Export limit exceeded: 348118 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (348118 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-2653 | 1 Amphp | 2 Http, Http-client | 2026-04-15 | 8.2 High |
| amphp/http will collect CONTINUATION frames in an unbounded buffer and will not check a limit until it has received the set END_HEADERS flag, resulting in an OOM crash. | ||||
| CVE-2020-36912 | 2026-04-15 | 9.8 Critical | ||
| Plexus anblick Digital Signage Management 3.1.13 contains an open redirect vulnerability in the 'PantallaLogin' script that allows attackers to manipulate the 'pagina' GET parameter. Attackers can craft malicious links that redirect users to arbitrary websites by exploiting improper input validation in the parameter. | ||||
| CVE-2024-26520 | 1 Xiongwei Technology | 1 Restaurant Digital Comprehensive Management | 2026-04-15 | 9.8 Critical |
| An issue in Hangzhou Xiongwei Technology Development Co., Ltd. Restaurant Digital Comprehensive Management platform v1 allows an attacker to bypass authentication and perform arbitrary password resets. | ||||
| CVE-2024-26519 | 1 Casa Systems | 1 Ntc-221 Firmware | 2026-04-15 | 9 Critical |
| An issue in Casa Systems NTC-221 version 2.0.99.0 and before allows a remote attacker to execute arbitrary code via a crafted payload to the /www/cgi-bin/nas.cgi component. | ||||
| CVE-2020-36906 | 1 P5 | 2 Fnip-4xsh, Fnip-8x16a | 2026-04-15 | 4.3 Medium |
| P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking authenticated users into loading a specially crafted form. | ||||
| CVE-2024-26504 | 1 Wifire | 1 Hotspot | 2026-04-15 | 8.8 High |
| An issue in Wifire Hotspot v.4.5.3 allows a local attacker to execute arbitrary code via a crafted payload to the dst parameter. | ||||
| CVE-2024-26465 | 2026-04-15 | 6.1 Medium | ||
| A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. | ||||
| CVE-2020-36905 | 1 Fibaro | 5 Home Center 2, Home Center 3, Home Center 5 and 2 more | 2026-04-15 | 7.5 High |
| FIBARO System Home Center 5.021 contains a remote file inclusion vulnerability in the undocumented proxy API that allows attackers to include arbitrary client-side scripts. Attackers can exploit the 'url' GET parameter to inject malicious JavaScript and potentially hijack user sessions or manipulate page content. | ||||
| CVE-2024-26454 | 2026-04-15 | 5.4 Medium | ||
| A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. | ||||
| CVE-2024-2639 | 2026-04-15 | 4.3 Medium | ||
| A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-26369 | 1 Eprosima | 1 Fast Dds | 2026-04-15 | 7.5 High |
| An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. | ||||
| CVE-2024-2636 | 2026-04-15 | 9 Critical | ||
| An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application. | ||||
| CVE-2024-2635 | 2026-04-15 | 7.3 High | ||
| The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality | ||||
| CVE-2024-2634 | 2026-04-15 | 6.1 Medium | ||
| A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='. | ||||
| CVE-2024-2633 | 2026-04-15 | 6.1 Medium | ||
| A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E¶ms'. | ||||
| CVE-2024-26329 | 1 Chilkatsoft | 1 Chilkat | 2026-04-15 | 6.2 Medium |
| Chilkat before v9.5.0.98, allows attackers to obtain sensitive information via predictable PRNG in ChilkatRand::randomBytes function. | ||||
| CVE-2024-26305 | 1 Arubanetworks | 2 Arubaos, Sd-wan | 2026-04-15 | 9.8 Critical |
| There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system. | ||||
| CVE-2020-36903 | 1 Microsoft | 1 Windows | 2026-04-15 | 8.4 High |
| Selea CarPlateServer 4.0.1.6 contains an unquoted service path vulnerability in the Windows service configuration that allows local users to potentially execute code with elevated privileges. Attackers can exploit the service's unquoted binary path by inserting malicious code in the system root path that could execute with LocalSystem privileges during application startup or reboot. | ||||
| CVE-2024-26290 | 2026-04-15 | N/A | ||
| Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0. | ||||
| CVE-2020-36884 | 1 Brightsign | 1 Digital Signage Diagnostic Web Server | 2026-04-15 | N/A |
| BrightSign Digital Signage Diagnostic Web Server 8.2.26 and less contains an unauthenticated server-side request forgery vulnerability in the 'url' GET parameter of the Download Speed Test service. Attackers can specify external domains to bypass firewalls and perform network enumeration by forcing the application to make arbitrary HTTP requests to internal network hosts. | ||||