Search Results (363099 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-24922 2026-04-15 8.8 High
A stack-based buffer overflow vulnerability exists in the securebio_identify functionality of Dell ControlVault3 prior to 5.15.10.14 and Dell ControlVault3 Plus prior to 6.2.26.36. A specially crafted malicious cv_object can lead to a arbitrary code execution. An attacker can issue an API call to trigger this vulnerability.
CVE-2024-57261 1 Pengutronix 1 Barebox 2026-04-15 7.1 High
In barebox before 2025.01.0, request2size in common/dlmalloc.c has an integer overflow, a related issue to CVE-2024-57258.
CVE-2024-34786 2026-04-15 4.8 Medium
UniFi iOS app 10.15.0 introduces a misconfiguration on 2nd Generation UniFi Access Points configured as standalone (not using UniFi Network Application) that could cause the SSID name to change and/or the WiFi Password to be removed on the 5GHz Radio. This vulnerability is fixed in UniFi iOS app 10.15.2 and later.
CVE-2024-31852 2026-04-15 5.9 Medium
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack, and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low, because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So, if this function is covered by any testing, the miscompile is most likely to be discovered before the binary is shipped to production."
CVE-2025-30074 1 Parallels 1 Parallels Desktop 2026-04-15 7.8 High
Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.
CVE-2024-31851 1 Cdata 1 Sync 2026-04-15 8.6 High
A path traversal vulnerability exists in the Java version of CData Sync < 23.4.8843 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
CVE-2024-31850 1 Cdata 1 Arc 2026-04-15 8.6 High
A path traversal vulnerability exists in the Java version of CData Arc < 23.4.8839 when running using the embedded Jetty server, which could allow an unauthenticated remote attacker to gain access to sensitive information and perform limited actions.
CVE-2024-3184 1 Embedthis 1 Goahead 2026-04-15 5.9 Medium
Multiple CWE-476 NULL Pointer Dereference vulnerabilities were found in GoAhead Web Server up to version 6.0.0 when compiled with the ME_GOAHEAD_REPLACE_MALLOC flag. Without a memory notifier for allocation failures, remote attackers can exploit these vulnerabilities by sending malicious requests, leading to a crash and Denial of Service (DoS).
CVE-2025-6109 2026-04-15 4.3 Medium
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-29870 2026-04-15 7.5 High
Missing authentication for critical function vulnerability exists in Wi-Fi AP UNIT 'AC-WPS-11ac series'. If exploited, a remote unauthenticated attacker may obtain the product configuration information including authentication information.
CVE-2025-12286 1 Veepn 1 Veepn 2026-04-15 7 High
A weakness has been identified in VeePN up to 1.6.2. This affects an unknown function of the file C:\Program Files (x86)\VeePN\avservice\avservice.exe of the component AVService. This manipulation causes unquoted search path. The attack requires local access. A high degree of complexity is needed for the attack. The exploitability is reported as difficult. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-1228 1 Olajowon 1 Loggrove 2026-04-15 4.3 Medium
A vulnerability classified as problematic has been found in olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6. Affected is an unknown function of the file /read/?page=1&logfile=LOG_Monitor of the component Logfile Update Handler. The manipulation of the argument path leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVE-2024-34758 2 Wordpress, Wpmet 2 Wordpress, Wp Fundraising Donation And Crowdfunding Platform 2026-04-15 5.3 Medium
Missing Authorization vulnerability in Wpmet WP Fundraising Donation and Crowdfunding Platform.This issue affects WP Fundraising Donation and Crowdfunding Platform: from n/a through 1.6.4.
CVE-2024-31802 2026-04-15 6.3 Medium
DESIGNA ABACUS v.18 and before allows an attacker to bypass the payment process via a crafted QR code.
CVE-2024-31801 1 Nexsys-one 1 Nexsys-one 2026-04-15 7.5 High
Directory Traversal vulnerability in NEXSYS-ONE before v.Rev.15320 allows a remote attacker to obtain sensitive information via a crafted request.
CVE-2024-13514 1 Wordpress 1 Wordpress 2026-04-15 4.3 Medium
The B Slider- Gutenberg Slider Block for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.5 via the 'bsb-slider' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private posts that they should not have access to.
CVE-2024-31757 1 Terabyte Unlimited 1 Image 2026-04-15 7.8 High
An issue in TeraByte Unlimited Image for Windows v.3.64.0.0 and before and fixed in v.4.0.0.0 allows a local attacker to escalate privileges via the TBOFLHelper64.sys and TBOFLHelper.sys component.
CVE-2024-31714 1 Waxlab 1 Wax 2026-04-15 7.5 High
Buffer Overflow vulnerability in Waxlab wax v.0.9-3 and before allows an attacker to cause a denial of service via the Lua library component.
CVE-2024-31684 2026-04-15 3.5 Low
Incorrect access control in the fingerprint authentication mechanism of Bitdefender Mobile Security v4.11.3-gms allows attackers to bypass fingerprint authentication due to the use of a deprecated API.
CVE-2025-11674 2026-04-15 6.8 Medium
SOOP-CLM developed by PiExtract has a Server-Side Request Forgery vulnerability, allowing privileged remote attackers to read server files or probe internal network information.