Search Results (364861 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-64508 1 Bugsink 1 Bugsink 2026-04-15 7.5 High
Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.5, brotli "bombs" (highly compressed brotli streams, such as many zeros) can be sent to the server. Since the server will attempt to decompress these streams before applying various maximums, this can lead to exhaustion of the available memory and thus a Denial of Service. This can be done if the `DSN` is known, which it is in many common setups (JavaScript, Mobile Apps). The issue is patched in Bugsink version `2.0.5`. The vulnerability is similar to, but distinct from, another brotli-related problem in Bugsink, GHSA-rrx3-2x4g-mq2h/CVE-2025-64509.
CVE-2024-23847 1 Yokogawa Rental Lease Corporation 1 Unifier 2026-04-15 5.9 Medium
Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVE-2024-2384 2026-04-15 4.3 Medium
The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id
CVE-2025-9214 1 Lenovo 1 Printer 2026-04-15 5.4 Medium
A missing authentication vulnerability was reported in some Lenovo printers that could allow a user to view limited device information or modify network settings via the CUPS service.
CVE-2024-23774 2026-04-15 7.8 High
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An unquoted Windows search path vulnerability exists in the KSchedulerSvc.exe and AMPTools.exe components. This allows local attackers to execute code of their choice with NT Authority\SYSTEM privileges.
CVE-2024-23772 2026-04-15 6.6 Medium
An issue was discovered in Quest KACE Agent for Windows 12.0.38 and 13.1.23.0. An Arbitrary file create vulnerability exists in the KSchedulerSvc.exe, KUserAlert.exe, and Runkbot.exe components. This allows local attackers to create any file of their choice with NT Authority\SYSTEM privileges.
CVE-2025-52338 2026-04-15 5.3 Medium
An issue in the default configuration of the password reset function in LogicData eCommerce Framework v5.0.9.7000 allows attackers to bypass authentication and compromise user accounts via a bruteforce attack.
CVE-2024-23765 2026-04-15 4 Medium
An issue was discovered on HMS Anybus X-Gateway AB7832-F 3 devices. The gateway exposes an unidentified service on port 7412 on the network. All the network services of the gateway become unresponsive after sending 85 requests to this port. The content and length of the frame does not matter. The device needs to be restarted to resume operations.
CVE-2024-23736 3 Bitbucket, Confluence, Jira 3 Snotify, Snotify, Snotify 2026-04-15 8.8 High
Cross Site Request Forgery (CSRF) vulnerability in savignano S/Notify before 4.0.2 for Confluence allows attackers to manipulate a user's S/MIME certificate of PGP key via malicious link or email.
CVE-2024-37124 2026-04-15 9.8 Critical
Use of potentially dangerous function issue exists in Ricoh Streamline NX PC Client. If this vulnerability is exploited, an attacker may create an arbitrary file in the PC where the product is installed.
CVE-2024-23727 1 Kamivision 1 Yi Iot 2026-04-15 8.4 High
The YI Smart Kami Vision com.kamivision.yismart application through 1.0.0_20231219 for Android allows a remote attacker to execute arbitrary JavaScript code via an implicit intent to the com.ants360.yicamera.activity.WebViewActivity component.
CVE-2024-2371 2026-04-15 6.2 Medium
Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials.
CVE-2024-2363 1 Aol 1 Aim Triton 2026-04-15 5.3 Medium
** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2024-23593 2026-04-15 6.7 Medium
A vulnerability was reported in a system recovery bootloader that was part of the Lenovo preloaded Windows 7 and 8 operating systems from 2012 to 2014 that could allow a privileged attacker with local access to modify the boot manager and escalate privileges.
CVE-2024-23592 2026-04-15 6.3 Medium
An authentication bypass vulnerability was reported in Lenovo devices with Synaptics fingerprint readers that could allow an attacker with physical access to replay fingerprints and bypass Windows Hello authentication.
CVE-2024-23589 2026-04-15 6.8 Medium
Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs
CVE-2025-10460 1 Beims 1 Contractorweb.net 2026-04-15 N/A
A SQL Injection vulnerability on an endpoint in BEIMS Contractor Web, a legacy product that is no longer maintained or patched by the vendor, allows an unauthorised user to retrieve sensitive database contents via unsanitized parameter input. This vulnerability occurs due to improper input validation on /BEIMSWeb/contractor.asp endpoint and successful exploitation requires a contractor.asp endpoint open to the internet. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity and potentially the availability of the database.  Version 5.7.139  has been confirmed as vulnerable. Other versions have not been confirmed by the vendor and users should assume that all versions of BEIMS Contractor Web may be impacted until further guidance is provided by the vendor.
CVE-2024-32394 1 Ruijie 1 Rg-rsr10-01g-t\(wa\)-s 2026-04-15 8.8 High
An issue in ruijie.com/cn RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 and RG-RSR10-01G-T(WA)-S RSR_3.0(1)B9P2_RSR10-01G-TW-S_07150910 allows a remote attacker to execute arbitrary code via a crafted HTTP request.
CVE-2024-23580 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 6.5 Medium
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of One-Time Passwords (OTPs). This could allow an attacker with access to the database to recover some or all encrypted values.
CVE-2024-23579 1 Hcl Software 1 Dryice Optibot Reset Station 2026-04-15 6.5 Medium
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values.