Export limit exceeded: 18659 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 18570 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25729 | 2026-04-15 | 8.8 High | ||
| Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.) | ||||
| CVE-2024-25737 | 2026-04-15 | 6.1 Medium | ||
| A Server-Side Request Forgery (SSRF) vulnerability in the /Cover/Show route (showAction in CoverController.php) in Open Library Foundation VuFind 2.4 through 9.1 before 9.1.1 allows remote attackers to access internal HTTP servers and perform Cross-Site Scripting (XSS) attacks by proxying arbitrary URLs via the proxy GET parameter. | ||||
| CVE-2024-25738 | 1 Openlibraryfoundation | 1 Vufind | 2026-04-15 | 9.1 Critical |
| A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini. | ||||
| CVE-2024-25742 | 1 Redhat | 2 Enterprise Linux, Rhel Eus | 2026-04-15 | 6.5 Medium |
| In the Linux kernel before 6.9, an untrusted hypervisor can inject virtual interrupt 29 (#VC) at any point in time and can trigger its handler. This affects AMD SEV-SNP and AMD SEV-ES. | ||||
| CVE-2024-25743 | 2 Linux, Redhat | 3 Kernel, Enterprise Linux, Rhel Eus | 2026-04-15 | 7.1 High |
| In the Linux kernel through 6.9, an untrusted hypervisor can inject virtual interrupts 0 and 14 at any point in time and can trigger the SIGFPE signal handler in userspace applications. This affects AMD SEV-SNP and AMD SEV-ES. | ||||
| CVE-2024-25825 | 1 Fydeos | 2 Fydeos, Openfyde | 2026-04-15 | 9.8 Critical |
| FydeOS for PC 17.1 R114, FydeOS for VMware 17.0 R114, FydeOS for You 17.1 R114, and OpenFyde R114 were discovered to be configured with the root password saved as a wildcard. This allows attackers to gain root access without a password. | ||||
| CVE-2024-25864 | 1 Friendica | 1 Friendica | 2026-04-15 | 9.1 Critical |
| Server Side Request Forgery (SSRF) vulnerability in Friendica versions after v.2023.12, allows a remote attacker to execute arbitrary code and obtain sensitive information via the fpostit.php component. | ||||
| CVE-2024-25883 | 2026-04-15 | 5.3 Medium | ||
| The mstatus register in RSD commit 3d13a updates incorrectly, leading to processing errors. | ||||
| CVE-2024-25885 | 1 Xhtml2pdf | 1 Xhtml2pdf | 2026-04-15 | 7.5 High |
| An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string. | ||||
| CVE-2024-25906 | 2026-04-15 | 4.3 Medium | ||
| Authentication Bypass by Spoofing vulnerability in WP Happy Coders Comments Like Dislike allows Functionality Bypass.This issue affects Comments Like Dislike: from n/a through 1.2.2. | ||||
| CVE-2024-25939 | 2026-04-15 | 6 Medium | ||
| Mirrored regions with different values in 3rd Generation Intel(R) Xeon(R) Scalable Processors may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-25972 | 1 Atsumi | 1 Oet-213h-bts1 | 2026-04-15 | 8.3 High |
| Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product. | ||||
| CVE-2024-25975 | 1 Hawki | 1 Hawki | 2026-04-15 | 6.5 Medium |
| The application implements an up- and downvote function which alters a value within a JSON file. The POST parameters are not filtered properly and therefore an arbitrary file can be overwritten. The file can be controlled by an authenticated attacker, the content cannot be controlled. It is possible to overwrite all files for which the webserver has write access. It is required to supply a relative path (path traversal). | ||||
| CVE-2024-25976 | 2026-04-15 | 6.1 Medium | ||
| When LDAP authentication is activated in the configuration it is possible to obtain reflected XSS execution by creating a custom URL that the victim only needs to open in order to execute arbitrary JavaScript code in the victim's browser. This is due to a fault in the file login.php where the content of "$_SERVER['PHP_SELF']" is reflected into the HTML of the website. Hence the attacker does not need a valid account in order to exploit this issue. | ||||
| CVE-2024-25977 | 2026-04-15 | 7.3 High | ||
| The application does not change the session token when using the login or logout functionality. An attacker can set a session token in the victim's browser (e.g. via XSS) and prompt the victim to log in (e.g. via a redirect to the login page). This results in the victim's account being taken over. | ||||
| CVE-2024-26017 | 1 Intel | 1 Rendering Toolkit Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-26018 | 2026-04-15 | 6.1 Medium | ||
| Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | ||||
| CVE-2024-26021 | 2026-04-15 | 2.3 Low | ||
| Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2024-26024 | 1 Subnet | 1 Substation Server | 2026-04-15 | 8.4 High |
| SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in Substation Server. | ||||
| CVE-2024-2617 | 1 Hitachienergy | 1 Rtu500 Firmware | 2026-04-15 | 7.2 High |
| A vulnerability exists in the RTU500 that allows for authenticated and authorized users to bypass secure update, if secure update feature was not enabled on all CMUs of a RTU500. If a malicious actor successfully exploits this vulnerability, they could use it to update the RTU500 with unsigned firmware. | ||||