Export limit exceeded: 347860 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347860 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-28125 | 1 Fitnesse | 1 Fitnesse | 2026-04-15 | 9.8 Critical |
| FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. Note: A contributor of FitNesse has claimed that this is not a vulnerability but a product specification and this is currently under further investigation. | ||||
| CVE-2023-28814 | 1 Hikvision | 1 Isecure Center | 2026-04-15 | 9.8 Critical |
| Some versions of Hikvision's iSecure Center Product have an improper file upload control vulnerability. Due to the improper verification of file to be uploaded, attackers may upload malicious files to the server. iSecure Center is software released for China's domestic market only, with no overseas release. | ||||
| CVE-2020-37095 | 1 Cyberoam | 2 Authentication Client, Cyberoamos | 2026-04-15 | 9.8 Critical |
| Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server Address' field to trigger a bind TCP shell on port 1337 with system-level access. | ||||
| CVE-2024-28091 | 2026-04-15 | 6.1 Medium | ||
| Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User Defined Service in managed_services_add.asp (the victim must click an X for a deletion). | ||||
| CVE-2024-28090 | 2026-04-15 | 5.4 Medium | ||
| Technicolor TC8715D TC8715D-01.EF.04.38.00-180405-S-FF9-D RSE-TC8717T devices allow a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via User name in dyn_dns.asp. | ||||
| CVE-2020-37093 | 1 Netis-systems | 1 Netis E1+ | 2026-04-15 | 7.5 High |
| Netis E1+ 1.2.32533 contains an information disclosure vulnerability that allows unauthenticated attackers to retrieve WiFi passwords through the netcore_get.cgi endpoint. Attackers can send a GET request to the endpoint to extract sensitive network credentials including SSID and WiFi passwords in plain text. | ||||
| CVE-2024-28065 | 2026-04-15 | 5.9 Medium | ||
| In Unify CP IP Phone firmware 1.10.4.3, files are not encrypted and contain sensitive information such as the root password hash. | ||||
| CVE-2024-28054 | 1 Amavis | 1 Amavis | 2026-04-15 | 7.4 High |
| Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. | ||||
| CVE-2023-53712 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ARM: 9317/1: kexec: Make smp stop calls asynchronous If a panic is triggered by a hrtimer interrupt all online cpus will be notified and set offline. But as highlighted by commit 19dbdcb8039c ("smp: Warn on function calls from softirq context") this call should not be made synchronous with disabled interrupts: softdog: Initiating panic Kernel panic - not syncing: Software Watchdog Timer expired WARNING: CPU: 1 PID: 0 at kernel/smp.c:753 smp_call_function_many_cond unwind_backtrace: show_stack dump_stack_lvl __warn warn_slowpath_fmt smp_call_function_many_cond smp_call_function crash_smp_send_stop.part.0 machine_crash_shutdown __crash_kexec panic softdog_fire __hrtimer_run_queues hrtimer_interrupt Make the smp call for machine_crash_nonpanic_core() asynchronous. | ||||
| CVE-2020-37087 | 1 Rubikon Teknoloji | 1 Easy Transfer | 2026-04-15 | N/A |
| Easy Transfer Wifi Transfer v1.7 for iOS contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious scripts by manipulating the oldPath, newPath, and path parameters in Create Folder and Move/Edit functions. Attackers can exploit improper input validation via POST requests to execute arbitrary JavaScript in the context of the mobile web application. | ||||
| CVE-2020-37086 | 1 Rubikon Teknoloji | 1 Easy Transfer | 2026-04-15 | 6.2 Medium |
| Easy Transfer 1.7 iOS mobile application contains a directory traversal vulnerability that allows remote attackers to access unauthorized file system paths without authentication. Attackers can exploit the vulnerability by manipulating path parameters in GET and POST requests to list or download sensitive system files and inject malicious scripts into application parameters. | ||||
| CVE-2024-28042 | 2026-04-15 | 8.4 High | ||
| SUBNET Solutions Inc. has identified vulnerabilities in third-party components used in PowerSYSTEM Center. | ||||
| CVE-2024-28041 | 1 Kddi | 1 Hgw Bli500hm Firmware | 2026-04-15 | 8.8 High |
| HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. | ||||
| CVE-2020-37081 | 1 Fishing Reservation System | 1 Fishing Reservation System | 2026-04-15 | 7.1 High |
| Fishing Reservation System 7.5 contains multiple remote SQL injection vulnerabilities in admin.php, cart.php, and calendar.php that allow attackers to inject malicious SQL commands. Attackers can exploit vulnerable parameters like uid, pid, type, m, y, and code to compromise the database management system and web application without user interaction. | ||||
| CVE-2024-28034 | 2026-04-15 | 5.4 Medium | ||
| Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi. | ||||
| CVE-2024-28033 | 2026-04-15 | 7.3 High | ||
| OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9. | ||||
| CVE-2024-28030 | 2026-04-15 | 2.2 Low | ||
| NULL pointer dereference in some Intel(R) VPL software before version 24.1.4 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-28028 | 1 Intel | 1 Neural Compressor Software | 2026-04-15 | 7.5 High |
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2020-37080 | 2 Luiswang, Webtareas Project | 2 Webtareas, Webtareas | 2026-04-15 | 9.8 Critical |
| webTareas 2.0.p8 contains a file deletion vulnerability in the print_layout.php administration component that allows authenticated attackers to delete arbitrary files. Attackers can exploit the vulnerability by manipulating the 'atttmp1' parameter to specify and delete files on the server through an unauthenticated file deletion mechanism. | ||||
| CVE-2020-37078 | 1 I-doit | 1 I-doit | 2026-04-15 | 8.8 High |
| i-doit Open Source CMDB 1.14.1 contains a file deletion vulnerability in the import module that allows authenticated attackers to delete arbitrary files by manipulating the delete_import parameter. Attackers can send a POST request to the import module with a crafted filename to remove files from the server's filesystem. | ||||