Search Results (364862 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-22436 2026-04-15 6.5 Medium
A security vulnerability in HPE IceWall Agent products could be exploited remotely to cause a denial of service.
CVE-2024-22405 2026-04-15 5.5 Medium
XADMaster is an objective-C library for archive and file unarchiving and extraction. When extracting a specially crafted zip archive XADMaster may not apply quarantine attribute correctly. Such behaviour may circumvent Gatekeeper checks on the system. Only macOS installations are affected. This issue was fixed in XADMaster 1.10.8. It is recommended to upgrade to the latest version. There are no known workarounds for this issue.
CVE-2024-22398 1 Sonicwall 1 Email Security 2026-04-15 4.9 Medium
An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system.
CVE-2024-22590 1 Ptrd 1 Kwik 2026-04-15 9.1 Critical
The TLS engine in Kwik commit 745fd4e2 does not track the current state of the connection. This vulnerability can allow Client Hello messages to be overwritten at any time, including after a connection has been established.
CVE-2024-21935 1 Amd 2 Instinct Mi300x, Satellite Management Controller 2026-04-15 5 Medium
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfish® API commands to remove files from the local root directory, potentially resulting in data corruption.
CVE-2025-9115 2 Etsy Shop Project, Wordpress 2 Etsy Shop, Wordpress 2026-04-15 5.6 Medium
The Etsy Shop WordPress plugin before 3.0.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers.
CVE-2024-56966 2026-04-15 6.5 Medium
An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link.
CVE-2025-9119 1 Netis-systems 2 Wf2419, Wf2419 Firmware 2026-04-15 2.4 Low
A vulnerability was determined in Netis WF2419 1.2.29433. This vulnerability affects unknown code of the file /index.htm of the component Wireless Settings Page. This manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2025-9121 1 Hitachi 2 Vantara Pentaho Business Analytics Server, Vantara Pentaho Data Integration And Analytics 2026-04-15 8.8 High
Pentaho Data Integration and Analytics Community Dashboard Editor plugin versions before 10.2.0.4, including 9.3.0.x and 8.3.x, deserialize untrusted JSON data without constraining the parser to approved classes and methods.
CVE-2024-2197 2026-04-15 4.3 Medium
The Chirp Access app contains a hard-coded password, BEACON_PASSWORD. An attacker within Bluetooth range could change configuration settings within the Bluetooth beacon, effectively disabling the application's ability to notify users when they are near a Beacon-enabled access point. This variable cannot be used to change the configuration settings of the door readers or locksets and does not affect the ability for authorized users of the mobile application to lock or unlock access points.
CVE-2024-5201 2026-04-15 8.8 High
Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another user via HTTP Request
CVE-2025-40804 1 Siemens 1 Simatic 2026-04-15 9.1 Critical
A vulnerability has been identified in SIMATIC Virtualization as a Service (SIVaaS) (All versions). The affected application exposes a network share without any authentication. This could allow an attacker to access or alter sensitive data without proper authorization.
CVE-2024-5202 2026-04-15 7.7 High
Arbitrary File Read in OpenText Dimensions RM allows authenticated users to read files stored on the server via webservices
CVE-2025-42917 1 Sap 1 Fiori 2026-04-15 6.5 Medium
SAP HCM Approve Timesheets Fiori 2.0 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. This issue has a significant impact on the application's integrity, while confidentiality and availability remain unaffected.
CVE-2024-11810 2026-04-15 6.1 Medium
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
CVE-2024-21979 2026-04-15 5.3 Medium
An out of bounds write vulnerability in the AMD Radeon™ user mode driver for DirectX® 11 could allow an attacker with access to a malformed shader to potentially achieve arbitrary code execution.
CVE-2024-2740 2026-04-15 7.7 High
Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface.
CVE-2024-22002 2026-04-15 7.8 High
CORSAIR iCUE 5.9.105 with iCUE Murals on Windows allows unprivileged users to insert DLL files in the cuepkg-1.2.6 subdirectory of the installation directory.
CVE-2025-64074 1 Shenzhen Zhibotong Electronics 1 Zbt We2001 2026-04-15 5.3 Medium
A path-traversal vulnerability in the logout functionality of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to delete arbitrary files on the host by supplying a crafted session cookie value.
CVE-2025-64075 1 Shenzhen Zhibotong Electronics 1 Zbt We2001 2026-04-15 10 Critical
A path traversal vulnerability in the check_token function of Shenzhen Zhibotong Electronics ZBT WE2001 23.09.27 allows remote attackers to bypass authentication and perform administrative actions by supplying a crafted session cookie value.