a forged request granted they can trick a Contributor+ level user into performing an action such as clicking on a link. | ||||
| CVE-2024-53432 | 1 Point Cloud Library | 1 Pcl | 2026-04-15 | 7.5 High |
| While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files. | ||||
| CVE-2024-53441 | 2026-04-15 | 9.1 Critical | ||
| An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack. | ||||
| CVE-2024-53442 | 2026-04-15 | 9.8 Critical | ||
| whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. | ||||
| CVE-2024-5345 | 1 Thenahidul | 1 Responsive Owl Carousel For Elementor | 2026-04-15 | 8.8 High |
| The Responsive Owl Carousel for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.2.0 via the layout parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The inclusion is limited to PHP files. | ||||
| CVE-2024-53476 | 1 Simplcommerce | 1 Simplcommerce | 2026-04-15 | 5.9 Medium |
| A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders. | ||||
| CVE-2024-5348 | 2026-04-15 | 8.8 High | ||
| The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of the marquee widget, the 'postgrid_layout' attribute of the postgrid widget, the 'woocart_layout' attribute of the woocart widget, and the 'woogrid_layout' attribute of the woogrid widget. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-53484 | 1 Ever | 1 Traduora | 2026-04-15 | 8.8 High |
| Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. | ||||
| CVE-2024-53490 | 2026-04-15 | 7.5 High | ||
| Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. | ||||
| CVE-2024-53494 | 2026-04-15 | 7.5 High | ||
| Incorrect access control in the preHandle function of SpringBootBlog v1.0.0 allows attackers to access sensitive components without authentication. | ||||
| CVE-2024-53522 | 2026-04-15 | 7.5 High | ||
| Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information. | ||||
| CVE-2024-53523 | 2026-04-15 | 7.5 High | ||
| JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. | ||||
| CVE-2024-53542 | 2026-04-15 | 6.5 Medium | ||
| Incorrect access control in the component /iclock/Settings?restartNCS=1 of NovaCHRON Zeitsysteme GmbH & Co. KG Smart Time Plus v8.x to v8.6 allows attackers to arbitrarily restart the NCServiceManger via a crafted GET request. | ||||
| CVE-2024-48747 | 1 Alist Project | 1 Alist | 2026-04-15 | 6.8 Medium |
| An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. | ||||