Export limit exceeded: 46970 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 361694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45753 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45753 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-11717 | 1 Ctfd | 1 Ctfd | 2026-04-15 | N/A |
| Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email. This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release. | ||||
| CVE-2025-23405 | 2026-04-15 | 5.3 Medium | ||
| Unauthenticated log effects metrics gathering incident response efforts and potentially exposes risk of injection attacks (ex log injection). | ||||
| CVE-2024-2201 | 1 Redhat | 4 Enterprise Linux, Rhel Els, Rhel Eus and 1 more | 2026-04-15 | 4.7 Medium |
| A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | ||||
| CVE-2024-2105 | 1 Jbl | 7 Boombox 2, Boombox 3, Flip 5 and 4 more | 2026-04-15 | 6.5 Medium |
| An unauthorised attacker within bluetooth range may use an improper validation during the BLE connection request to deadlock the affected devices. | ||||
| CVE-2023-5404 | 2026-04-15 | 8.1 High | ||
| Server receiving a malformed message can cause a pointer to be overwritten which can result in a remote code execution or failure. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2025-12755 | 1 Ibm | 2 Mq Advanced, Mq Operator | 2026-04-15 | 4 Medium |
| IBM MQ Operator (SC2 v3.2.0–3.8.1, LTS v2.0.0–2.0.29) and IBM‑supplied MQ Advanced container images (across affected SC2, CD, and LTS 9.3.x–9.4.x releases) contain a vulnerability where log messages are not properly neutralized before being written to log files. This flaw could allow an unauthorized user to inject malicious data into MQ log entries, potentially leading to misleading logs, log manipulation, or downstream log‑processing issues. | ||||
| CVE-2025-23302 | 1 Nvidia | 5 Dgx, Dgx-1, Dgx-2 and 2 more | 2026-04-15 | 4.2 Medium |
| NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the LS10 could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2025-23301 | 1 Nvidia | 5 Dgx, Dgx-1, Dgx-2 and 2 more | 2026-04-15 | 4.2 Medium |
| NVIDIA HGX and DGX contain a vulnerability where a misconfiguration of the VBIOS could enable an attacker to set an unsafe debug access level. A successful exploit of this vulnerability might lead to denial of service. | ||||
| CVE-2024-5632 | 2026-04-15 | N/A | ||
| Longse NVR (Network Video Recorder) model NVR3608PGE2W, as well as products based on this device, create a WiFi network with a default password. A user is neither advised to change it during the installation process, nor such a need is described in the manual. As the cameras from the same kit connect automatically, it is very probable for the default password to be left unchanged. | ||||
| CVE-2020-36915 | 2026-04-15 | 7.5 High | ||
| Adtec Digital SignEdje Digital Signage Player v2.08.28 contains multiple hardcoded default credentials that allow unauthenticated remote access to web, telnet, and SSH interfaces. Attackers can exploit these credentials to gain root-level access and execute system commands across multiple Adtec Digital product versions. | ||||
| CVE-2023-5407 | 2026-04-15 | 5.9 Medium | ||
| Controller denial of service due to improper handling of a specially crafted message received by the controller. See Honeywell Security Notification for recommendations on upgrading and versioning. | ||||
| CVE-2024-22384 | 2026-04-15 | 2.8 Low | ||
| Out-of-bounds read for some Intel(R) Trace Analyzer and Collector software before version 2022.0.0 published Nov 2023 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2024-8885 | 1 Sophos | 1 Intercept X | 2026-04-15 | 8.8 High |
| A local privilege escalation vulnerability in Sophos Intercept X for Windows with Central Device Encryption 2024.2.0 and older allows writing of arbitrary files. | ||||
| CVE-2025-0591 | 1 Omron | 1 Cx-programmer | 2026-04-15 | 7.8 High |
| Out-of-bounds Read vulnerability (CWE-125) was found in CX-Programmer. Attackers may be able to read sensitive information or cause an application crash by abusing this vulnerability. | ||||
| CVE-2024-13503 | 2026-04-15 | N/A | ||
| Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer. | ||||
| CVE-2024-29375 | 2026-04-15 | 9.8 Critical | ||
| CSV Injection vulnerability in Addactis IBNRS v.3.10.3.107 allows a remote attacker to execute arbitrary code via a crafted .ibnrs file to the Project Description, Identifiers, Custom Triangle Name (inside Input Triangles) and Yield Curve Name parameters. | ||||
| CVE-2024-37795 | 1 Cvc5 | 1 Cvc5 | 2026-04-15 | 7.5 High |
| A segmentation fault in CVC5 Solver v1.1.3 allows attackers to cause a Denial of Service (DoS) via a crafted SMT-LIB input file containing the `set-logic` command with specific formatting errors. | ||||
| CVE-2024-9348 | 1 Docker | 1 Desktop | 2026-04-15 | N/A |
| Docker Desktop before v4.34.3 allows RCE via unsanitized GitHub source link in Build view. | ||||
| CVE-2024-41928 | 1 Freebsd | 1 Freebsd | 2026-04-15 | 8.4 High |
| Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. | ||||
| CVE-2024-40083 | 1 Viloliving | 1 Vilo 5 Mesh Wifi System Firmware | 2026-04-15 | 9.6 Critical |
| A Buffer Overflow vulnerabilty in the local_app_set_router_token function of Vilo 5 Mesh WiFi System <= 5.16.1.33 allows remote, unauthenticated attackers to execute arbitrary code via sscanf reading the token and timezone JSON fields into a fixed-length buffer. | ||||