Export limit exceeded: 349367 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (349367 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47845 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Lim Kai Yang Grab & Save.This issue affects Grab & Save: from n/a through 1.0.4. | ||||
| CVE-2023-47859 | 2026-04-15 | 5.5 Medium | ||
| Improper access control for some Intel(R) Wireless Bluetooth products for Windows before version 23.20 may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2023-5404 | 2026-04-15 | 8.1 High | ||
| Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2025-48059 | 2026-04-15 | N/A | ||
| PowSyBl (Power System Blocks) is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service (ReDoS) vulnerability in the RegexCriterion class. This class compiles and evaluates an unvalidated, user-supplied regular expression against the identifier of an Identifiable object via Pattern.compile(regex).matcher(id).find(). If successfully exploited, a malicious actor can cause significant CPU exhaustion through repeated or recursive filter(...) calls — especially if performed over large network models or filtering operations. This issue has been patched in com.powsybl:powsybl-iidm-criteria 6.7.2. | ||||
| CVE-2024-6409 | 1 Redhat | 4 Enterprise Linux, Openshift, Rhel E4s and 1 more | 2026-04-15 | 7 High |
| A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server. | ||||
| CVE-2024-13944 | 1 Avast | 1 Cleanup | 2026-04-15 | 7.8 High |
| Link Following Local Privilege Escalation Vulnerability in NortonUtilitiesSvc in Norton Utilities Ultimate Version 24.2.16862.6344 on Windows 10 Pro x64 allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via the creation of a symbolic link and leveraging a TOCTTOU (time-of-check to time-of-use) attack. | ||||
| CVE-2024-13949 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 6.8 Medium |
| Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13950 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 6.8 Medium |
| Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13953 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 4.9 Medium |
| Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13954 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 6.5 Medium |
| Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13955 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 8.8 High |
| 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13956 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 6.7 Medium |
| SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13958 | 1 Abb | 3 Aspect Enterprise, Matrix Series, Nexus Series | 2026-04-15 | 4.8 Medium |
| Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*. | ||||
| CVE-2024-13959 | 2026-04-15 | 7.8 High | ||
| Link Following Local Privilege Escalation Vulnerability in TuneupSvc.exe in AVG TuneUp 24.2.16593.9844 on Windows allows local attackers to escalate privileges and execute arbitrary code in the context of SYSTEM via creating a symbolic link and leveraging the service to delete a directory | ||||
| CVE-2024-13967 | 2026-04-15 | 8.8 High | ||
| This vulnerability allows the successful attacker to gain unauthorized access to a configuration web page delivered by the integrated web Server of EIBPORT. This issue affects EIBPORT V3 KNX: through 3.9.8; EIBPORT V3 KNX GSM: through 3.9.8. | ||||
| CVE-2024-1275 | 2026-04-15 | N/A | ||
| Use of Default Cryptographic Key vulnerability in Baxter Welch Allyn Connex Spot Monitor may allow Configuration/Environment Manipulation.This issue affects Welch Allyn Connex Spot Monitor in all versions prior to 1.52. | ||||
| CVE-2023-41566 | 2026-04-15 | 8.1 High | ||
| OA EKP v16 was discovered to contain an arbitrary download vulnerability via the component /ui/sys_ui_extend/sysUiExtend.do. This vulnerability allows attackers to obtain the password of the background administrator and further obtain database permissions. | ||||
| CVE-2023-41134 | 1 Wordpress | 1 Wordpress | 2026-04-15 | 5.3 Medium |
| Authentication Bypass by Spoofing vulnerability in pluginkollektiv Antispam Bee allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Antispam Bee: from n/a through 2.11.3. | ||||
| CVE-2023-40747 | 1 Aki | 5 Pmman.exe\/enterprise Edition\/, Pmman.exe\/pro Edition\/, Pmman.exe\/pro Plus Imap4 Edition\/ and 2 more | 2026-04-15 | 7.5 High |
| Directory traversal vulnerability exists in A.K.I Software's PMailServer/PMailServer2 products' CGIs included in Internal Simple Webserver. If this vulnerability is exploited, a remote attacker may access arbitrary files outside DocumentRoot. | ||||
| CVE-2023-40702 | 1 Pingidentity | 1 Pingone Mfa Integration Kit | 2026-04-15 | N/A |
| PingOne MFA Integration Kit contains a vulnerability where the skipMFA action can be configured such that user authentication does not require the second factor authentication from the user's existing registered devices. A threat actor might be able to exploit this vulnerability to authenticate as a target user if they have existing knowledge of the target user’s first-factor credentials. | ||||