Search Results (788 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-8772 2026-04-15 4.3 Medium
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.
CVE-2022-50976 2 Avibia, Innomic 2 Avibiline Configurator, Vibroline Configurator 2026-04-15 7.7 High
A local attacker could cause a full device reset by resetting the device passwords using an invalid reset file via USB.
CVE-2024-51983 2026-04-15 7.5 High
An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device. The device will reboot, after which the attacker can reissue the command to repeatedly crash the device.
CVE-2024-7954 1 Spip 1 Spip 2026-04-15 9.8 Critical
The porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 is vulnerable to an arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.
CVE-2024-47855 1 Redhat 1 Ocp Tools 2026-04-15 5.3 Medium
util/JSONTokener.java in JSON-lib before 3.1.0 mishandles an unbalanced comment string.
CVE-2025-41650 2026-04-15 7.5 High
An unauthenticated remote attacker can exploit input validation in cmd services of the devices, allowing them to disrupt system operations and potentially cause a denial-of-service.
CVE-2024-37020 1 Intel 1 Xeon Processors 2026-04-15 3.8 Low
Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-30415 2026-04-15 N/A
Denial of service due to improper handling of malformed input. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 40077, Acronis Cyber Protect 17 (Linux, macOS, Windows) before build 41186.
CVE-2024-51564 2026-04-15 7.5 High
A guest can trigger an infinite loop in the hda audio driver.
CVE-2024-24715 2026-04-15 6.5 Medium
Improper Validation of Specified Quantity in Input vulnerability in The Events Calendar BookIt allows Manipulating Hidden Fields.This issue affects BookIt: from n/a through 2.4.0.
CVE-2025-9524 1 Axis 1 Axis Os 2026-04-15 4.3 Medium
The VAPIX API port.cgi did not have sufficient input validation, which may result in process crashes and impact usability. This vulnerability can only be exploited after authenticating with a viewer- operator- or administrator-privileged service account.
CVE-2025-2826 2026-04-15 2.6 Low
n affected platforms running Arista EOS, ACL policies may not be enforced. IPv4 ingress ACL, MAC ingress ACL, or IPv6 standard ingress ACL enabled on one or more ethernet or LAG interfaces may result in ACL policies not being enforced for ingress packets. This can cause incoming packets to incorrectly be allowed or denied. The two symptoms of this issue on the affected release and platform are: * Packets which should be permitted may be dropped and, * Packets which should be dropped may be permitted.
CVE-2024-3185 1 Rapid7 1 Insight Agent 2026-04-15 6.8 Medium
A key used in logging.json does not follow the least privilege principle by default and is exposed to local users in the Rapid7 Platform. This allows an attacker with local access to a machine with the logging.json file to use that key to authenticate to the platform with high privileges. This was fixed in the Rapid7 platform starting 3 April 2024 via the introduction of a restricted role and the removal of automatic API key generation on installation of an agent.
CVE-2025-11743 1 Rockwellautomation 1 Compactlogix 5370 2026-04-15 N/A
A denial-of-service security issue in the affected product. The security issue occurs when a malformed CIP forward open message is sent. This could result in a major nonrecoverable fault a restart is required to recover.
CVE-2025-40910 2026-04-15 6.5 Medium
Net::IP::LPM version 1.10 for Perl does not properly consider leading zero characters in IP CIDR address strings, which could allow attackers to bypass access control that is based on IP addresses. Leading zeros are used to indicate octal numbers, which can confuse users who are intentionally using octal notation, as well as users who believe they are using decimal notation.
CVE-2025-8556 1 Redhat 23 Acm, Advanced Cluster Security, Ceph Storage and 20 more 2026-04-15 3.7 Low
A flaw was found in CIRCL's implementation of the FourQ elliptic curve. This vulnerability allows an attacker to compromise session security via low-order point injection and incorrect point validation during Diffie-Hellman key exchange.
CVE-2024-1610 2026-04-15 9.8 Critical
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation.
CVE-2021-47818 1 Dupterminator 1 Dupterminator 2026-04-15 7.5 High
DupTerminator 1.4.5639.37199 contains a denial of service vulnerability that allows attackers to crash the application by inputting a long character string in the Excluded text box. Attackers can generate a payload of 8000 repeated characters to trigger the application to stop working on Windows 10.
CVE-2024-30516 2 Saasproject, Wordpress 2 Booking Package, Wordpress 2026-04-15 7.5 High
Improper Validation of Specified Quantity in Input vulnerability in SaasProject Booking Package allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Booking Package: from n/a through 1.6.27.
CVE-2023-46103 1 Redhat 1 Enterprise Linux 2026-04-15 4.7 Medium
Sequence of processor instructions leads to unexpected behavior in Intel(R) Core(TM) Ultra Processors may allow an authenticated user to potentially enable denial of service via local access.