Export limit exceeded: 364098 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 21088 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 46047 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46047 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10253 | 2026-04-15 | 4.7 Medium | ||
| A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | ||||
| CVE-2024-10239 | 2026-04-15 | 7.2 High | ||
| A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld. | ||||
| CVE-2024-6351 | 2026-04-15 | 4.3 Medium | ||
| A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert | ||||
| CVE-2024-58293 | 1 Akaunting | 1 Akaunting | 2026-04-15 | N/A |
| Akaunting 3.1.8 contains a server-side template injection vulnerability that allows authenticated administrators to execute template expressions in multiple form input fields. Attackers can inject template payloads in items, taxes, transactions, and vendor name fields to perform arithmetic operations and string manipulations. | ||||
| CVE-2024-37305 | 1 Open Quantum Safe | 1 Oqs Provider | 2026-04-15 | 8.2 High |
| oqs-provider is a provider for the OpenSSL 3 cryptography library that adds support for post-quantum cryptography in TLS, X.509, and S/MIME using post-quantum algorithms from liboqs. Flaws have been identified in the way oqs-provider handles lengths decoded with DECODE_UINT32 at the start of serialized hybrid (traditional + post-quantum) keys and signatures. Unchecked length values are later used for memory reads and writes; malformed input can lead to crashes or information leakage. Handling of plain/non-hybrid PQ key operation is not affected. This issue has been patched in in v0.6.1. All users are advised to upgrade. There are no workarounds for this issue. | ||||
| CVE-2024-37310 | 1 Everest | 1 Everest-core | 2026-04-15 | 9.1 Critical |
| EVerest is an EV charging software stack. An integer overflow in the "v2g_incoming_v2gtp" function in the v2g_server.cpp implementation can allow a remote attacker to overflow the process' heap. This vulnerability is fixed in 2024.3.1 and 2024.6.0. | ||||
| CVE-2024-58299 | 2 Pcman, Wftpserver | 2 Ftp Server, Wing Ftp Server | 2026-04-15 | 9.8 Critical |
| PCMan FTP Server 2.0 contains a buffer overflow vulnerability in the 'pwd' command that allows remote attackers to execute arbitrary code. Attackers can send a specially crafted payload during the FTP login process to overwrite memory and potentially gain system access. | ||||
| CVE-2024-6245 | 2026-04-15 | 7.4 High | ||
| Use of Default Credentials vulnerability in Maruti Suzuki SmartPlay on Linux (Infotainment Hub modules) allows attacker to try common or default usernames and passwords.The issue was detected on a 2022 Maruti Suzuki Brezza in India Market. This issue affects SmartPlay: 66T0.05.50. | ||||
| CVE-2024-23168 | 1 Xiexe | 1 Xsoverlay | 2026-04-15 | 9.8 Critical |
| Vulnerability in Xiexe XSOverlay before build 647 allows non-local websites to send the malicious commands to the WebSocket API, resulting in the arbitrary code execution. | ||||
| CVE-2024-11166 | 2026-04-15 | N/A | ||
| For TCAS II systems using transponders compliant with MOPS earlier than RTCA DO-181F, an attacker can impersonate a ground station and issue a Comm-A Identity Request. This action can set the Sensitivity Level Control (SLC) to the lowest setting and disable the Resolution Advisory (RA), leading to a denial-of-service condition. | ||||
| CVE-2024-38443 | 1 The Algorithms | 1 C | 2026-04-15 | 6.2 Medium |
| C/sorting/binary_insertion_sort.c in The Algorithms - C through e5dad3f has a segmentation fault for deep recursion, which may affect common use cases such as sorting an array of 50 elements. | ||||
| CVE-2024-38389 | 1 Fujielectric | 2 Tellus, Tellus Lite | 2026-04-15 | 7.8 High |
| There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | ||||
| CVE-2024-57080 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the lib.install function of vxe-table v4.8.10 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-36440 | 1 Swissphone | 1 Dical-red | 2026-04-15 | 6.8 Medium |
| An issue was discovered on Swissphone DiCal-RED 4009 devices. An attacker with access to the file /etc/deviceconfig may recover the administrative device password via password-cracking methods, because unsalted MD5 is used. | ||||
| CVE-2024-57084 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the function lib.parse of dot-properties v1.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2024-57086 | 2026-04-15 | 7.5 High | ||
| A prototype pollution in the function fieldsToJson of node-opcua-alarm-condition v2.134.0 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | ||||
| CVE-2025-11279 | 1 Axosoft | 1 Scrum And Bug Tracking | 2026-04-15 | 5.5 Medium |
| A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. This issue affects some unknown processing of the component Add Work Item Page. The manipulation of the argument Title results in csv injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-52564 | 1 Iodata | 2 Ud-lt1\/ex Firmware, Ud-lt1 Firmware | 2026-04-15 | N/A |
| Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. | ||||
| CVE-2024-52798 | 2 Pillarjs, Redhat | 8 Path-to-regexp, Apache Camel Hawtio, Discovery and 5 more | 2026-04-15 | 5.3 Medium |
| path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. | ||||
| CVE-2024-53589 | 1 Gnu | 1 Binutils | 2026-04-15 | 8.4 High |
| GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. | ||||