Export limit exceeded: 349001 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25281 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6073 | 1 Volkswagen | 2 Id.3, Id.3 Firmware | 2025-02-27 | 5.7 Medium |
| Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | ||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-02-27 | 5.3 Medium |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | ||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-02-27 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | ||||
| CVE-2024-47059 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2025-02-27 | 4.3 Medium |
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | ||||
| CVE-2023-27894 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-02-27 | 5 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Services) - versions 420, 430, allows an attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to execute malicious requests, resulting in sensitive information disclosure. This causes limited impact on confidentiality of data. | ||||
| CVE-2023-1538 | 1 Answer | 1 Answer | 2025-02-27 | 5.3 Medium |
| Observable Timing Discrepancy in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-0100 | 1 Eclipse | 1 Business Intelligence And Reporting Tools | 2025-02-27 | 8.8 High |
| In Eclipse BIRT, starting from version 2.6.2, the default configuration allowed to retrieve a report from the same host using an absolute HTTP path for the report parameter (e.g. __report=http://xyz.com/report.rptdesign). If the host indicated in the __report parameter matched the HTTP Host header value, the report would be retrieved. However, the Host header can be tampered with on some configurations where no virtual hosts are put in place (e.g. in the default configuration of Apache Tomcat) or when the default host points to the BIRT server. This vulnerability was patched on Eclipse BIRT 4.13. | ||||
| CVE-2023-21449 | 1 Samsung | 1 Android | 2025-02-26 | 4 Medium |
| Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | ||||
| CVE-2023-21453 | 1 Samsung | 1 Android | 2025-02-26 | 6 Medium |
| Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. | ||||
| CVE-2020-4927 | 1 Ibm | 1 Spectrum Scale | 2025-02-26 | 5.7 Medium |
| A vulnerability in the Spectrum Scale 5.0.5.0 through 5.1.6.1 core component could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. IBM X-Force ID: 191695. | ||||
| CVE-2023-22876 | 1 Ibm | 1 Sterling B2b Integrator | 2025-02-26 | 4.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.7 and 6.1.0.0 through 6.1.2.1 could allow a privileged user to obtain sensitive information that could aid in further attacks against the system. IBM X-Force ID: 244364. | ||||
| CVE-2023-25680 | 1 Ibm | 3 Robotic Process Automation, Robotic Process Automation As A Service, Robotic Process Automation For Cloud Pak | 2025-02-26 | 4.2 Medium |
| IBM Robotic Process Automation 21.0.1 through 21.0.5 is vulnerable to insufficiently protecting credentials. Queue Provider credentials are not obfuscated while editing queue provider details. IBM X-Force ID: 247032. | ||||
| CVE-2023-22880 | 1 Zoom | 3 Rooms, Virtual Desktop Infrastructure, Zoom | 2025-02-26 | 6.8 Medium |
| Zoom for Windows clients before version 5.13.3, Zoom Rooms for Windows clients before version 5.13.5 and Zoom VDI for Windows clients before 5.13.1 contain an information disclosure vulnerability. A recent update to the Microsoft Edge WebView2 runtime used by the affected Zoom clients, transmitted text to Microsoft’s online Spellcheck service instead of the local Windows Spellcheck. Updating Zoom remediates this vulnerability by disabling the feature. Updating Microsoft Edge WebView2 Runtime to at least version 109.0.1481.0 and restarting Zoom remediates this vulnerability by updating Microsoft’s telemetry behavior. | ||||
| CVE-2023-1250 | 1 Otrs | 1 Otrs | 2025-02-26 | 7.4 High |
| Improper Input Validation vulnerability in OTRS AG OTRS (ACL modules), OTRS AG ((OTRS)) Community Edition (ACL modules) allows Local Execution of Code. When creating/importing an ACL it was possible to inject code that gets executed via manipulated comments and ACL-names This issue affects OTRS: from 7.0.X before 7.0.42, from 8.0.X before 8.0.31; ((OTRS)) Community Edition: from 6.0.1 through 6.0.34. | ||||
| CVE-2023-24571 | 1 Dell | 2 Embedded Box Pc 3000, Embedded Box Pc 3000 Firmware | 2025-02-26 | 7.5 High |
| Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with administrator privileges could potentially exploit this vulnerability to perform arbitrary code execution. | ||||
| CVE-2023-0027 | 1 Rockwellautomation | 1 Modbus Tcp Server Add On Instructions | 2025-02-26 | 5.3 Medium |
| Rockwell Automation Modbus TCP Server AOI prior to 2.04.00 is vulnerable to an unauthorized user sending a malformed message that could cause the controller to respond with a copy of the most recent response to the last valid request. If exploited, an unauthorized user could read the connected device’s Modbus TCP Server AOI information. | ||||
| CVE-2022-45634 | 1 Megaeis | 1 Dbd\+ | 2025-02-26 | 4.3 Medium |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | ||||
| CVE-2024-1302 | 1 Badgermeter | 1 Monitool | 2025-02-26 | 7.3 High |
| Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials. | ||||
| CVE-2024-24765 | 1 Icewhale | 1 Casaos | 2025-02-26 | 7.5 High |
| CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue. | ||||
| CVE-2022-43863 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2025-02-25 | 6.7 Medium |
| IBM QRadar SIEM 7.4 and 7.5 is vulnerable to privilege escalation, allowing a user with some admin capabilities to gain additional admin capabilities. IBM X-Force ID: 239425. | ||||