Search Results (351250 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-12706 2026-04-15 N/A
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in OpenTextâ„¢ Digital Asset Management. T he vulnerability could allow an authenticated user to run arbitrary SQL commands on the underlying database. This issue affects Digital Asset Management.: through 24.4.
CVE-2025-11126 1 Apeman 1 Apeman 2026-04-15 9.8 Critical
A security flaw has been discovered in Apeman ID71 218.53.203.117. This vulnerability affects unknown code of the file /system/www/system.ini. The manipulation results in hard-coded credentials. The attack may be performed from remote. The exploit has been released to the public and may be exploited. The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2020-10370 2026-04-15 8.8 High
Certain Cypress (and Broadcom) Wireless Combo chips such as CYW43455, when a 2021-01-26 Bluetooth firmware update is not present, allow a Bluetooth outage via a "Spectra" attack.
CVE-2020-10367 2026-04-15 5.5 Medium
Certain Cypress (and Broadcom) Wireless Combo chips, when a January 2021 firmware update is not present, allow memory access via a "Spectra" attack.
CVE-2025-10504 1 Abb 1 Terra Ac Wallbox Jp 2026-04-15 6.1 Medium
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
CVE-2022-50908 1 Mailhog 1 Mailhog 2026-04-15 7.2 High
Mailhog 1.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through email attachments. Attackers can send crafted emails with XSS payloads to execute arbitrary API calls, including message deletion and browser manipulation.
CVE-2025-10284 1 Blsops 1 Bbot 2026-04-15 9.6 Critical
BBOT's unarchive module could be abused by supplying malicious archives files and when extracted can then perform an arbitrary file write, resulting in remote code execution.
CVE-2025-0248 1 Hcltech 1 Hcl Inotes 2026-04-15 8.1 High
HCL iNotes is susceptible to a Reflected Cross-site Scripting (XSS) vulnerability caused by improper validation of user-supplied input. A remote, unauthenticated attacker can specially craft a URL to execute script in a victim's Web browser within the security context of the hosting Web site and/or steal the victim's cookie-based authentication credentials.
CVE-2025-0140 1 Palo Alto Networks 1 Globalprotect App 2026-04-15 N/A
An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtectâ„¢ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on Windows, Linux, iOS, Android, Chrome OS and GlobalProtect UWP app are not affected.
CVE-2024-9698 1 Wordpress 1 Wordpress 2026-04-15 7.2 High
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVE-2024-9101 2026-04-15 N/A
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set.
CVE-2025-25060 2026-04-15 N/A
Missing authentication for critical function vulnerability exists in AssetView and AssetView CLOUD. If exploited, the files on the server where the product is running may be obtained and/or deleted by a remote unauthenticated attacker.
CVE-2024-6409 1 Redhat 4 Enterprise Linux, Openshift, Rhel E4s and 1 more 2026-04-15 7 High
A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.
CVE-2025-25051 1 Automationdirect 1 Click Plc 2026-04-15 6.1 Medium
An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks.
CVE-2024-13089 2026-04-15 7.2 High
An OS command injection vulnerability within the update functionality may allow an authenticated administrator to execute unauthorized arbitrary OS commands. Users with administrative privileges may upload update packages to upgrade the versions of Nozomi Networks Guardian and CMC. While these updates are signed and their signatures are validated prior to installation, an improper signature validation check has been identified. This issue could potentially enable users to execute commands remotely on the appliance, thereby impacting confidentiality, integrity, and availability.
CVE-2025-55345 1 Openai 1 Codex 2026-04-15 8.8 High
Using Codex CLI in workspace-write mode inside a malicious context (repo, directory, etc) could lead to arbitrary file overwrite and potentially remote code execution due to symlinks being followed outside the allowed current working directory.
CVE-2024-13066 1 Akinsoft 1 Limondesk 2026-04-15 4.3 Medium
Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17.
CVE-2024-53919 2026-04-15 7.6 High
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root.
CVE-2024-53832 2026-04-15 4.6 Medium
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files.
CVE-2024-55587 2026-04-15 8.8 High
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract.