Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351254 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2637 | 1 Br-automation | 6 Automation Runtime, Mapp Cockpit, Mapp View and 3 more | 2026-04-15 | 7.2 High |
| An Uncontrolled Search Path Element vulnerability in B&R Industrial Automation Scene Viewer, B&R Industrial Automation Automation Runtime, B&R Industrial Automation mapp Vision, B&R Industrial Automation mapp View, B&R Industrial Automation mapp Cockpit, B&R Industrial Automation mapp Safety, B&R Industrial Automation VC4, B&R Industrial Automation APROL, B&R Industrial Automation CAN Driver, B&R Industrial Automation CAN Driver CC770, B&R Industrial Automation CAN Driver SJA1000, B&R Industrial Automation Tou0ch Lock, B&R Industrial Automation B&R Single-Touch Driver, B&R Industrial Automation Serial User Mode Touch Driver, B&R Industrial Automation Windows Settings Changer (LTSC), B&R Industrial Automation Windows Settings Changer (2019 LTSC), B&R Industrial Automation Windows 10 Recovery Solution, B&R Industrial Automation ADI driver universal, B&R Industrial Automation ADI Development Kit, B&R Industrial Automation ADI .NET SDK, B&R Industrial Automation SRAM driver, B&R Industrial Automation HMI Service Center, B&R Industrial Automation HMI Service Center Maintenance, B&R Industrial Automation Windows 10 IoT Enterprise 2019 LTSC, B&R Industrial Automation KCF Editor could allow an authenticated local attacker to execute malicious code by placing specially crafted files in the loading search path..This issue affects Scene Viewer: before 4.4.0; Automation Runtime: before J4.93; mapp Vision: before 5.26.1; mapp View: before 5.24.2; mapp Cockpit: before 5.24.2; mapp Safety: before 5.24.2; VC4: before 4.73.2; APROL: before 4.4-01; CAN Driver: before 1.1.0; CAN Driver CC770: before 3.3.0; CAN Driver SJA1000: before 1.3.0; Tou0ch Lock: before 2.1.0; B&R Single-Touch Driver: before 2.0.0; Serial User Mode Touch Driver: before 1.7.1; Windows Settings Changer (LTSC): before 3.2.0; Windows Settings Changer (2019 LTSC): before 2.2.0; Windows 10 Recovery Solution: before 3.2.0; ADI driver universal: before 3.2.0; ADI Development Kit: before 5.5.0; ADI .NET SDK: before 4.1.0; SRAM driver: before 1.2.0; HMI Service Center: before 3.1.0; HMI Service Center Maintenance: before 2.1.0; Windows 10 IoT Enterprise 2019 LTSC: through 1.1; KCF Editor: before 1.1.0. | ||||
| CVE-2024-2639 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-26454 | 2026-04-15 | 5.4 Medium | ||
| A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. | ||||
| CVE-2024-26465 | 2026-04-15 | 6.1 Medium | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. | ||||
| CVE-2024-26504 | 1 Wifire | 1 Hotspot | 2026-04-15 | 8.8 High |
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | ||||
| CVE-2024-26507 | 1 Finalwire | 4 Aida64 Business, Aida64 Engineer, Aida64 Network Audit and 1 more | 2026-04-15 | 7.8 High |
| An issue in FinalWire AIRDA Extreme, AIDA64 Engineer, AIDA64 Business, AIDA64 Network Audit v.7.00.6700 and before allows a local attacker to escalate privileges via the DeviceIoControl call associated with MmMapIoSpace, IoAllocateMdl, MmBuildMdlForNonPagedPool, or MmMapLockedPages components. | ||||
| CVE-2024-26519 | 1 Casa Systems | 1 Ntc-221 Firmware | 2026-04-15 | 9 Critical |
| An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. | ||||
| CVE-2024-26520 | 1 Xiongwei Technology | 1 Restaurant Digital Comprehensive Management | 2026-04-15 | 9.8 Critical |
| An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | ||||
| CVE-2024-26521 | 1 Oscommerce | 1 Ce Phoenix | 2026-04-15 | 4.8 Medium |
| HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. | ||||
| CVE-2024-2653 | 1 Amphp | 2 Http, Http-client | 2026-04-15 | 8.2 High |
| amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. | ||||
| CVE-2024-2656 | 2026-04-15 | 4.4 Medium | ||
| The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a CSV import in all versions up to, and including, 5.7.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-2657 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.4 Medium |
| The Font Farsi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-26577 | 1 Emilianavt | 1 Vseeface | 2026-04-15 | 7.5 High |
| VSeeFace through 1.13.38.c2 allows attackers to cause a denial of service (application hang) via a spoofed UDP packet containing at least 10 digits in JSON data. | ||||
| CVE-2024-2658 | 1 Flexera | 1 Flexnet Publisher | 2026-04-15 | N/A |
| A misconfiguration in lmadmin.exe of FlexNet Publisher versions prior to 2024 R1 (11.19.6.0) allows the OpenSSL configuration file to load from a non-existent directory. An unauthorized, locally authenticated user with low privileges can potentially create the directory and load a specially crafted openssl.conf file leading to the execution of a malicious DLL (Dynamic-Link Library) with elevated privileges. | ||||
| CVE-2024-2661 | 2026-04-15 | 8.8 High | ||
| The Barcode Scanner and Inventory manager. POS (Point of Sale) – scan barcodes & create orders with barcode reader. plugin for WordPress is vulnerable to blind SQL Injection via the ‘currentIds’ parameter in all versions up to, and including, 1.5.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | ||||
| CVE-2024-2663 | 2026-04-15 | 8.3 High | ||
| The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
| CVE-2024-27455 | 2026-04-15 | 9.1 Critical | ||
| In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.04.04 and Assetwise Information Integrity Server 23.00.02.03. | ||||
| CVE-2024-2689 | 2026-04-15 | 4.4 Medium | ||
| Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server. | ||||
| CVE-2024-2693 | 1 Linkwhisper | 1 Link Whisper Free | 2026-04-15 | 8.8 High |
| The Link Whisper Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.7.1 via deserialization of untrusted input of the 'mfn-page-items' post meta value. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | ||||
| CVE-2024-27106 | 2026-04-15 | 5.7 Medium | ||
| Vulnerable data in transit in GE HealthCare EchoPAC products | ||||