Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-27707 | 2026-04-15 | 4.3 Medium | ||
| Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. | ||||
| CVE-2024-27709 | 1 Eskooly | 1 Web Product | 2026-04-15 | 9.8 Critical |
| SQL Injection vulnerability in Eskooly Web Product v.3.0 allows a remote attacker to execute arbitrary code via the searchby parameter of the allstudents.php component and the id parameter of the requestmanager.php component. | ||||
| CVE-2024-27716 | 1 Eskooly | 1 Web Product | 2026-04-15 | 5.4 Medium |
| Cross Site Scripting vulnerability in Eskooly Web Product v.3.0 and before allows a remote attacker to execute arbitrary code via the message sending and user input fields. | ||||
| CVE-2024-27718 | 1 Byzronetwork | 1 Management Platform | 2026-04-15 | 7.8 High |
| SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. | ||||
| CVE-2024-27733 | 1 Byzronetwork | 1 Management Platform | 2026-04-15 | 7.7 High |
| File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. | ||||
| CVE-2024-27758 | 1 Rpyc Project | 1 Rpyc | 2026-04-15 | 8.4 High |
| In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. | ||||
| CVE-2024-27763 | 2026-04-15 | 5.3 Medium | ||
| XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable. | ||||
| CVE-2024-27775 | 1 Sysaid | 1 Sysaid | 2026-04-15 | 7.2 High |
| SysAid before version 23.2.14 b18 - CWE-918: Server-Side Request Forgery (SSRF) may allow exposing the local OS user's NTLMv2 hash | ||||
| CVE-2024-27899 | 2026-04-15 | 8.8 High | ||
| Self-Registration and Modify your own profile in User Admin Application of NetWeaver AS Java does not enforce proper security requirements for the content of the newly defined security answer. This can be leveraged by an attacker to cause profound impact on confidentiality and low impact on both integrity and availability. | ||||
| CVE-2024-28759 | 2026-04-15 | 4.3 Medium | ||
| A crafted network packet may cause a buffer overrun in Wind River VxWorks 7 through 23.09. | ||||
| CVE-2024-27901 | 2026-04-15 | 7.2 High | ||
| SAP Asset Accounting could allow a high privileged attacker to exploit insufficient validation of path information provided by the users and pass it through to the file API's. Thus, causing a considerable impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2024-27908 | 2026-04-15 | 4.9 Medium | ||
| A buffer overflow vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in denial of service. | ||||
| CVE-2024-27909 | 2026-04-15 | 4.9 Medium | ||
| A denial of service vulnerability was reported in the HTTPS service of some Lenovo Printers that could result in a system reboot. | ||||
| CVE-2024-27910 | 2026-04-15 | 5.3 Medium | ||
| A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to reboot the printer without authentication. | ||||
| CVE-2024-27911 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2026-04-15 | 7.5 High |
| A vulnerability was reported in some Lenovo Printers that could allow an unauthenticated attacker to obtain the administrator password. | ||||
| CVE-2024-27912 | 1 Lenovo | 6 Lingxlang G262dn Firmware, Lingxlang G336dn Firmware, Lingxlang Gm265dn Firmware and 3 more | 2026-04-15 | 7.5 High |
| A denial of service vulnerability was reported in some Lenovo Printers that could allow an attacker to cause the device to crash by sending crafted LPD packets. | ||||
| CVE-2024-2793 | 2026-04-15 | 7.2 High | ||
| The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-2794 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.4 Medium |
| The Gutenberg Block Editor Toolkit – EditorsKit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'editorskit' shortcode in all versions up to, and including, 1.40.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. CVE-2024-32586 is likely a duplicate of this issue. | ||||
| CVE-2024-2796 | 1 Akana | 1 Akana Api Platform | 2026-04-15 | 9.3 Critical |
| A server-side request forgery (SSRF) was discovered in the Akana API Platform in versions prior to and including 2022.1.3. Reported by Jakob Antonsson. | ||||
| CVE-2024-2795 | 2 Looswebstudio, Wordpress | 2 Seo Simple Pack, Wordpress | 2026-04-15 | 5.3 Medium |
| The SEO SIMPLE PACK plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.2.1 via META description. This makes it possible for unauthenticated attackers to extract limited information about password protected posts. | ||||