Search Results (364541 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-27574 1 Trainme Acadamy 1 Ichin 2026-04-15 9.1 Critical
SQL Injection vulnerability in Trainme Academy version Ichin v.1.3.2 allows a remote attacker to obtain sensitive information via the informacion, idcurso, and tit parameters.
CVE-2024-27357 2026-04-15 5.8 Medium
An issue was discovered in WithSecure Elements Agent through 23.x for macOS, WithSecure Elements Client Security through 23.x for macOS, and WithSecure MDR through 23.x for macOS. Local Privilege Escalation can occur during installations or updates by admins.
CVE-2024-3130 2026-04-15 5.7 Medium
Hard-coded Credentials in CoolKit eWeLlink app are before 5.4.x on Android and IOS allows local attacker to unauthorized access to sensitive data via Decryption algorithm and key obtained after decompiling app
CVE-2024-2730 1 Mautic 1 Mautic 2026-04-15 5.3 Medium
Mautic uses predictable page indices for unpublished landing pages, their content can be accessed by unauthenticated users under public preview URLs which could expose sensitive data. At the time of publication of the CVE no patch is available
CVE-2024-2639 2026-04-15 4.3 Medium
A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-26369 1 Eprosima 1 Fast Dds 2026-04-15 7.5 High
An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data.
CVE-2025-9395 1 Wangsongyan 1 Wblog 2026-04-15 6.3 Medium
A vulnerability was identified in wangsongyan wblog 0.0.1. This affects the function RestorePost of the file backup.go. Such manipulation of the argument fileName leads to server-side request forgery. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-27200 2026-04-15 4.4 Medium
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
CVE-2021-27702 1 Sercomm 1 S3-ac2100 Firmware 2026-04-15 7.3 High
Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard.
CVE-2024-2635 2026-04-15 7.3 High
The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality
CVE-2024-26331 2026-04-15 7.5 High
ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass the authentication mechanism by modifying the cookie to contain an expected value.
CVE-2024-27177 1 Toshibatec 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more 2026-04-15 7.2 High
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying package name variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
CVE-2024-2633 2026-04-15 6.1 Medium
A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E&params'.
CVE-2024-27176 1 Toshibatec 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more 2026-04-15 7.2 High
An attacker can get Remote Code Execution by overwriting files. Overwriting files is enable by falsifying session ID variable. This vulnerability can be executed in combination with other vulnerabilities and difficult to execute alone. So, the CVSS score for this vulnerability alone is lower than the score listed in the "Base Score" of this vulnerability. For detail on related other vulnerabilities, please ask to the below contact point. https://www.toshibatec.com/contacts/products/ As for the affected products/models/versions, see the reference URL.
CVE-2024-26329 1 Chilkatsoft 1 Chilkat 2026-04-15 6.2 Medium
Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function.
CVE-2025-9381 1 Fnkvision 1 Y215 Cctv Camera 2026-04-15 1.6 Low
A security flaw has been discovered in FNKvision Y215 CCTV Camera 10.194.120.40. This affects an unknown part of the file /tmp/wpa_supplicant.conf. Performing manipulation results in information disclosure. The attack may be carried out on the physical device. The attack's complexity is rated as high. It is indicated that the exploitability is difficult. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2752 2026-04-15 5.5 Medium
The Where Did You Hear About Us Checkout Field for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via order meta in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
CVE-2024-2632 2026-04-15 7.5 High
A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET '/sitetest/english/dumpenv.jsp'.
CVE-2024-27165 1 Toshibatec 50 E-studio-2010-ac, E-studio-2015-nc, E-studio-2018 A and 47 more 2026-04-15 7.8 High
Toshiba printers contain a suidperl binary and it has a Local Privilege Escalation vulnerability. A local attacker can get root privileges. As for the affected products/models/versions, see the reference URL.
CVE-2024-25581 1 Powerdns 1 Dnsdist 2026-04-15 7.5 High
When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default.