Export limit exceeded: 25889 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25889 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-32670 | 1 Samsung | 1 Galaxy Smarttag2 | 2026-04-15 | N/A |
| Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting. | ||||
| CVE-2024-32669 | 1 Samsung Open Source | 1 Escargot | 2026-04-15 | 5.3 Medium |
| Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0. | ||||
| CVE-2024-32653 | 1 Skylot | 1 Jadx | 2026-04-15 | 6.1 Medium |
| jadx is a Dex to Java decompiler. Prior to version 1.5.0, the package name is not filtered before concatenation. This can be exploited to inject arbitrary code into the package name. The vulnerability allows an attacker to execute commands with shell privileges. Version 1.5.0 contains a patch for the vulnerability. | ||||
| CVE-2024-22095 | 2026-04-15 | 7.2 High | ||
| Improper input validation in PlatformVariableInitDxe driver in UEFI firmware for some Intel(R) Server D50DNP Family products may allow a privileged user to enable escalation of privilege via local access. | ||||
| CVE-2024-3182 | 1 Tibco | 1 Hawk | 2026-04-15 | 6.5 Medium |
| Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files. | ||||
| CVE-2024-3177 | 1 Redhat | 1 Openshift | 2026-04-15 | 2.7 Low |
| A security issue was discovered in Kubernetes where users may be able to launch containers that bypass the mountable secrets policy enforced by the ServiceAccount admission plugin when using containers, init containers, and ephemeral containers with the envFrom field populated. The policy ensures pods running with a service account may only reference secrets specified in the service account’s secrets field. Kubernetes clusters are only affected if the ServiceAccount admission plugin and the kubernetes.io/enforce-mountable-secrets annotation are used together with containers, init containers, and ephemeral containers with the envFrom field populated. | ||||
| CVE-2024-3160 | 2026-04-15 | 5.3 Medium | ||
| ** DISPUTED ** A vulnerability, which was classified as problematic, was found in Intelbras MHDX 1004, MHDX 1008, MHDX 1016, MHDX 5016, HDCVI 1008 and HDCVI 1016 up to 20240401. This affects an unknown part of the file /cap.js of the component HTTP GET Request Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier VDB-258933 was assigned to this vulnerability. NOTE: The vendor explains that they do not classify the information shown as sensitive and therefore there is no vulnerability which is about to harm the user. | ||||
| CVE-2024-31455 | 2026-04-15 | 4.3 Medium | ||
| Minder by Stacklok is an open source software supply chain security platform. A refactoring in commit `5c381cf` added the ability to get GitHub repositories registered to a project without specifying a specific provider. Unfortunately, the SQL query for doing so was missing parenthesis, and would select a random repository. This issue is patched in pull request 2941. As a workaround, revert prior to `5c381cf`, or roll forward past `2eb94e7`. | ||||
| CVE-2024-2371 | 2026-04-15 | 6.2 Medium | ||
| Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. | ||||
| CVE-2024-2467 | 1 Redhat | 2 Enterprise Linux, Openssl | 2026-04-15 | 5.9 Medium |
| A timing-based side-channel flaw exists in the perl-Crypt-OpenSSL-RSA package, which could be sufficient to recover plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. | ||||
| CVE-2024-25290 | 1 Casa Systems | 1 Nl1901acv | 2026-04-15 | 8 High |
| An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function. | ||||
| CVE-2024-25458 | 1 Cyczcam Shix Zhao Shixcam | 1 A9 Camera Firmware | 2026-04-15 | 7.5 High |
| An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. | ||||
| CVE-2024-25571 | 2026-04-15 | 2.3 Low | ||
| Improper input validation in some Intel(R) SPS firmware before SPS_E5_06.01.04.059.0 may allow a privileged user to potentially enable denial of service via local access. | ||||
| CVE-2024-25581 | 1 Powerdns | 1 Dnsdist | 2026-04-15 | 7.5 High |
| When incoming DNS over HTTPS support is enabled using the nghttp2 provider, and queries are routed to a tcp-only or DNS over TLS backend, an attacker can trigger an assertion failure in DNSdist by sending a request for a zone transfer (AXFR or IXFR) over DNS over HTTPS, causing the process to stop and thus leading to a Denial of Service. DNS over HTTPS is not enabled by default, and backends are using plain DNS (Do53) by default. | ||||
| CVE-2024-25583 | 1 Powerdns | 1 Powerdns | 2026-04-15 | 7.5 High |
| A crafted response from an upstream server the recursor has been configured to forward-recurse to can cause a Denial of Service in the Recursor. The default configuration of the Recursor does not use recursive forwarding and is not affected. | ||||
| CVE-2024-25590 | 1 Powerdns | 1 Recursor | 2026-04-15 | 7.5 High |
| An attacker can publish a zone containing specific Resource Record Sets. Repeatedly processing and caching results for these sets can lead to a denial of service. | ||||
| CVE-2024-29040 | 2 Tpm2 Software, Tpm2 Software Stack Project | 2 Tpm2 Tools, Tpm2 Software Stack | 2026-04-15 | 4.3 Medium |
| This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in the JSON structure. The verifier can receive a state which does not represent the actual, possibly malicious state of the device under test. The malicious device might get access to data it shouldn't, or can use services it shouldn't be able to. This issue has been patched in version 4.1.0. | ||||
| CVE-2024-29023 | 2026-04-15 | 7.2 High | ||
| Xibo is an Open Source Digital Signage platform with a web content management system and Windows display player software. Session tokens are exposed in the return of session search API call on the sessions page. Subsequently they can be exfiltrated and used to hijack a session. Users must be granted access to the session page, or be a super admin. Users should upgrade to version 3.3.10 or 4.0.9 which fix this issue. Customers who host their CMS with the Xibo Signage service have already received an upgrade or patch to resolve this issue regardless of the CMS version that they are running. Patches are available for earlier versions of Xibo CMS that are out of security support: 2.3 patch ebeccd000b51f00b9a25f56a2f252d6812ebf850.diff. 1.8 patch a81044e6ccdd92cc967e34c125bd8162432e51bc.diff. There are no known workarounds for this vulnerability. | ||||
| CVE-2024-26290 | 2026-04-15 | N/A | ||
| Improper Input Validation vulnerability in Avid Avid NEXIS E-series on Linux, Avid Avid NEXIS F-series on Linux, Avid Avid NEXIS PRO+ on Linux, Avid System Director Appliance (SDA+) on Linux allows code execution on underlying operating system with root permissions.This issue affects Avid NEXIS E-series: before 2024.6.0; Avid NEXIS F-series: before 2024.6.0; Avid NEXIS PRO+: before 2024.6.0; System Director Appliance (SDA+): before 2024.6.0. | ||||
| CVE-2024-2632 | 2026-04-15 | 7.5 High | ||
| A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET '/sitetest/english/dumpenv.jsp'. | ||||