Export limit exceeded: 346380 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (346380 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-10239 | 2026-04-15 | 7.2 High | ||
| A security issue in the firmware image verification implementation at Supermicro MBD-X12DPG-OA6 . An attacker with administrator privileges can upload a specially crafted image, which can cause a stack overflow due to the unchecked fat->fsd.max_fld. | ||||
| CVE-2023-28389 | 1 Intel | 1 Converged Security And Manageability Engine | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-10218 | 2026-04-15 | N/A | ||
| XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence | ||||
| CVE-2023-28383 | 2026-04-15 | 6.1 Medium | ||
| Improper conditions check in some Intel(R) BIOS PPAM firmware may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-10210 | 2026-04-15 | N/A | ||
| An External Control of File Name or Path vulnerability in the APROL Web Portal used in B&R APROL <4.4-005P may allow an authenticated network-based attacker to access data from the file system. | ||||
| CVE-2024-10209 | 2026-04-15 | N/A | ||
| An Incorrect Permission Assignment for Critical Resource vulnerability in the file system used in B&R APROL <4.4-01 may allow an authenticated local attacker to read and alter the configuration of another engineering or runtime user. | ||||
| CVE-2023-28354 | 2026-04-15 | 9.8 Critical | ||
| An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | ||||
| CVE-2023-54129 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 7.0 High |
| In the Linux kernel, the following vulnerability has been resolved: octeontx2-af: Add validation for lmac type Upon physical link change, firmware reports to the kernel about the change along with the details like speed, lmac_type_id, etc. Kernel derives lmac_type based on lmac_type_id received from firmware. In a few scenarios, firmware returns an invalid lmac_type_id, which is resulting in below kernel panic. This patch adds the missing validation of the lmac_type_id field. Internal error: Oops: 96000005 [#1] PREEMPT SMP [ 35.321595] Modules linked in: [ 35.328982] CPU: 0 PID: 31 Comm: kworker/0:1 Not tainted 5.4.210-g2e3169d8e1bc-dirty #17 [ 35.337014] Hardware name: Marvell CN103XX board (DT) [ 35.344297] Workqueue: events work_for_cpu_fn [ 35.352730] pstate: 40400089 (nZcv daIf +PAN -UAO) [ 35.360267] pc : strncpy+0x10/0x30 [ 35.366595] lr : cgx_link_change_handler+0x90/0x180 | ||||
| CVE-2025-9038 | 2026-04-15 | N/A | ||
| Improper Privilege Management vulnerability in GE Vernova S1 Agile Configuration Software on Windows allows Privilege Escalation.This issue affects S1 Agile Configuration Software: 3.1 and previous version. | ||||
| CVE-2022-50977 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via HTTP. | ||||
| CVE-2022-50978 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 7.5 High |
| An unauthenticated remote attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (TCP). | ||||
| CVE-2024-0851 | 2026-04-15 | N/A | ||
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Grup Arge Energy and Control Systems Smartpower allows SQL Injection.This issue affects Smartpower: through V24.05.27. | ||||
| CVE-2025-9556 | 1 Langchain | 1 Langchain | 2026-04-15 | 9.8 Critical |
| Langchaingo supports the use of jinja2 syntax when parsing prompts, which is in turn parsed using the gonja library v1.5.3. Gonja supports include and extends syntax to read files, which leads to a server side template injection vulnerability within langchaingo, allowing an attacker to insert a statement into a prompt to read the "etc/passwd" file. | ||||
| CVE-2024-0312 | 2026-04-15 | 5.5 Medium | ||
| A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. | ||||
| CVE-2022-50979 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| An unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via Modbus (RS485). | ||||
| CVE-2022-50980 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 6.5 Medium |
| A unauthenticated adjacent attacker could potentially disrupt operations by switching between multiple configuration presets via CAN. | ||||
| CVE-2025-11072 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| The MelAbu WP Download Counter Button WordPress plugin through 1.8.6.7 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files. | ||||
| CVE-2022-50981 | 2 Avibia, Innomic | 20 Avibialine Avle1 Hd, Avibialine Avle2 Hd, Avibialine Avle4 Hd and 17 more | 2026-04-15 | 9.8 Critical |
| An unauthenticated remote attacker can gain full access on the affected devices as they are shipped without a password by default and setting one is not enforced. | ||||
| CVE-2023-1000 | 2026-04-15 | 6.3 Medium | ||
| A vulnerability was found in cyanomiko dcnnt-py up to 0.9.0. It has been classified as critical. Affected is the function main of the file dcnnt/plugins/notifications.py of the component Notification Handler. The manipulation leads to command injection. It is possible to launch the attack remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is identified as b4021d784a97e25151a5353aa763a741e9a148f5. It is recommended to upgrade the affected component. VDB-262230 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-1001 | 2026-04-15 | 3.5 Low | ||
| A vulnerability, which was classified as problematic, has been found in xuliangzhan vxe-table up to 3.7.9. This issue affects the function export of the file packages/textarea/src/textarea.js of the component vxe-textarea. The manipulation of the argument inputValue leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 3.7.10 is able to address this issue. The patch is named d70b0e089740b65a22c89c106ebc4627ac48a22d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-266123. | ||||