Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46899 | 2026-04-15 | 7.1 High | ||
| Hitachi Ops Center Common Services within Hitachi Ops Center Analyzer viewpoint OVF contains an authentication credentials leakage vulnerability.This issue affects Hitachi Ops Center Common Services: from 10.0.0-00 before 11.0.0-04; Hitachi Ops Center Analyzer viewpoint OVF: from 10.0.0-00 before 11.0.0-04. | ||||
| CVE-2024-4693 | 1 Redhat | 2 Advanced Virtualization, Enterprise Linux | 2026-04-15 | 5.5 Medium |
| A flaw was found in the QEMU Virtio PCI Bindings (hw/virtio/virtio-pci.c). An improper release and use of the irqfd for vector 0 during the boot process leads to a guest triggerable crash via vhost_net_stop(). This flaw allows a malicious guest to crash the QEMU process on the host. | ||||
| CVE-2024-46933 | 2026-04-15 | 7.7 High | ||
| An issue was discovered in Atos Eviden BullSequana XH2140 BMC before C4EM-125: OMF_C4E 101.05.0014. Some BullSequana XH products were shipped without proper hardware programming, leading to a potential denial-of-service with privileged access. | ||||
| CVE-2024-46936 | 1 Rocketchat | 1 Rocket.chat | 2026-04-15 | 7.5 High |
| Rocket.Chat 6.12.0, 6.11.2, 6.10.5, 6.9.6, 6.8.6, 6.7.8, and before is vulnerable to a message forgery / impersonation issue. Attackers can abuse the UpdateOTRAck method to send ephemeral messages as if they were any other user they choose. | ||||
| CVE-2024-46939 | 2026-04-15 | N/A | ||
| The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files | ||||
| CVE-2024-46941 | 2026-04-15 | N/A | ||
| SystemUI has an incorrect component protection setting, which allows access to specific information. | ||||
| CVE-2024-46947 | 1 Northern.tech | 1 Mender | 2026-04-15 | 6.5 Medium |
| Northern.tech Mender before 3.6.6 and 3.7.x before 3.7.7 allows SSRF. | ||||
| CVE-2024-46957 | 1 Mellium | 1 Xmpp | 2026-04-15 | 9.8 Critical |
| Mellium mellium.im/xmpp 0.0.1 through 0.21.4 allows response spoofing if the implementation uses predictable IDs because the stanza type is not checked. This is fixed in 0.22.0. | ||||
| CVE-2024-46959 | 1 Runofast | 1 Cloudcam Firmware | 2026-04-15 | 6.5 Medium |
| runofast Indoor Security Camera for Baby Monitor has a default password of password for the root account. This allows access to the /stream1 URI via the rtsp:// protocol to receive the video and audio stream. | ||||
| CVE-2024-4696 | 1 Lenovo | 1 Service Bridge | 2026-04-15 | 7.5 High |
| A privilege escalation vulnerability was reported in Lenovo Service Bridge prior to version 5.0.2.17 that could allow operating system commands to be executed if a specially crafted link is visited. | ||||
| CVE-2024-46960 | 1 Asdcom | 1 Hd Video Downloader | 2026-04-15 | 8.8 High |
| The ASD com.rocks.video.downloader (aka HD Video Downloader All Format) application through 7.0.129 for Android allows an attacker to execute arbitrary JavaScript code via the com.rocks.video.downloader.MainBrowserActivity component. | ||||
| CVE-2024-46961 | 1 Inshot.com | 1 X Downloader | 2026-04-15 | 8.1 High |
| The Inshot com.downloader.privatebrowser (aka Video Downloader - XDownloader) application through 1.3.5 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.privatebrowser.activity.PrivateMainActivity component. | ||||
| CVE-2024-46963 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component. | ||||
| CVE-2024-46964 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The com.video.downloader.all (aka All Video Downloader) application through 11.28 for Android allows an attacker to execute arbitrary JavaScript code via the com.video.downloader.all.StartActivity component. | ||||
| CVE-2024-46965 | 1 Google | 1 Ds Allvideo.downloader.browser Application For Android | 2026-04-15 | 5.4 Medium |
| The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. | ||||
| CVE-2024-46966 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The Ikhgur mn.ikhgur.khotoch (aka Video Downloader Pro & Browser) application through 1.0.42 for Android allows an attacker to execute arbitrary JavaScript code via the mn.ikhgur.khotoch.MainActivity component. | ||||
| CVE-2024-46971 | 2026-04-15 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | ||||
| CVE-2024-46973 | 2026-04-15 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | ||||
| CVE-2024-46974 | 2026-04-15 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper read/write operations on imported/exported DMA buffers. | ||||
| CVE-2024-46975 | 2026-04-15 | 7.9 High | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data into another Guest's virtualised GPU memory. | ||||