Export limit exceeded: 345044 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345044 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-29933 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GhozyLab, Inc. Web Icons allows Stored XSS.This issue affects Web Icons: from n/a through 1.0.0.10. | ||||
| CVE-2024-4188 | 2026-04-15 | N/A | ||
| Unprotected Transport of Credentials vulnerability in OpenText™ Documentum™ Server could allow Credential Stuffing.This issue affects Documentum™ Server: from 16.7 through 23.4. | ||||
| CVE-2024-29019 | 1 Esphome | 1 Esphome | 2026-04-15 | 8.1 High |
| ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. | ||||
| CVE-2024-29934 | 2 Piotnet, Wordpress | 2 Piotnet Addons For Elementor, Wordpress | 2026-04-15 | 6.5 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.25. | ||||
| CVE-2024-8768 | 1 Redhat | 1 Enterprise Linux Ai | 2026-04-15 | 7.5 High |
| A flaw was found in the vLLM library. A completions API request with an empty prompt will crash the vLLM API server, resulting in a denial of service. | ||||
| CVE-2024-29022 | 2026-04-15 | 8.8 High | ||
| Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. In affected versions some request headers are not correctly sanitised when stored in the session and display tables. These headers can be used to inject a malicious script into the session page to exfiltrate session IDs and User Agents. These session IDs / User Agents can subsequently be used to hijack active sessions. A malicious script can be injected into the display grid to exfiltrate information related to displays. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Upgrading to a fixed version is necessary to remediate. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this issue. | ||||
| CVE-2024-8774 | 2026-04-15 | N/A | ||
| The SIMPLE.ERP client stores superuser password in a recoverable format, allowing any authenticated SIMPLE.ERP user to escalate privileges to a database administrator. This issue affect SIMPLE.ERP from 6.20 through 6.30. Only the 6.30 version received a patch 6.30@a03.9, which removed the vulnerability. Versions 6.20 and 6.25 remain unpatched. | ||||
| CVE-2024-29936 | 2026-04-15 | 6.5 Medium | ||
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blocksera Image Hover Effects – Elementor Addon allows Stored XSS.This issue affects Image Hover Effects – Elementor Addon: from n/a through 1.4. | ||||
| CVE-2024-37452 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2. | ||||
| CVE-2024-29040 | 2 Tpm2 Software, Tpm2 Software Stack Project | 2 Tpm2 Tools, Tpm2 Software Stack | 2026-04-15 | 4.3 Medium |
| This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | ||||
| CVE-2024-29949 | 2026-04-15 | 7.2 High | ||
| There is a command injection vulnerability in some Hikvision NVRs. This could allow an authenticated user with administrative rights to execute arbitrary commands. | ||||
| CVE-2024-37456 | 1 Noptin | 1 Noptin | 2026-04-15 | 5.3 Medium |
| Missing Authorization vulnerability in Noptin Newsletter Noptin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Noptin: from n/a through 3.4.2. | ||||
| CVE-2024-29075 | 2026-04-15 | 4.6 Medium | ||
| Active debug code vulnerability exists in Mesh Wi-Fi router RP562B firmware version v1.0.2 and earlier. If this vulnerability is exploited, a network-adjacent authenticated attacker may obtain or alter the settings of the device . | ||||
| CVE-2024-29083 | 1 Intel | 1 Distribution For Python | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-2995 | 1 Nuuo | 1 Camera | 2026-04-15 | 5.4 Medium |
| A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-258197 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-37458 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in extendthemes Highlight highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through <= 1.0.29. | ||||
| CVE-2024-29093 | 2026-04-15 | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Saleswonder Team: Tobias Builder for WooCommerce reviews shortcodes – ReviewShort woo-product-reviews-shortcode.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through <= 1.01.3. | ||||
| CVE-2024-29095 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gemini Labs Site Reviews site-reviews.This issue affects Site Reviews: from n/a through <= 6.11.6. | ||||
| CVE-2024-29970 | 2026-04-15 | 9.8 Critical | ||
| Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. | ||||
| CVE-2024-37467 | 1 Wordpress | 1 Wordpress | 2026-04-15 | N/A |
| Cross-Site Request Forgery (CSRF) vulnerability in themeisle Hestia hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through <= 3.1.2. | ||||