Export limit exceeded: 366603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 366603 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12243 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-5801 | 2026-04-15 | N/A | ||
| Enabled IP Forwarding feature in B&R Automation Runtime versions before 6.0.2 may allow remote attack-ers to compromise network security by routing IP-based packets through the host, potentially by-passing firewall, router, or NAC filtering. | ||||
| CVE-2024-0311 | 2026-04-15 | 5.5 Medium | ||
| A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. | ||||
| CVE-2024-57056 | 2026-04-15 | 5.4 Medium | ||
| Incorrect cookie session handling in WombatDialer before 25.02 results in the full session identity being written to system logs and could be used by a malicious attacker to impersonate an existing user session. | ||||
| CVE-2024-56972 | 2026-04-15 | 6.5 Medium | ||
| An issue in Midea Group Co., Ltd Midea Home iOS 9.3.12 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56971 | 2026-04-15 | 6.5 Medium | ||
| An issue in Zhiyuan Yuedu (Guangzhou) Literature Information Technology Co., Ltd Shuqi Novel iOS 5.3.8 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-56968 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shenzhen Intellirocks Tech Co. Ltd Govee Home iOS 6.5.01 allows attackers to access sensitive user information via supplying a crafted payload. | ||||
| CVE-2024-22374 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 6.5 Medium |
| Insufficient control flow management for some Intel(R) Xeon Processors may allow an authenticated user to potentially enable denial of service via local access. | ||||
| CVE-2024-56967 | 2026-04-15 | 6.5 Medium | ||
| An issue in Cloud Whale Interactive Technology LLC. PolyBuzz iOS 2.0.20 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-22387 | 2026-04-15 | 6.8 Medium | ||
| External Control of Critical State Data (CWE-642) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authenticated user to modify device I/O connections leading to unexpected behavior that in some circumstances could compromise site physical security controls. Gallagher recommend the diagnostic web page is not enabled (default is off) unless advised by Gallagher Technical support. This interface is intended only for diagnostic purposes. This issue affects: Gallagher Controller 6000 and 7000 9.10 prior to vCR9.10.240520a (distributed in 9.10.1268(MR1)), 9.00 prior to vCR9.00.240521a (distributed in 9.00.1990(MR3)), 8.90 prior to vCR8.90.240520a (distributed in 8.90.1947 (MR4)), 8.80 prior to vCR8.80.240520a (distributed in 8.80.1726 (MR5)), 8.70 prior to vCR8.70.240520a (distributed in 8.70.2824 (MR7)), all versions of 8.60 and prior. | ||||
| CVE-2024-39223 | 1 Ginuerzh | 1 Gost | 2026-04-15 | 9.8 Critical |
| An authentication bypass in the SSH service of gost v2.11.5 allows attackers to intercept communications via setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey | ||||
| CVE-2024-56966 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Xuan Ting Entertainment Information & Technology Co., Ltd Qidian Reader iOS 5.9.384 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-2419 | 1 Redhat | 1 Build Keycloak | 2026-04-15 | 7.1 High |
| A flaw was found in Keycloak's redirect_uri validation logic. This issue may allow a bypass of otherwise explicitly allowed hosts. A successful attack may lead to the theft of an access token, making it possible for the attacker to impersonate other users. It is very similar to CVE-2023-6291. | ||||
| CVE-2023-7049 | 2026-04-15 | 4.3 Medium | ||
| The Custom Field For WP Job Manager plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2 via the the 'cm_fieldshow' shortcode due to missing validation on the 'job_id' user controlled key. This makes it possible for authenticated attackers, with contributor-level access and above, to expose potentially sensitive post metadata. | ||||
| CVE-2024-56965 | 2026-04-15 | 6.5 Medium | ||
| An issue in Shanghai Shizhi Information Technology Co., Ltd Shihuo iOS 8.16.0 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2024-24312 | 2026-04-15 | 7.5 High | ||
| SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. | ||||
| CVE-2024-24980 | 1 Intel | 1 Xeon Processors | 2026-04-15 | 6.1 Medium |
| Protection mechanism failure in some 3rd, 4th, and 5th Generation Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2021-47621 | 1 Classgraph | 1 Classgraph | 2026-04-15 | 7.5 High |
| ClassGraph before 4.8.112 was not resistant to XML eXternal Entity (XXE) attacks. | ||||
| CVE-2024-24983 | 1 Intel | 1 Ethernet Complete Driver Pack | 2026-04-15 | 6.5 Medium |
| Protection mechanism failure in firmware for some Intel(R) Ethernet Network Controllers and Adapters E810 Series before version 4.4 may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
| CVE-2024-56964 | 2026-04-15 | 6.5 Medium | ||
| An issue in Che Hao Duo Used Automobile Agency (Beijing) Co., Ltd Guazi Used Car iOS 10.15.1 allows attackers to access sensitive user information via supplying a crafted link. | ||||
| CVE-2021-47663 | 2026-04-15 | 8.1 High | ||
| Due to improper JSON Web Tokens implementation an unauthenticated remote attacker can guess a valid session ID and therefore impersonate a user to gain full access. | ||||