Export limit exceeded: 45687 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347832 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347832 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26377 | 1 Amd | 11 Athlon, Athlon 3000, Radeon Instinct Mi25 and 8 more | 2026-04-15 | 4.1 Medium |
| Insufficient parameter validation while allocating process space in the Trusted OS (TOS) may allow for a malicious userspace process to trigger an integer overflow, leading to a potential denial of service. | ||||
| CVE-2021-26381 | 1 Amd | 17 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 14 more | 2026-04-15 | N/A |
| Improper system call parameter validation in the Trusted OS may allow a malicious driver to perform mapping or unmapping operations on a large number of pages, potentially resulting in kernel memory corruption. | ||||
| CVE-2021-26383 | 1 Amd | 9 Instinct Mi210, Instinct Mi250, Radeon Pro V520 and 6 more | 2026-04-15 | 7.9 High |
| Insufficient bounds checking in AMD TEE (Trusted Execution Environment) could allow an attacker with a compromised userspace to invoke a command with malformed arguments leading to out of bounds memory access, potentially resulting in loss of integrity or availability. | ||||
| CVE-2024-29375 | 2026-04-15 | 9.8 Critical | ||
| CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | ||||
| CVE-2024-29404 | 1 Razer | 1 Synapse | 2026-04-15 | 7.8 High |
| An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. | ||||
| CVE-2024-29417 | 2026-04-15 | 8.4 High | ||
| Insecure Permissions vulnerability in e-trust Horacius 1.0, 1.1, and 1.2 allows a local attacker to escalate privileges via the password reset function. | ||||
| CVE-2024-29421 | 1 Xmedcon | 1 Medcon | 2026-04-15 | 6.2 Medium |
| xmedcon 0.23.0 and fixed in v.0.24.0 is vulnerable to Buffer Overflow via libs/dicom/basic.c which allows an attacker to execute arbitrary code. | ||||
| CVE-2021-26410 | 1 Amd | 15 Radeon Pro V520, Radeon Pro V620, Radeon Pro W5000 Series and 12 more | 2026-04-15 | N/A |
| Improper syscall input validation in ASP (AMD Secure Processor) may force the kernel into reading syscall parameter values from its own memory space allowing an attacker to infer the contents of the kernel memory leading to potential information disclosure. | ||||
| CVE-2024-29466 | 1 Lsgwr | 1 Spring-boot-online-exam | 2026-04-15 | 8.8 High |
| Directory Traversal vulnerability in lsgwr spring boot online exam v.0.9 allows an attacker to execute arbitrary code via the FileTransUtil.java component. | ||||
| CVE-2021-27289 | 2026-04-15 | 9.1 Critical | ||
| A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attacker within wireless range can resend captured packets with a higher sequence number, which the devices incorrectly accept as legitimate messages. This allows spoofed commands to be injected without authentication, triggering false alerts and misleading the user through notifications in the mobile application used to monitor the network. | ||||
| CVE-2021-27700 | 2026-04-15 | 7.6 High | ||
| SOCIFI Socifi Guest wifi as SAAS wifi portal is affected by Insecure Permissions. Any authorized customer with partner mode can switch to another customer dashboard and perform actions like modify user, delete user, etc. | ||||
| CVE-2021-27701 | 2026-04-15 | 4.7 Medium | ||
| SOCIFI Socifi Guest wifi as SAAS is affected by Cross Site Request Forgery (CSRF) via the Socifi wifi portal. The application does not contain a CSRF token and request validation. An attacker can Add/Modify any random user data by sending a crafted CSRF request. | ||||
| CVE-2021-27702 | 1 Sercomm | 1 S3-ac2100 Firmware | 2026-04-15 | 7.3 High |
| Sercomm Router Etisalat Model S3- AC2100 is affected by Incorrect Access Control via the diagnostic utility in the router dashboard. | ||||
| CVE-2024-29640 | 2026-04-15 | 9.8 Critical | ||
| An issue in aliyundrive-webdav v.2.3.3 and before allows a remote attacker to execute arbitrary code via a crafted payload to the sid parameter in the action_query_qrcode component. | ||||
| CVE-2021-27703 | 2026-04-15 | 6.1 Medium | ||
| Sercomm Model Etisalat Model S3- AC2100 is affected by Cross Site Scripting (XSS) via the firmware update page. | ||||
| CVE-2024-29666 | 2026-04-15 | 9.8 Critical | ||
| Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. | ||||
| CVE-2024-29671 | 2026-04-15 | 9.8 Critical | ||
| Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | ||||
| CVE-2024-29672 | 2026-04-15 | 8.8 High | ||
| Directory Traversal vulnerability in zly2006 Reden before v.0.2.514 allows a remote attacker to execute arbitrary code via the DEBUG_RTC_REQUEST_SYNC_DATA in KeyCallbacks.kt. | ||||
| CVE-2021-29050 | 1 Liferay | 2 Dxp, Portal | 2026-04-15 | 8.8 High |
| Cross-Site Request Forgery (CSRF) vulnerability in the terms of use page in Liferay Portal before 7.3.6, and Liferay DXP 7.3 before service pack 1, 7.2 before fix pack 11 allows remote attackers to accept the site's terms of use via social engineering and enticing the user to visit a malicious page. | ||||
| CVE-2024-29732 | 2026-04-15 | 9.8 Critical | ||
| A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter. | ||||