Export limit exceeded: 345222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 345222 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345222 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-24921 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 4.8 Medium |
| Address read vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. | ||||
| CVE-2026-2011 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A vulnerability was found in itsourcecode Student Management System 1.0. The affected element is an unknown function of the file /ramonsys/enrollment/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used. | ||||
| CVE-2026-24922 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.9 Medium |
| Buffer overflow vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24923 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.3 Medium |
| Permission control vulnerability in the HDC module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24929 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Out-of-bounds read vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24930 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 8.4 High |
| UAF concurrency vulnerability in the graphics module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-24931 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24916 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 5.9 Medium |
| Identity authentication bypass vulnerability in the window module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24919 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 6 Medium |
| Out-of-bounds write vulnerability in the DFX module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2026-2012 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A vulnerability was determined in itsourcecode Student Management System 1.0. The impacted element is an unknown function of the file /ramonsys/facultyloading/index.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. | ||||
| CVE-2026-24924 | 1 Huawei | 1 Harmonyos | 2026-04-17 | 6.1 Medium |
| Vulnerability of improper permission control in the print module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2026-24927 | 1 Huawei | 2 Emui, Harmonyos | 2026-04-17 | 5.5 Medium |
| Out-of-bounds access vulnerability in the frequency modulation module. Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-0456 | 1 Gitlab | 1 Gitlab | 2026-04-17 | 4.3 Medium |
| An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project | ||||
| CVE-2023-6955 | 1 Gitlab | 1 Gitlab | 2026-04-17 | 6.6 Medium |
| A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group. | ||||
| CVE-2026-2014 | 1 Itsourcecode | 2 School Management System, Student Management System | 2026-04-17 | 7.3 High |
| A security flaw has been discovered in itsourcecode Student Management System 1.0. This impacts an unknown function of the file /ramonsys/billing/index.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks. | ||||
| CVE-2026-2015 | 1 Portabilis | 1 I-educar | 2026-04-17 | 6.3 Medium |
| A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2017 | 1 Ip-com | 2 W30ap, W30ap Firmware | 2026-04-17 | 9.8 Critical |
| A vulnerability was detected in IP-COM W30AP up to 1.0.0.11(1340). Affected by this issue is the function R7WebsSecurityHandler of the file /goform/wx3auth of the component POST Request Handler. The manipulation of the argument data results in stack-based buffer overflow. The attack may be performed from remote. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2026-2055 | 2 D-link, Dlink | 6 Dir-605l, Dir-619l, Dir-605l and 3 more | 2026-04-17 | 5.3 Medium |
| A weakness has been identified in D-Link DIR-605L and DIR-619L 2.06B01/2.13B01. The affected element is an unknown function of the component DHCP Client Information Handler. Executing a manipulation can lead to information disclosure. The attack may be launched remotely. The exploit has been made available to the public and could be used for attacks. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2026-1337 | 1 Neo4j | 3 Community Edition, Enterprise Edition, Neo4j | 2026-04-17 | 5.4 Medium |
| Insufficient escaping of unicode characters in query log in Neo4j Enterprise and Community editions prior to 2026.01 can lead to XSS if the user opens the logs in a tool that treats them as HTML. There is no security impact on Neo4j products, but this advisory is released as a precaution to treat the logs as plain text if using versions prior to 2026.01. Proof of concept exploit: https://github.com/JoakimBulow/CVE-2026-1337 | ||||
| CVE-2026-2103 | 1 Infor | 1 Syteline Erp | 2026-04-17 | 7.1 High |
| Infor SyteLine ERP uses hard-coded static cryptographic keys to encrypt stored credentials, including user passwords, database connection strings, and API keys. The encryption keys are identical across all installations. An attacker with access to the application binary and database can decrypt all stored credentials. | ||||