Export limit exceeded: 347902 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (347902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-37014 | 1 Tryton | 2 Tryton, Trytond | 2026-04-15 | 6.4 Medium |
| Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user interfaces. | ||||
| CVE-2024-27489 | 1 Weimengcms | 1 Wmcms | 2026-04-15 | 7.5 High |
| An issue in the DelFile() function of WMCMS v4.4 allows attackers to delete arbitrary files via a crafted POST request. | ||||
| CVE-2020-37015 | 1 Ruijienetworks | 1 Switch Eweb S29 Rgos | 2026-04-15 | 7.5 High |
| Ruijie Networks Switch eWeb S29_RGOS 11.4 contains a directory traversal vulnerability that allows unauthenticated attackers to access sensitive configuration files by manipulating file path parameters. Attackers can exploit the /download.do endpoint with '../' sequences to retrieve system configuration files containing credentials and network settings. | ||||
| CVE-2020-37018 | 1 Goautodial | 2 Goautodial, Goautodial Api | 2026-04-15 | 6.4 Medium |
| GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated agents to inject malicious scripts through message subjects. Attackers can craft messages with embedded JavaScript that will execute when an administrator reads the message, potentially stealing session cookies or executing client-side attacks. | ||||
| CVE-2020-37020 | 1 Sonarsource | 1 Sonarqube | 2026-04-15 | 7.8 High |
| SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges during service restart. | ||||
| CVE-2024-2758 | 2026-04-15 | 6.3 Medium | ||
| Tempesta FW rate limits are not enabled by default. They are either set too large to capture empty CONTINUATION frames attacks or too small to handle normal HTTP requests appropriately. | ||||
| CVE-2024-2759 | 1 Prestashopmodules | 1 Apaczka | 2026-04-15 | 7.5 High |
| Improper access control vulnerability in Apaczka plugin for PrestaShop allows information gathering from saved templates without authentication.This issue affects Apaczka plugin for PrestaShop from v1 through v4. | ||||
| CVE-2024-2760 | 2026-04-15 | 5.5 Medium | ||
| Bkav Home v7816, build 2403161130 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x222240 IOCTL code of the BkavSDFlt.sys driver. | ||||
| CVE-2020-37021 | 2 10-strike, Nsasoft | 2 Bandwidth Monitor, Network Bandwidth Monitor | 2026-04-15 | 7.8 High |
| 10-Strike Bandwidth Monitor 3.9 contains an unquoted service path vulnerability in multiple services that allows local attackers to escalate privileges. Attackers can place a malicious executable in specific file path locations to achieve privilege escalation to SYSTEM during service startup. | ||||
| CVE-2024-27665 | 2026-04-15 | 5.4 Medium | ||
| Unifiedtransform v2.X is vulnerable to Stored Cross-Site Scripting (XSS) via file upload feature in Syllabus module. | ||||
| CVE-2024-27706 | 2026-04-15 | 6.1 Medium | ||
| Cross Site Scripting vulnerability in Huly Platform v.0.6.202 allows attackers to execute arbitrary code via upload of crafted SVG file to issues. | ||||
| CVE-2020-37026 | 1 Midgetspy | 1 Sickbeard | 2026-04-15 | 5.3 Medium |
| Sickbeard alpha contains a cross-site request forgery vulnerability that allows attackers to disable authentication by submitting crafted configuration parameters. Attackers can trick users into submitting a malicious form that clears web username and password, effectively removing authentication protection. | ||||
| CVE-2020-37040 | 1 Codeblocks | 1 Code::blocks | 2026-04-15 | 8.4 High |
| Code Blocks 17.12 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by crafting a malicious file name with Unicode characters. Attackers can trigger the vulnerability by pasting a specially crafted payload into the file name field during project creation, potentially executing system commands like calc.exe. | ||||
| CVE-2024-27763 | 2026-04-15 | 5.3 Medium | ||
| XPixelGroup BasicSR through 1.4.2 might locally allow code execution in contrived situations where "scontrol show hostname" is executed in the presence of a crafted SLURM_NODELIST environment variable. | ||||
| CVE-2020-37043 | 2 10-strike, Nsasoft | 2 Bandwidth Monitor, Network Bandwidth Monitor | 2026-04-15 | 9.8 Critical |
| 10-Strike Bandwidth Monitor 3.9 contains a buffer overflow vulnerability that allows attackers to bypass SafeSEH, ASLR, and DEP protections through carefully crafted input. Attackers can exploit the vulnerability by sending a malicious payload to the application's registration key input, enabling remote code execution and launching arbitrary system commands. | ||||
| CVE-2020-37046 | 1 Adikiss | 1 Sistem Informasi Pengumuman Kelulusan Online | 2026-04-15 | 5.3 Medium |
| Sistem Informasi Pengumuman Kelulusan Online 1.0 contains a cross-site request forgery vulnerability that allows attackers to add unauthorized admin users through the tambahuser.php endpoint. Attackers can craft a malicious HTML form to submit admin credentials and create new administrative accounts without the victim's consent. | ||||
| CVE-2020-37048 | 1 Iskysoft | 1 Application Framework Service | 2026-04-15 | 7.8 High |
| Iskysoft Application Framework Service 2.4.3.241 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that would be run with the service's high-level system permissions. | ||||
| CVE-2024-31069 | 2026-04-15 | 7.4 High | ||
| IO-1020 Micro ELD web server uses a default password for authentication. | ||||
| CVE-2020-37049 | 3 Frigate, Frigate3, Winfrigate | 3 Frigate, Frigate Professional, Frigate 3 | 2026-04-15 | 8.4 High |
| Frigate 3.36.0.9 contains a local buffer overflow vulnerability in the Command Line input field that allows attackers to execute arbitrary code. Attackers can craft a malicious payload to overflow the buffer, bypass DEP, and execute commands like launching calc.exe through a specially crafted input sequence. | ||||
| CVE-2023-53700 | 1 Linux | 1 Linux Kernel | 2026-04-15 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286_v4l2_register() There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks (see /sys/kernel/debug/kmemleak) unreferenced object 0xffff88810defc400 (size 256): comm "python3", pid 278, jiffies 4294737563 (age 31.978s) hex dump (first 32 bytes): 28 06 a7 0a 81 88 ff ff 00 fe 22 12 81 88 ff ff (........."..... 10 c4 ef 0d 81 88 ff ff 10 c4 ef 0d 81 88 ff ff ................ backtrace: [<00000000191de6a7>] __kmalloc_node+0x44/0x1b0 [<000000002f4912b7>] kvmalloc_node+0x34/0x180 [<0000000057dc4cae>] v4l2_ctrl_new+0x325/0x10f0 [videodev] [<0000000026030272>] v4l2_ctrl_new_std+0x16f/0x210 [videodev] [<00000000f0d9ea2f>] max9286_probe+0x76e/0xbff [max9286] [<00000000ea8f6455>] i2c_device_probe+0x28d/0x680 [<0000000087529af3>] really_probe+0x17c/0x3f0 [<00000000b08be526>] __driver_probe_device+0xe3/0x170 [<000000004382edea>] driver_probe_device+0x49/0x120 [<000000007bde528a>] __device_attach_driver+0xf7/0x150 [<000000009f9c6ab4>] bus_for_each_drv+0x114/0x180 [<00000000c8aaf588>] __device_attach+0x1e5/0x2d0 [<0000000041cc06b9>] bus_probe_device+0x126/0x140 [<000000002309860d>] device_add+0x810/0x1130 [<000000002827bf98>] i2c_new_client_device+0x359/0x4f0 [<00000000593bdc85>] of_i2c_register_device+0xf1/0x110 max9286_v4l2_register() calls v4l2_ctrl_new_std(), but won't free the created v412_ctrl when fwnode_graph_get_endpoint_by_id() failed, which causes the memleak. Call v4l2_ctrl_handler_free() to free the v412_ctrl. | ||||