Export limit exceeded: 356189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 356189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (6749 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-38944 | 2026-04-15 | 9.8 Critical | ||
| An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component. | ||||
| CVE-2024-3955 | 2026-04-15 | 9.8 Critical | ||
| URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7). | ||||
| CVE-2024-4135 | 2 Joomunited, Wordpress | 2 Wp Latest Posts, Wordpress | 2026-04-15 | 5.4 Medium |
| The WP Latest Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.0.7. This is due to the plugin allowing users to execute an action that does not properly validate a user-supplied value prior to using that value in a call to do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | ||||
| CVE-2024-4144 | 2 Wordpress, Wpkube | 2 Wordpress, Simple Basic Contact Form | 2026-04-15 | 6.5 Medium |
| The Simple Basic Contact Form plugin for WordPress for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 20240502. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on the functionality of other plugins installed in the environment. | ||||
| CVE-2024-42845 | 1 Invesalius | 1 Invesalius | 2026-04-15 | 8 High |
| An eval Injection vulnerability in the component invesalius/reader/dicom.py of InVesalius 3.1.99991 through 3.1.99998 allows attackers to execute arbitrary code via loading a crafted DICOM file. | ||||
| CVE-2024-44744 | 1 Malwarebytes | 1 Premium Security | 2026-04-15 | 5.7 Medium |
| An issue in Malwarebytes Premium Security v5.0.0.883 allows attackers to execute arbitrary code via placing crafted binaries into unspecified directories. NOTE: Malwarebytes argues that this issue requires admin privileges and that the contents cannot be altered by non-admin users. | ||||
| CVE-2024-45623 | 1 D-link | 1 Dap-2310 Firmware | 2026-04-15 | 9.8 Critical |
| D-Link DAP-2310 Hardware A Firmware 1.16RC028 allows remote attackers to execute arbitrary code via a stack-based buffer overflow in the ATP binary that handles PHP HTTP GET requests for the Apache HTTP Server (httpd). NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-46962 | 1 Google | 1 Android | 2026-04-15 | 9.1 Critical |
| The SYQ com.downloader.video.fast (aka Master Video Downloader) application through 2.0 for Android allows an attacker to execute arbitrary JavaScript code via the com.downloader.video.fast.SpeedMainAct component. | ||||
| CVE-2024-48138 | 1 Pluxml | 1 Pluxml | 2026-04-15 | 9.8 Critical |
| A remote code execution (RCE) vulnerability in the component /PluXml/core/admin/parametres_edittpl.php of PluXml v5.8.16 and lower allows attackers to execute arbitrary code via injecting a crafted payload into a template. | ||||
| CVE-2024-48204 | 1 Hanzhou Haboo | 1 Network Management System | 2026-04-15 | 9.8 Critical |
| SQL injection vulnerability in Hanzhou Haobo network management system 1.0 allows a remote attacker to execute arbitrary code via a crafted script. | ||||
| CVE-2024-49214 | 1 Haproxy | 1 Haproxy | 2026-04-15 | 5.3 Medium |
| QUIC in HAProxy 3.1.x before 3.1-dev7, 3.0.x before 3.0.5, and 2.9.x before 2.9.11 allows opening a 0-RTT session with a spoofed IP address. This can bypass the IP allow/block list functionality. | ||||
| CVE-2024-5082 | 1 Sonatype | 1 Nexus Repository Manager | 2026-04-15 | N/A |
| A Remote Code Execution vulnerability has been discovered in Sonatype Nexus Repository 2. This issue affects Nexus Repository 2 OSS/Pro versions up to and including 2.15.1. | ||||
| CVE-2024-52786 | 1 Anji-plus | 1 Aj-report | 2026-04-15 | 9.8 Critical |
| An authentication bypass vulnerability in anji-plus AJ-Report up to v1.4.2 allows unauthenticated attackers to execute arbitrary code via a crafted URL. | ||||
| CVE-2024-52925 | 1 Opswat | 1 Metadefender Kiosk | 2026-04-15 | 6.8 Medium |
| In OPSWAT MetaDefender Kiosk before 4.7.0, arbitrary code execution can be performed by an attacker via the MD Kiosk Unlock Device feature for software encrypted USB drives. | ||||
| CVE-2024-53276 | 2026-04-15 | N/A | ||
| Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website to make a cross site request to home-gallery, thus allowing them to read any endpoint on home-gallery. Home-gallery is mostly safe from cross-site requests due to most of its pages requiring JavaScript, and cross-site requests such as fetch() do not render javascript. If an attacker is able to get the path of the preview images which are randomized, an attacker will be able to view such a photo. If any static files or endpoints are introduced in the future that contain sensitive information, they will be accessible to an attacker website. | ||||
| CVE-2024-53554 | 1 Taigaio | 1 Taiga Front | 2026-04-15 | 8 High |
| A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. | ||||
| CVE-2024-53561 | 2026-04-15 | 8.7 High | ||
| A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | ||||
| CVE-2024-55241 | 2026-04-15 | 8.8 High | ||
| An issue in deep-diver LLM-As-Chatbot before commit 99c2c03 allows a remote attacker to execute arbitrary code via the modelsbyom.py component. | ||||
| CVE-2024-55504 | 2026-04-15 | 5.5 Medium | ||
| An issue in RAR Extractor - Unarchiver Free and Pro v.6.4.0 allows local attackers to inject arbitrary code potentially leading to remote control and unauthorized access to sensitive user data via the exploit_combined.dylib component on MacOS. | ||||
| CVE-2024-55580 | 1 Qlik | 1 Qlik Sense | 2026-04-15 | 7.5 High |
| An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | ||||