Search Results (44126 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-33519 2026-04-15 7.2 High
A vulnerability in the web-based management interface of HPE Aruba Networking EdgeConnect SD-WAN gateway could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise.
CVE-2024-6873 1 Clickhouse 1 Clickhouse 2026-04-15 8.1 High
It is possible to crash or redirect the execution flow of the ClickHouse server process from an unauthenticated vector by sending a specially crafted request to the ClickHouse server native interface. This redirection is limited to what is available within a 256-byte range of memory at the time of execution, and no known remote code execution (RCE) code has been produced or exploited.  Fixes have been merged to all currently supported version of ClickHouse. If you are maintaining your own forked version of ClickHouse or using an older version and cannot upgrade, the fix for this vulnerability can be found in this commit  https://github.com/ClickHouse/ClickHouse/pull/64024 .
CVE-2024-30165 1 Amazon 1 Aws Client Vpn 2026-04-15 7.1 High
Amazon AWS Client VPN before 3.9.1 on macOS has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions, a different vulnerability than CVE-2024-30164.
CVE-2025-61984 1 Openbsd 1 Openssh 2026-04-15 3.6 Low
ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.)
CVE-2024-33512 2026-04-15 9.8 Critical
There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
CVE-2025-4877 1 Redhat 2 Enterprise Linux, Openshift 2026-04-15 4.5 Medium
There's a vulnerability in the libssh package where when a libssh consumer passes in an unexpectedly large input buffer to ssh_get_fingerprint_hash() function. In such cases the bin_to_base64() function can experience an integer overflow leading to a memory under allocation, when that happens it's possible that the program perform out of bounds write leading to a heap corruption. This issue affects only 32-bits builds of libssh.
CVE-2024-30253 2026-04-15 7.5 High
@solana/web3.js is the Solana JavaScript SDK. Using particular inputs with `@solana/web3.js` will result in memory exhaustion (OOM). If you have a server, client, mobile, or desktop product that accepts untrusted input for use with `@solana/web3.js`, your application/service may crash, resulting in a loss of availability. This vulnerability is fixed in 1.0.1, 1.10.2, 1.11.1, 1.12.1, 1.1.2, 1.13.1, 1.14.1, 1.15.1, 1.16.2, 1.17.1, 1.18.1, 1.19.1, 1.20.3, 1.21.1, 1.22.1, 1.23.1, 1.24.3, 1.25.1, 1.26.1, 1.27.1, 1.28.1, 1.2.8, 1.29.4, 1.30.3, 1.31.1, 1.3.1, 1.32.3, 1.33.1, 1.34.1, 1.35.2, 1.36.1, 1.37.3, 1.38.1, 1.39.2, 1.40.2, 1.41.11, 1.4.1, 1.42.1, 1.43.7, 1.44.4, 1.45.1, 1.46.1, 1.47.5, 1.48.1, 1.49.1, 1.50.2, 1.51.1, 1.5.1, 1.52.1, 1.53.1, 1.54.2, 1.55.1, 1.56.3, 1.57.1, 1.58.1, 1.59.2, 1.60.1, 1.61.2, 1.6.1, 1.62.2, 1.63.2, 1.64.1, 1.65.1, 1.66.6, 1.67.3, 1.68.2, 1.69.1, 1.70.4, 1.71.1, 1.72.1, 1.7.2, 1.73.5, 1.74.1, 1.75.1, 1.76.1, 1.77.4, 1.78.8, 1.79.1, 1.80.1, 1.81.1, 1.8.1, 1.82.1, 1.83.1, 1.84.1, 1.85.1, 1.86.1, 1.87.7, 1.88.1, 1.89.2, 1.90.2, 1.9.2, and 1.91.3.
CVE-2024-36577 1 Apphp 1 Apphp Js-object-resolver 2026-04-15 8.3 High
apphp js-object-resolver < 3.1.1 is vulnerable to Prototype Pollution via Module.setNestedProperty.
CVE-2025-30077 2026-04-15 6.2 Medium
Open Networking Foundation SD-RAN ONOS onos-lib-go 0.10.28 allows an index out-of-range panic in asn1/aper GetBitString via a zero value of numBits.
CVE-2024-38809 2 Redhat, Vmware 2 Apache Camel Spring Boot, Spring Framework 2026-04-15 5.3 Medium
Applications that parse ETags from "If-Match" or "If-None-Match" request headers are vulnerable to DoS attack. Users of affected versions should upgrade to the corresponding fixed version. Users of older, unsupported versions could enforce a size limit on "If-Match" and "If-None-Match" headers, e.g. through a Filter.
CVE-2024-36582 1 Alykoshin 1 Mini-deep-assign 2026-04-15 9.8 Critical
alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)
CVE-2024-48122 2026-04-15 6.7 Medium
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges.
CVE-2025-32901 1 Kde 1 Kdeconnect 2026-04-15 4.3 Medium
In KDE Connect before 1.33.0 on Android, malicious device IDs (sent via broadcast UDP) could cause an application crash.
CVE-2024-36671 1 Nodemcu 1 Nodemcu 2026-04-15 9.8 Critical
nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c.
CVE-2024-24452 1 Athonet 1 Vepc Mmc 2026-04-15 5.9 Medium
An invalid memory access when handling the ProtocolIE_ID field of E-RAB Release Indication messages in Athonet vEPC MME v11.4.0 allows attackers to cause a Denial of Service (DoS) to the cellular network by repeatedly initiating connections and sending a crafted payload.
CVE-2024-37020 1 Intel 1 Xeon Processors 2026-04-15 3.8 Low
Sequence of processor instructions leads to unexpected behavior in the Intel(R) DSA V1.0 for some Intel(R) Xeon(R) Processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-43785 1 Byron 1 Gitoxide 2026-04-15 2.5 Low
gitoxide An idiomatic, lean, fast & safe pure Rust implementation of Git. gitoxide-core, which provides most underlying functionality of the gix and ein commands, does not neutralize newlines, backspaces, or control characters—including those that form ANSI escape sequences—that appear in a repository's paths, author and committer names, commit messages, or other metadata. Such text may be written as part of the output of a command, as well as appearing in error messages when an operation fails. This sometimes allows an untrusted repository to misrepresent its contents and to alter or concoct error messages.
CVE-2024-23980 2026-04-15 7.5 High
Improper buffer restrictions in PlatformPfrDxe driver in UEFI firmware for some Intel(R) Server D50FCP Family products may allow a privileged user to enable escalation of privilege via local access.
CVE-2024-36292 2026-04-15 7.3 High
Improper buffer restrictions for some Intel(R) Data Center GPU Flex Series for Windows driver before version 31.0.101.4314 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2025-29994 2026-04-15 N/A
This vulnerability exists in the CAP back office application due to improper authentication check at the API endpoint. An unauthenticated remote attacker with a valid login ID could exploit this vulnerability by manipulating API input parameters through API request URL/payload leading to unauthorized access to other user accounts.