Total
344878 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30127 | 1 Marbella | 1 Kr8s Dashcam | 2026-04-15 | 9.8 Critical |
| An issue was discovered on Marbella KR8s Dashcam FF 2.0.8 devices. Once access is gained either by default, common, or cracked passwords, the video recordings (containing sensitive routes, conversations, and footage) are open for downloading by creating a socket to command port 7777, and then downloading video via port 7778 and audio via port 7779. | ||||
| CVE-2023-45635 | 2026-04-15 | 5.4 Medium | ||
| Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in WP Darko Responsive Tabs allows Code Injection.This issue affects Responsive Tabs: from n/a before 4.0.6. | ||||
| CVE-2024-47915 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2026-04-15 | 7.5 High |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2025-0416 | 1 Valmet | 1 Dna | 2026-04-15 | N/A |
| Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege. The SeImpersonatePrivilege privilege is a Windows permission that allows a process to impersonate another user. An attacker can use this vulnerability to escalate their privileges and take complete control of the system. | ||||
| CVE-2024-47917 | 2026-04-15 | 7.5 High | ||
| CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-47919 | 2026-04-15 | 9.8 Critical | ||
| Tiki Wiki CMS – CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | ||||
| CVE-2024-47921 | 2026-04-15 | 8.4 High | ||
| Smadar SPS – CWE-327: Use of a Broken or Risky Cryptographic Algorithm | ||||
| CVE-2025-0418 | 1 Valmet | 1 Dna | 2026-04-15 | N/A |
| Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. | ||||
| CVE-2024-47922 | 2026-04-15 | 7.5 High | ||
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-47926 | 1 Tecnick | 1 Tcexam | 2026-04-15 | 9.8 Critical |
| Tecnick TCExam – CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | ||||
| CVE-2024-47934 | 2026-04-15 | 5.3 Medium | ||
| Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of Service situation can be resolved by restarting the management service. This issue affects Portable Inspector: through 1.0.0; Portable Inspector Pro Edition: through 1.0.0. | ||||
| CVE-2024-47939 | 2026-04-15 | N/A | ||
| Stack-based buffer overflow vulnerability exists in multiple laser printers and MFPs which implement Ricoh Web Image Monitor. If this vulnerability is exploited, receiving a specially crafted request created and sent by an attacker may lead to arbitrary code execution and/or a denial-of-service (DoS) condition. As for the details of affected product names and versions, refer to the information provided by the vendors under [References]. | ||||
| CVE-2025-1066 | 2026-04-15 | 9.8 Critical | ||
| OpenPLC_V3 contains an arbitrary file upload vulnerability, which could be leveraged for malvertising or phishing campaigns. | ||||
| CVE-2024-47943 | 2026-04-15 | 9.8 Critical | ||
| The firmware upgrade function in the admin web interface of the Rittal IoT Interface & CMC III Processing Unit devices checks if the patch files are signed before executing the containing run.sh script. The signing process is kind of an HMAC with a long string as key which is hard-coded in the firmware and is freely available for download. This allows crafting malicious "signed" .patch files in order to compromise the device and execute arbitrary code. | ||||
| CVE-2024-47947 | 2026-04-15 | 4.7 Medium | ||
| Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. | ||||
| CVE-2024-4956 | 1 Sonatype | 1 Nexus Repository Manager | 2026-04-15 | 7.5 High |
| Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1. | ||||
| CVE-2024-47968 | 2026-04-15 | 4.4 Medium | ||
| Improper resource shutdown in middle of certain operations on some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-47969 | 2026-04-15 | 6.2 Medium | ||
| Improper resource management in firmware of some Solidigm DC Products may allow an attacker to potentially enable denial of service. | ||||
| CVE-2024-33581 | 1 Lenovo | 1 Pcmanager | 2026-04-15 | 7.8 High |
| A DLL hijack vulnerability was reported in Lenovo PC Manager AI intelligent scenario that could allow a local attacker to execute code with elevated privileges. | ||||
| CVE-2024-47971 | 2026-04-15 | 6.5 Medium | ||
| Improper error handling in firmware of some SSD DC Products may allow an attacker to enable denial of service. | ||||