Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (7021 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46963 | 1 Google | 1 Android | 2026-04-15 | 8.1 High |
| The com.superfast.video.downloader (aka Super Unlimited Video Downloader - All in One) application through 5.1.9 for Android allows an attacker to execute arbitrary JavaScript code via the com.bluesky.browser.ui.BrowserMainActivity component. | ||||
| CVE-2025-42945 | 1 Sap | 4 Abap Platform, Application Server, As Abap and 1 more | 2026-04-15 | 6.1 Medium |
| SAP NetWeaver Application Server ABAP has HTML injection vulnerability. Due to this, an attacker could craft a URL with malicious script as payload and trick a victim with active user session into executing it. Upon successful exploit, this vulnerability could lead to limited access to data or its manipulation. There is no impact on availability. | ||||
| CVE-2024-36575 | 1 Notabotai | 1 Getsetprop | 2026-04-15 | 9.8 Critical |
| A Prototype Pollution issue in getsetprop 1.1.0 allows an attacker to execute arbitrary code via global.accessor. | ||||
| CVE-2024-46965 | 1 Google | 1 Ds Allvideo.downloader.browser Application For Android | 2026-04-15 | 5.4 Medium |
| The DS allvideo.downloader.browser (aka Fast Video Downloader: Browser) application through 1.6-RC1 for Android allows an attacker to execute arbitrary JavaScript code via the allvideo.downloader.browser.DefaultBrowserActivity component. | ||||
| CVE-2024-36679 | 1 Prestashop | 1 Livechatpro | 2026-04-15 | 10 Critical |
| In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) <=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method `Lcp::saveTranslations()` suffer of a white writer that can inject PHP code into a PHP file. | ||||
| CVE-2024-57401 | 2026-04-15 | 9.8 Critical | ||
| SQL Injection vulnerability in Uniclare Student portal v.2 and before allows a remote attacker to execute arbitrary code via the Forgot Password function. | ||||
| CVE-2024-38990 | 1 Tada5hi | 1 Sp Common | 2026-04-15 | 6.3 Medium |
| Tada5hi sp-common v0.5.4 was discovered to contain a prototype pollution via the function mergeDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties. | ||||
| CVE-2024-3924 | 2026-04-15 | N/A | ||
| A code injection vulnerability exists in the huggingface/text-generation-inference repository, specifically within the `autodocs.yml` workflow file. The vulnerability arises from the insecure handling of the `github.head_ref` user input, which is used to dynamically construct a command for installing a software package. An attacker can exploit this by forking the repository, creating a branch with a malicious payload as the name, and then opening a pull request to the base repository. Successful exploitation could lead to arbitrary code execution within the context of the GitHub Actions runner. This issue affects versions up to and including v2.0.0 and was fixed in version 2.0.0. | ||||
| CVE-2024-48453 | 2026-04-15 | 9.8 Critical | ||
| An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function | ||||
| CVE-2024-37779 | 1 Woodwing Elvis Dam | 1 Woodwing Elvis Dam | 2026-04-15 | 8.8 High |
| WoodWing Elvis DAM v6.98.1 was discovered to contain an authenticated remote command execution (RCE) vulnerability via the Apache Ant script functionality. | ||||
| CVE-2024-6365 | 1 Woobewoo | 1 Product Table By Wbw | 2026-04-15 | 9.8 Critical |
| The Product Table by WBW plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.1 via the 'saveCustomTitle' function. This is due to missing authorization and lack of sanitization of appended data in the languages/customTitle.php file. This makes it possible for unauthenticated attackers to execute code on the server. | ||||
| CVE-2024-12995 | 1 Ruifang-tech | 1 Rebuild | 2026-04-15 | 3.5 Low |
| A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-61488 | 1 Slims | 1 Senayan Library Management System | 2026-04-15 | 7.6 High |
| An issue in Senayan Library Management System (SLiMS) 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrap_image.php component and the imageURL parameter | ||||
| CVE-2025-10254 | 1 Onlyoffice | 1 Onlyoffice | 2026-04-15 | 3.5 Low |
| A vulnerability was found in Ascensio System SIA OnlyOffice up to 12.7.0. This issue affects some unknown processing of the file /Products/Projects/Messages.aspx of the component SVG Image Handler. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit has been made public and could be used. The vendor was informed early about this issue and replied: "We are already working on this case, and the issues will be resolved in one of the upcoming patches." | ||||
| CVE-2025-14228 | 1 Yealink | 1 Sip-t21p E2 | 2026-04-15 | 3.5 Low |
| A weakness has been identified in Yealink SIP-T21P E2 52.84.0.15. Impacted is an unknown function of the component Local Directory Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited. The vendor was contacted early about this disclosure but did not respond in any way. This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-37855 | 1 Nepstech | 1 Ntpl-xpon1gfevn Firmware | 2026-04-15 | 8.4 High |
| An issue in Nepstech Wifi Router xpon (terminal) NTPL-Xpon1GFEVN, hardware verstion 1.0 firmware 2.0.1 allows a remote attacker to execute arbitrary code via the router's Telnet port 2345 without requiring authentication credentials. | ||||
| CVE-2024-33228 | 2026-04-15 | 8.4 High | ||
| An issue in the component segwindrvx64.sys of Insyde Software Corp SEG Windows Driver v100.00.07.02 allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. | ||||
| CVE-2025-34061 | 2026-04-15 | N/A | ||
| A backdoor in PHPStudy versions 2016 through 2018 allows unauthenticated remote attackers to execute arbitrary PHP code on affected installations. The backdoor listens for base64-encoded PHP payloads in the Accept-Charset HTTP header of incoming requests, decodes and executes the payload without proper validation. This leads to remote code execution as the web server user, compromising the affected system. | ||||
| CVE-2023-28354 | 2026-04-15 | 9.8 Critical | ||
| An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | ||||
| CVE-2024-34761 | 2026-04-15 | 8.5 High | ||
| Vulnerability discovered by executing a planned security audit. Improper Control of Generation of Code ('Code Injection') vulnerability in WPENGINE INC Advanced Custom Fields PRO allows Code Injection.This issue affects Advanced Custom Fields PRO: from n/a before 6.2.10. | ||||