Export limit exceeded: 351439 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (351439 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-8060 | 1 Open-webui | 1 Open-webui | 2026-04-15 | N/A |
| OpenWebUI version 0.3.0 contains a vulnerability in the audio API endpoint `/audio/api/v1/transcriptions` that allows for arbitrary file upload. The application performs insufficient validation on the `file.content_type` and allows user-controlled filenames, leading to a path traversal vulnerability. This can be exploited by an authenticated user to overwrite critical files within the Docker container, potentially leading to remote code execution as the root user. | ||||
| CVE-2024-8065 | 1 Danswer-ai | 1 Danswer | 2026-04-15 | N/A |
| A Cross-Site Request Forgery (CSRF) vulnerability in version v1.4.1 of danswer-ai/danswer allows attackers to perform unauthorized actions in the context of the victim's browser. This includes connecting the victim's application with a malicious Slack Bot, inviting users, and deleting chats, among other actions. The application does not implement any CSRF protection, making it susceptible to these attacks. | ||||
| CVE-2024-8067 | 1 Perforce | 1 Helix Core | 2026-04-15 | N/A |
| In versions of Helix Core prior to 2024.1 Patch 2 (2024.1/2655224) a Windows ANSI API Unicode "best fit" argument injection was identified. | ||||
| CVE-2024-8070 | 2026-04-15 | 8.5 High | ||
| CWE-312: Cleartext Storage of Sensitive Information vulnerability exists that exposes test credentials in the firmware binary | ||||
| CVE-2024-8074 | 2026-04-15 | N/A | ||
| Missing Authentication for Critical Function, Missing Authorization vulnerability in Nomysoft Informatics Nomysem allows Collect Data as Provided by Users.This issue affects Nomysem: before 13.10.2024. | ||||
| CVE-2024-8088 | 2 Python Software Foundation, Redhat | 2 Cpython, Enterprise Linux | 2026-04-15 | 5.3 Medium |
| There is a HIGH severity vulnerability affecting the CPython "zipfile" module affecting "zipfile.Path". Note that the more common API "zipfile.ZipFile" class is unaffected. When iterating over names of entries in a zip archive (for example, methods of "zipfile.Path" like "namelist()", "iterdir()", etc) the process can be put into an infinite loop with a maliciously crafted zip archive. This defect applies when reading only metadata or extracting the contents of the zip archive. Programs that are not handling user-controlled zip archives are not affected. | ||||
| CVE-2024-8097 | 1 Payara Platform | 1 Payara Server | 2026-04-15 | 4.2 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from 5.20.0 before 5.67.0, from 5.2020.2 before 5.2022.5, from 4.1.2.191.0 before 4.1.2.191.50. | ||||
| CVE-2024-8099 | 2 Duckdb, Vanna-ai | 2 Duckdb, Vanna | 2026-04-15 | N/A |
| A Server-Side Request Forgery (SSRF) vulnerability exists in the latest version of vanna-ai/vanna when using DuckDB as the database. An attacker can exploit this vulnerability by submitting crafted SQL queries that leverage DuckDB's default features, such as `read_csv`, `read_csv_auto`, `read_text`, and `read_blob`, to make unauthorized requests to internal or external resources. This can lead to unauthorized access to sensitive data, internal systems, and potentially further attacks. | ||||
| CVE-2024-8100 | 2026-04-15 | 8.7 High | ||
| On affected versions of the Arista CloudVision Portal (CVP on-prem), the time-bound device onboarding token can be used to gain admin privileges on CloudVision. | ||||
| CVE-2024-8110 | 1 Yokogawa | 1 Dual-redundant Platform For Computer \(pc2ckm\) | 2026-04-15 | 7.5 High |
| Denial of Service (DoS) vulnerability has been found in Dual-redundant Platform for Computer. If a computer on which the affected product is installed receives a large number of UDP broadcast packets in a short period, occasionally that computer may restart. If both the active and standby computers are restarted at the same time, the functionality on that computer may be temporarily unavailable. | ||||
| CVE-2024-8118 | 1 Grafana | 1 Grafana | 2026-04-15 | 4.7 Medium |
| In Grafana, the wrong permission is applied to the alert rule write API endpoint, allowing users with permission to write external alert instances to also write alert rules. | ||||
| CVE-2024-8125 | 2026-04-15 | N/A | ||
| Improper Validation of Specified Type of Input vulnerability in OpenText™ Content Management (Extended ECM) allows Parameter Injection. A bad actor with the required OpenText Content Management privileges (not root) could expose the vulnerability to carry out a remote code execution attack on the target system. This issue affects Content Management (Extended ECM): from 10.0 through 24.4 with WebReports module installed and enabled. | ||||
| CVE-2024-8159 | 1 Faronics | 1 Deep Freeze | 2026-04-15 | 6.4 Medium |
| Deep Freeze 9.00.020.5760 is vulnerable to an out-of-bounds read vulnerability by triggering the 0x70014 IOCTL code of the FarDisk.sys driver. | ||||
| CVE-2024-8161 | 1 Ciges | 1 Cigesv2 | 2026-04-15 | 9.8 Critical |
| SQL injection vulnerability in ATISolutions CIGES affecting versions lower than 2.15.5. This vulnerability allows a remote attacker to send a specially crafted SQL query to the /modules/ajaxServiciosCentro.php point in the idCentro parameter and retrieve all the information stored in the database. | ||||
| CVE-2024-8175 | 1 Codesys | 18 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 15 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker can causes the CODESYS web server to access invalid memory which results in a DoS. | ||||
| CVE-2024-8183 | 2026-04-15 | N/A | ||
| A CORS (Cross-Origin Resource Sharing) misconfiguration in prefecthq/prefect version 2.20.2 allows unauthorized domains to access sensitive data. This vulnerability can lead to unauthorized access to the database, resulting in potential data leaks, loss of confidentiality, service disruption, and data integrity risks. | ||||
| CVE-2024-8201 | 1 Hitachi | 1 Ops Center Analyzer | 2026-04-15 | 5.4 Medium |
| Cross-Site WebSocket Hijacking vulnerability in Hitachi Ops Center Analyzer (RAID Agent component).This issue affects Hitachi Ops Center Analyzer: from 10.8.0-00 before 11.0.4-00; Hitachi Ops Center Analyzer: from 10.9.0-00 before 11.0.4-00. | ||||
| CVE-2024-8232 | 1 Spidercontrol | 1 Scada Webserver | 2026-04-15 | 7.5 High |
| SpiderControl SCADA Web Server has a vulnerability that could allow an attacker to upload specially crafted malicious files without authentication. | ||||
| CVE-2024-8244 | 1 Golang | 1 Go | 2026-04-15 | 3.7 Low |
| The filepath.Walk and filepath.WalkDir functions are documented as not following symbolic links, but both functions are susceptible to a TOCTOU (time of check/time of use) race condition where a portion of the path being walked is replaced with a symbolic link while the walk is in progress. | ||||
| CVE-2024-8256 | 1 Teltonika-networks | 2 Rutos Devices, Tswos | 2026-04-15 | N/A |
| In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API. | ||||