Export limit exceeded: 349004 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35090 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24865 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 6.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2023-24866 | 1 Microsoft | 12 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 9 more | 2025-02-28 | 6.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2023-33165 | 1 Microsoft | 1 Sharepoint Server | 2025-02-28 | 4.3 Medium |
| Microsoft SharePoint Server Security Feature Bypass Vulnerability | ||||
| CVE-2023-35306 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-02-28 | 5.5 Medium |
| Microsoft PostScript and PCL6 Class Printer Driver Information Disclosure Vulnerability | ||||
| CVE-2023-27904 | 2 Jenkins, Redhat | 3 Jenkins, Ocp Tools, Openshift | 2025-02-28 | 5.3 Medium |
| Jenkins 2.393 and earlier, LTS 2.375.3 and earlier prints an error stack trace on agent-related pages when agent connections are broken, potentially revealing information about Jenkins configuration that is otherwise inaccessible to attackers. | ||||
| CVE-2025-1606 | 1 Mayurik | 1 Best Employee Management System | 2025-02-28 | 4.3 Medium |
| A vulnerability classified as problematic was found in SourceCodester Best Employee Management System 1.0. This vulnerability affects unknown code of the file /admin/backup/backups.php. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-3767 | 1 Gitlab | 1 Dynamic Application Security Testing Analyzer | 2025-02-28 | 7.7 High |
| Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host. | ||||
| CVE-2021-34125 | 2 Dronecode, Yuneec | 3 Px4 Drone Autopilot, Mantis Q, Mantis Q Firmware | 2025-02-28 | 7.5 High |
| An issue discovered in Yuneec Mantis Q and PX4-Autopilot v 1.11.3 and below allow attacker to gain access to sensitive information via various nuttx commands. | ||||
| CVE-2023-22934 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 7.3 High |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘pivot’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands using a saved search job. The vulnerability requires an authenticated user to craft the saved job and a higher privileged user to initiate a request within their browser. | ||||
| CVE-2024-36986 | 1 Splunk | 2 Cloud, Splunk | 2025-02-28 | 6.3 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, an authenticated user could run risky commands using the permissions of a higher-privileged user to bypass SPL safeguards for risky commands in the Analytics Workspace. The vulnerability requires the authenticated user to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | ||||
| CVE-2024-29946 | 1 Splunk | 2 Cloud, Splunk | 2025-02-28 | 8.1 High |
| In Splunk Enterprise versions below 9.2.1, 9.1.4, and 9.0.9, the Dashboard Examples Hub lacks protections for risky SPL commands. This could let attackers bypass SPL safeguards for risky commands in the Hub. The vulnerability would require the attacker to phish the victim by tricking them into initiating a request within their browser. | ||||
| CVE-2024-45739 | 1 Splunk | 1 Splunk | 2025-02-28 | 4.9 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes plaintext passwords for local native authentication Splunk users. This exposure could happen when you configure the Splunk Enterprise AdminManager log channel at the DEBUG logging level. | ||||
| CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.8 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | ||||
| CVE-2024-45738 | 1 Splunk | 1 Splunk | 2025-02-28 | 4.9 Medium |
| In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6, the software potentially exposes sensitive HTTP parameters to the `_internal` index. This exposure could happen if you configure the Splunk Enterprise `REST_Calls` log channel at the DEBUG logging level. | ||||
| CVE-2023-22939 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 8.1 High |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the ‘map’ search processing language (SPL) command lets a search bypass SPL safeguards for risky commands. The vulnerability requires a higher privileged user to initiate a request within their browser and only affects instances with Splunk Web enabled. | ||||
| CVE-2023-22940 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 6.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, aliases of the ‘collect’ search processing language (SPL) command, including ‘summaryindex’, ‘sumindex’, ‘stash’,’ mcollect’, and ‘meventcollect’, were not designated as safeguarded commands. The commands could potentially allow for the exposing of data to a summary index that unprivileged users could access. The vulnerability requires a higher privileged user to initiate a request within their browser, and only affects instances with Splunk Web enabled. | ||||
| CVE-2024-22165 | 1 Splunk | 1 Enterprise Security | 2025-02-28 | 6.5 Medium |
| In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. | ||||
| CVE-2023-22937 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, the lookup table upload feature let a user upload lookup tables with unnecessary filename extensions. Lookup table file extensions may now be one of the following only: .csv, .csv.gz, .kmz, .kml, .mmdb, or .mmdb.gzl. | ||||
| CVE-2024-36996 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-02-28 | 5.3 Medium |
| In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109, an attacker could determine whether or not another user exists on the instance by deciphering the error response that they would likely receive from the instance when they attempt to log in. This disclosure could then lead to additional brute-force password-guessing attacks. This vulnerability would require that the Splunk platform instance uses the Security Assertion Markup Language (SAML) authentication scheme. | ||||
| CVE-2023-35368 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8.8 High |
| Microsoft Exchange Remote Code Execution Vulnerability | ||||