Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38387 | 1 Intel | 1 Graphics Driver | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in the Intel(R) Graphics Driver installers for versions 15.40 and 15.45 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38363 | 1 Airbyte | 1 Airbytehq | 2026-04-15 | 8.6 High |
| Airbyte is a data integration platform for ELT pipelines. Airbyte connection builder docker image is vulnerable to RCE via SSTI which allows an authenticated remote attacker to execute arbitrary code on the server as the web server user. The connection builder is used to create and test new connectors. Sensitive information, such as credentials, could be exposed if a user tested a new connector on a compromised instance. The connection builder does not have access to any data processes. This vulnerability is fixed in 0.62.2. | ||||
| CVE-2024-38364 | 2026-04-15 | 2.6 Low | ||
| DSpace is an open source software is a turnkey repository application used by more than 2,000 organizations and institutions worldwide to provide durable access to digital resources. In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This vulnerability has been patched in version 7.6.2. | ||||
| CVE-2024-38372 | 1 Nodejs | 1 Undici | 2026-04-15 | 2 Low |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. Depending on network and process conditions of a `fetch()` request, `response.arrayBuffer()` might include portion of memory from the Node.js process. This has been patched in v6.19.2. | ||||
| CVE-2024-38453 | 1 Avalara | 1 Avalara For Salesforce Cpq | 2026-04-15 | 7.5 High |
| The Avalara for Salesforce CPQ app before 7.0 for Salesforce allows attackers to read an API key. NOTE: the current version is 11 as of mid-2024. | ||||
| CVE-2024-38374 | 1 Cyclonedx | 1 Cyclonedx Core Java | 2026-04-15 | 7.5 High |
| The CycloneDX core module provides a model representation of the SBOM along with utilities to assist in creating, validating, and parsing SBOMs. Before deserializing CycloneDX Bill of Materials in XML format, _cyclonedx-core-java_ leverages XPath expressions to determine the schema version of the BOM. The `DocumentBuilderFactory` used to evaluate XPath expressions was not configured securely, making the library vulnerable to XML External Entity (XXE) injection. This vulnerability has been fixed in cyclonedx-core-java version 9.0.4. | ||||
| CVE-2024-38375 | 1 Fastly | 1 Js-compute | 2026-04-15 | 5.3 Medium |
| @fastly/js-compute is a JavaScript SDK and runtime for building Fastly Compute applications. The implementation of several functions were determined to include a use-after-free bug. This bug could allow for unintended data loss if the result of the preceding functions were sent anywhere else, and often results in a guest trap causing services to return a 500. This bug has been fixed in version 3.16.0 of the `@fastly/js-compute` package. | ||||
| CVE-2024-38389 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2026-04-15 | 7.8 High |
| There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | ||||
| CVE-2024-38392 | 2026-04-15 | 9.1 Critical | ||
| Pexip Infinity Connect before 1.13.0 lacks sufficient authenticity checks during the loading of resources, and thus remote attackers can cause the application to run untrusted code. | ||||
| CVE-2024-38394 | 2026-04-15 | 4.3 Medium | ||
| Mismatches in interpreting USB authorization policy between GNOME Settings Daemon (GSD) through 46.0 and the Linux kernel's underlying device matching logic allow a physically proximate attacker to access some unintended Linux kernel USB functionality, such as USB device-specific kernel modules and filesystem implementations. NOTE: the GSD supplier indicates that consideration of a mitigation for this within GSD would be in the context of "a new feature, not a CVE." | ||||
| CVE-2024-38427 | 1 Color | 1 Demoiccmax | 2026-04-15 | 8.8 High |
| In International Color Consortium DemoIccMAX before 85ce74e, a logic flaw in CIccTagXmlProfileSequenceId::ParseXml in IccXML/IccLibXML/IccTagXml.cpp results in unconditionally returning false. | ||||
| CVE-2024-38434 | 1 Unitronics | 1 Vision Plc | 2026-04-15 | 6.5 Medium |
| Unitronics Vision PLC – CWE-676: Use of Potentially Dangerous Function may allow security feature bypass | ||||
| CVE-2024-38443 | 1 The Algorithms | 1 C | 2026-04-15 | 6.2 Medium |
| C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. | ||||
| CVE-2024-38448 | 2026-04-15 | 9.1 Critical | ||
| htags in GNU Global through 6.6.12 allows code execution in situations where dbpath (aka -d) is untrusted, because shell metacharacters may be used. | ||||
| CVE-2024-38449 | 2026-04-15 | 7.7 High | ||
| A Directory Traversal vulnerability in KasmVNC 1.3.1.230e50f7b89663316c70de7b0e3db6f6b9340489 and possibly earlier versions allows remote authenticated attackers to browse parent directories and read the content of files outside the scope of the application. | ||||
| CVE-2024-38456 | 1 Vivavis | 1 High-leit | 2026-04-15 | 7.8 High |
| HIGH-LEIT V05.08.01.03 and HIGH-LEIT V04.25.00.00 to 4.25.01.01 for Windows from Vivavis contain an insecure file and folder permissions vulnerability in prunsrv.exe. A regular user (non-admin) can exploit the weak folder and file permissions to escalate privileges and execute arbitrary code in the context of NT AUTHORITY\SYSTEM. | ||||
| CVE-2024-38471 | 1 Tp-link | 5 Archer Airr5 Firmware, Archer Ax3000 Firmware, Archer Ax5400 Firmware and 2 more | 2026-04-15 | 6.8 Medium |
| Multiple TP-LINK products allow a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by restoring a crafted backup file. The affected device, with the initial configuration, allows login only from the LAN port or Wi-Fi. | ||||
| CVE-2024-38480 | 2026-04-15 | 4 Medium | ||
| "Piccoma" App for Android and iOS versions prior to 6.20.0 uses a hard-coded API key for an external service, which may allow a local attacker to obtain the API key. Note that the users of the app are not directly affected by this vulnerability. | ||||
| CVE-2024-3849 | 2026-04-15 | 8.8 High | ||
| The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-38491 | 2026-04-15 | N/A | ||
| The vulnerability allows an unauthenticated attacker to read arbitrary information from the database. | ||||