Search Results (366632 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-51419 1 Shenzhen Interconnection Harbor Network Technology 1 Ofweek Online Exhibition 2026-04-15 6.1 Medium
Cross Site Scripting vulnerability in Shenzhen Interconnection Harbor Network Technology Co., Ltd Ofweek Online Exhibition v.1.0.0 allows a remote attacker to execute arbitrary code.
CVE-2024-51398 1 Altaitechnologies 1 Ix500 Firmware 2026-04-15 6.5 Medium
Altai Technologies Ltd Altai X500 Indoor 22 802.11ac Wave 2 AP web Management Weak password leakage in the background may lead to unauthorized access, data theft, and network attacks, seriously threatening network security.
CVE-2024-58101 2026-04-15 8.1 High
Samsung Galaxy Buds and Galaxy Buds 2 audio devices are Bluetooth pairable by default without user input nor a way to stop this mode. As a consequence, audio playback takeover or even microphone recording without user consent or notification is achieved. Note: This is considered a low severity vulnerability by the vendor.
CVE-2024-5810 1 Wp2speed 1 Wp2speed 2026-04-15 5.3 Medium
The WP2Speed Faster – Optimize PageSpeed Insights Score 90-100 plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 1.0.1. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible for unauthenticated attackers to overwrite CSS, update the trial settings, purge the cache, and find attachments.
CVE-2024-51364 1 Gelcon 1 Modbusmechanic 2026-04-15 8.8 High
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file.
CVE-2024-53615 2026-04-15 6.5 Medium
A command injection vulnerability in the video thumbnail rendering component of Karl Ward's files.gallery v0.3.0 through 0.11.0 allows remote attackers to execute arbitrary code via a crafted video file.
CVE-2024-5803 1 Avg 1 Avg Anti-virus 2026-04-15 7.5 High
The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled.
CVE-2024-51132 2 Fhir, Redhat 3 Hapi Fhir, Apache Camel Spring Boot, Camel Quarkus 2026-04-15 9.8 Critical
An XML External Entity (XXE) vulnerability in HAPI FHIR before v6.4.0 allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing malicious XML entities.
CVE-2024-35671 2 Minoji, Wordpress 2 Mj Update History, Wordpress 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Minoji MJ Update History.This issue affects MJ Update History: from n/a through 1.0.4.
CVE-2024-57970 1 Redhat 1 Enterprise Linux 2026-04-15 4 Medium
libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname.
CVE-2025-8904 1 Amazon 1 Emr 2026-04-15 8.5 High
Amazon EMR Secret Agent creates a keytab file containing Kerberos credentials. This file is stored in the /tmp/ directory. A user with access to this directory and another account can potentially decrypt the keys and escalate to higher privileges. Users are advised to upgrade to Amazon EMR version 7.5 or higher. For Amazon EMR releases between 6.10 and 7.4, we strongly recommend that you run the bootstrap script and RPM files with the fix provided in the location below.
CVE-2024-51026 1 Netadmin 1 Netadmin 2026-04-15 5.4 Medium
The NetAdmin IAM system (version 4.0.30319) has a Cross Site Scripting (XSS) vulnerability in the /BalloonSave.ashx endpoint, where it is possible to inject a malicious payload into the Content= field.
CVE-2024-34405 2026-04-15 9.1 Critical
Improper deep link validation in McAfee Security: Antivirus VPN for Android before 8.3.0 could allow an attacker to launch an arbitrary URL within the app.
CVE-2024-50955 1 Xinje 1 Xd5e-24r-e Firmware 2026-04-15 7.5 High
An issue in how XINJE XD5E-24R and XL5E-16T v3.5.3b handles TCP protocol messages allows attackers to cause a Denial of Service (DoS) via a crafted TCP message.
CVE-2024-5786 2026-04-15 6.5 Medium
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1_v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated.
CVE-2024-34035 2026-04-15 5.7 Medium
An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp.
CVE-2024-57784 2026-04-15 5.5 Medium
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal.
CVE-2024-32146 2026-04-15 4.3 Medium
Missing Authorization vulnerability in Aspose.Cloud Marketplace Aspose.Words Exporter.This issue affects Aspose.Words Exporter: from n/a through 6.3.1.
CVE-2024-57782 2026-04-15 6.8 Medium
An issue in Docker-proxy v18.09.0 allows attackers to cause a denial of service.
CVE-2024-25738 1 Openlibraryfoundation 1 Vufind 2026-04-15 9.1 Critical
A Server-Side Request Forgery (SSRF) vulnerability in the /Upgrade/FixConfig route in Open Library Foundation VuFind 2.0 through 9.1 before 9.1.1 allows a remote attacker to overwrite local configuration files to gain access to the administrator panel and achieve Remote Code Execution. A mitigating factor is that it requires the allow_url_include PHP runtime setting to be on, which is off in default installations. It also requires the /Upgrade route to be exposed, which is exposed by default after installing VuFind, and is recommended to be disabled by setting autoConfigure to false in config.ini.