Export limit exceeded: 350068 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (350068 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-26017 | 1 Intel | 1 Rendering Toolkit Software | 2026-04-15 | 6.7 Medium |
| Uncontrolled search path in some Intel(R) Rendering Toolkit software before version 2024.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2025-1025 | 1 Cockpit-hq | 1 Cockpit | 2026-04-15 | 7.5 High |
| Versions of the package cockpit-hq/cockpit before 2.4.1 are vulnerable to Arbitrary File Upload where an attacker can use different extension to bypass the upload filter. | ||||
| CVE-2024-23579 | 1 Hcl Software | 1 Dryice Optibot Reset Station | 2026-04-15 | 6.5 Medium |
| HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted values. | ||||
| CVE-2019-25288 | 1 Wacom | 1 Wtabletservice | 2026-04-15 | 7.8 High |
| Wacom WTabletService 6.6.7-3 contains an unquoted service path vulnerability that allows local attackers to execute malicious code with elevated privileges. Attackers can insert an executable file in the service path to run unauthorized code when the service restarts or the system reboots. | ||||
| CVE-2024-23589 | 2026-04-15 | 6.8 Medium | ||
| Due to outdated Hash algorithm, HCL Glovius Cloud could allow attackers to guess the input data using brute-force or dictionary attacks efficiently using modern hardware such as GPUs or ASICs | ||||
| CVE-2024-23597 | 2026-04-15 | 4.3 Medium | ||
| Cross-site request forgery (CSRF) vulnerability exists in TvRock 0.9t8a. If a logged-in user of TVRock accesses a specially crafted page, unintended operations may be performed. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. | ||||
| CVE-2019-25289 | 1 Inim | 1 Smartliving Smartlan | 2026-04-15 | 8.8 High |
| SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials. | ||||
| CVE-2019-25290 | 1 Inim | 1 Smartliving Smartlan | 2026-04-15 | 5.3 Medium |
| Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests. | ||||
| CVE-2019-25297 | 2 Opinionstage, Wordpress | 2 Poll, Survey & Quiz Maker, Wordpress | 2026-04-15 | N/A |
| Poll, Survey & Quiz Maker Plugin by Opinion Stage Wordpress plugin versions prior to 19.6.25 contain a stored cross-site scripting (XSS) vulnerability via multiple parameters due to insufficient input validation and output escaping. An unauthenticated attacker can inject arbitrary script into content that executes when a victim views an affected page. | ||||
| CVE-2019-25301 | 1 Millhouse-project Project | 1 Millhouse-project | 2026-04-15 | 6.4 Medium |
| Millhouse-Project 1.414 contains a persistent cross-site scripting vulnerability in the comment submission functionality that allows attackers to inject malicious scripts. Attackers can post comments with embedded JavaScript through the 'content' parameter in add_comment_sql.php to execute arbitrary scripts in victim browsers. | ||||
| CVE-2019-25302 | 1 Acer | 1 Launch Manager | 2026-04-15 | 7.8 High |
| Acer Launch Manager 6.1.7600.16385 contains an unquoted service path vulnerability in the DsiWMIService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Launch Manager\dsiwmis.exe to insert malicious code that would execute with system-level permissions during service startup. | ||||
| CVE-2019-25303 | 1 Thejshen | 1 Contentmanagementsystem | 2026-04-15 | 7.1 High |
| TheJshen ContentManagementSystem 1.04 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'id' GET parameter. Attackers can exploit boolean-based, time-based, and UNION-based SQL injection techniques to extract or manipulate database information by crafting malicious query payloads. | ||||
| CVE-2024-23847 | 1 Yokogawa Rental Lease Corporation | 1 Unifier | 2026-04-15 | 5.9 Medium |
| Incorrect default permissions issue exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted. | ||||
| CVE-2019-25304 | 1 Issivs | 1 Securos Enterprise | 2026-04-15 | 7.8 High |
| SecurOS Enterprise 10.2 contains an unquoted service path vulnerability in the SecurosCtrlService that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\ISS\SecurOS\ to insert malicious code that would execute with system-level permissions during service startup. | ||||
| CVE-2019-25305 | 2 Hp, Inforprograma | 2 Jumpstart, Jumpstart | 2026-04-15 | 7.8 High |
| JumpStart 0.6.0.0 contains an unquoted service path vulnerability in the jswpbapi service running with LocalSystem privileges. Attackers can exploit the unquoted path containing spaces to inject and execute malicious code with elevated system permissions. | ||||
| CVE-2024-23912 | 2026-04-15 | 4 Medium | ||
| Out-of-bounds Read vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_File() function is used to read a malformed DICOM data, it might result in over-reading memory buffer and could cause memory access violation. | ||||
| CVE-2024-23914 | 2026-04-15 | 5.7 Medium | ||
| Use of Externally-Controlled Format String vulnerability in Merge DICOM Toolkit C/C++ on Windows. When MC_Open_Association() function is used to open DICOM Association and gets DICOM Application Context Name with illegal characters, it might result in an unhandled exception. | ||||
| CVE-2024-23919 | 2026-04-15 | 5.3 Medium | ||
| Improper buffer restrictions in some Intel(R) Graphics software may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23974 | 1 Intel | 1 Nuc M15 Laptop Kit Integrated Sensor Hub Driver Pack | 2026-04-15 | 6.7 Medium |
| Incorrect default permissions in some Intel(R) ISH software installers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-23980 | 2026-04-15 | 7.5 High | ||
| Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||