Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3897 | 1 Ays-pro | 1 Popup Box | 2026-04-15 | 5.3 Medium |
| The Popup Box – Best WordPress Popup Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_pb_create_author AJAX action in all versions up to, and including, 4.3.6. This makes it possible for unauthenticated attackers to enumerate all emails registered on the website. | ||||
| CVE-2024-38987 | 1 Ageoflearning | 1 Cli-lib | 2026-04-15 | 6.3 Medium |
| aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38989 | 1 Izatop | 1 Bunt | 2026-04-15 | 9.8 Critical |
| izatop bunt v0.29.19 was discovered to contain a prototype pollution via the component /esm/qs.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38990 | 1 Tada5hi | 1 Sp Common | 2026-04-15 | 6.3 Medium |
| Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38991 | 1 Akbr | 1 Patch-into | 2026-04-15 | 8.8 High |
| akbr patch-into v1.0.1 was discovered to contain a prototype pollution via the function patchInto. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38992 | 1 Airvert Thuan | 1 Frappejs | 2026-04-15 | 8.8 High |
| airvertco frappejs v0.0.11 was discovered to contain a prototype pollution via the function registerView. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-38999 | 1 Jrburke | 1 Requirejs | 2026-04-15 | 10 Critical |
| jrburke requirejs v2.3.6 was discovered to contain a prototype pollution via the function s.contexts._.configure. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39008 | 2 Redhat, Robinweser | 2 Rhdh, Fast-loops | 2026-04-15 | 10 Critical |
| robinweser fast-loops v1.1.3 was discovered to contain a prototype pollution via the function objectMergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39013 | 1 2o3t | 1 2o3t-utility | 2026-04-15 | 9.8 Critical |
| 2o3t-utility v0.1.2 was discovered to contain a prototype pollution via the function extend. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39014 | 1 Cahilfoley | 1 Utils | 2026-04-15 | 9.8 Critical |
| ahilfoley cahil/utils v2.3.2 was discovered to contain a prototype pollution via the function set. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39015 | 1 Cafebazaar | 1 Hod | 2026-04-15 | 9.8 Critical |
| cafebazaar hod v0.4.14 was discovered to contain a prototype pollution via the function request. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39016 | 1 Che3vinci | 1 Utils | 2026-04-15 | 8.1 High |
| che3vinci c3/utils-1 1.0.131 was discovered to contain a prototype pollution via the function assign. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39017 | 1 Agreejs Shared | 1 Agreejs Shared | 2026-04-15 | 9.8 Critical |
| agreejs shared v0.0.1 was discovered to contain a prototype pollution via the function mergeInternalComponents. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39018 | 1 Harvey-woo | 1 Key-serializer | 2026-04-15 | 6.3 Medium |
| harvey-woo cat5th/key-serializer v0.2.5 was discovered to contain a prototype pollution via the function "query". This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-39025 | 2026-04-15 | 7.5 High | ||
| Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | ||||
| CVE-2024-39033 | 1 Newgensoft | 1 Omnidocs | 2026-04-15 | 7.5 High |
| In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen. | ||||
| CVE-2024-3904 | 2026-04-15 | 8.8 High | ||
| Incorrect Default Permissions vulnerability in Smart Device Communication Gateway preinstalled on MELIPC Series MI5122-VW firmware versions "05" to "07" allows a local attacker to execute arbitrary code by saving a malicious file to a specific folder. As a result, the attacker may disclose, tamper with, destroy or delete information in the product, or cause a denial-of-service (DoS) condition on the product. | ||||
| CVE-2024-39069 | 1 Ifood | 1 Order Manager | 2026-04-15 | 7.8 High |
| An issue in ifood Order Manager v3.35.5 'Gestor de Peddios.exe' allows attackers to execute arbitrary code via a DLL hijacking attack. | ||||
| CVE-2024-39071 | 1 Fujiankelixun | 1 Command And Dispatch Platform | 2026-04-15 | 9.8 Critical |
| Fujian Kelixun <=7.6.6.4391 is vulnerable to SQL Injection in send_event.php. | ||||
| CVE-2024-3911 | 2026-04-15 | 6.5 Medium | ||
| An unauthenticated remote attacker can deceive users into performing unintended actions due to improper restriction of rendered UI layers or frames. | ||||