Export limit exceeded: 345456 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345456 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-57964 | 2026-04-15 | 7.3 High | ||
| Insecure Loading of Dynamic Link Libraries have been discovered in HVAC Energy Saving Program, which could allow local attackers to potentially disclose information or execute arbitray code on affected systems. This issue affects HVAC Energy Saving Program:. | ||||
| CVE-2025-33214 | 2 Linux, Nvidia | 2 Linux, Nvtabular | 2026-04-15 | 8.8 High |
| NVIDIA NVTabular for Linux contains a vulnerability in the Workflow component, where a user could cause a deserialization issue. A successful exploit of this vulnerability might lead to code execution, denial of service, information disclosure, and data tampering. | ||||
| CVE-2025-3322 | 2026-04-15 | N/A | ||
| An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server. | ||||
| CVE-2024-57966 | 1 Kde | 1 Ark | 2026-04-15 | 5 Medium |
| libarchiveplugin.cpp in KDE ark before 24.12.0 can extract to an absolute path from an archive. | ||||
| CVE-2025-12954 | 2 Motopress, Wordpress | 2 Timetable And Event Schedule, Wordpress | 2026-04-15 | 2.7 Low |
| The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor. | ||||
| CVE-2025-33234 | 1 Nvidia | 1 Runx | 2026-04-15 | 7.8 High |
| NVIDIA runx contains a vulnerability where an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-8025 | 1 Dinosoft Business Solutions | 1 Dinosoft Erp | 2026-04-15 | 9.8 Critical |
| Missing Authentication for Critical Function, Improper Access Control vulnerability in Dinosoft Business Solutions Dinosoft ERP allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dinosoft ERP: from < 3.0.1 through 11022026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-57967 | 1 Cyberark | 1 Privileged Access Manager | 2026-04-15 | 4.2 Medium |
| PVWA (Password Vault Web Access) in CyberArk Privileged Access Manager Self-Hosted before 14.4 has potentially elevated privileges in LDAP mapping. | ||||
| CVE-2025-37109 | 1 Hpe | 1 Telco Service Activator | 2026-04-15 | 3.5 Low |
| Cross-site scripting vulnerability has been identified in HPE Telco Service Activator product | ||||
| CVE-2024-57970 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 4 Medium |
| libarchive through 3.7.7 has a heap-based buffer over-read in header_gnu_longlink in archive_read_support_format_tar.c via a TAR archive because it mishandles truncation in the middle of a GNU long linkname. | ||||
| CVE-2023-53872 | 1 Wp2fac | 1 Wp2fac | 2026-04-15 | N/A |
| Wp2Fac 1.0 contains an OS command injection vulnerability in the send.php endpoint that allows remote attackers to execute arbitrary system commands. Attackers can inject shell commands through the 'numara' parameter by appending shell commands with '&' operators to execute malicious code. | ||||
| CVE-2025-8080 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.4 Medium |
| The Alobaidi Captcha plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin settings in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | ||||
| CVE-2024-5801 | 2026-04-15 | N/A | ||
| Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | ||||
| CVE-2025-3359 | 1 Redhat | 1 Enterprise Linux | 2026-04-15 | 6.2 Medium |
| A flaw was found in GNUPlot. A segmentation fault via IO_str_init_static_internal may jeopardize the environment. | ||||
| CVE-2024-5803 | 1 Avg | 1 Avg Anti-virus | 2026-04-15 | 7.5 High |
| The AVGUI.exe of AVG/Avast Antivirus before versions before 24.1 can allow a local attacker to escalate privileges via an COM hijack in a time-of-check to time-of-use (TOCTOU) when self protection is disabled. | ||||
| CVE-2025-3361 | 1 Hgiga | 1 Isherlock | 2026-04-15 | 9.8 Critical |
| The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||||
| CVE-2025-3362 | 1 Hgiga | 1 Isherlock | 2026-04-15 | 9.8 Critical |
| The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||||
| CVE-2025-3363 | 1 Hgiga | 1 Isherlock | 2026-04-15 | 9.8 Critical |
| The web service of iSherlock from HGiga has an OS Command Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary OS commands and execute them on the server. | ||||
| CVE-2025-3364 | 1 Hgiga | 1 Powerstation | 2026-04-15 | 6.7 Medium |
| The SSH service of PowerStation from HGiga has a Chroot Escape vulnerability, allowing attackers with root privileges to bypass chroot restrictions and access the entire file system. | ||||
| CVE-2025-8109 | 1 Imaginationtech | 1 Graphics Ddk | 2026-04-15 | 8.8 High |
| Software installed and run as a non-privileged user may conduct ptrace system calls to issue writes to GPU origin read only memory. | ||||