Export limit exceeded: 348774 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25266 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31212 | 1 Instantcms | 2 Icms2, Instantcms | 2025-01-17 | 6.7 Medium |
| InstantCMS is a free and open source content management system. A SQL injection vulnerability affects instantcms v2.16.2 in which an attacker with administrative privileges can cause the application to execute unauthorized SQL code. The vulnerability exists in index_chart_data action, which receives an input from user and passes it unsanitized to the core model `filterFunc` function that further embeds this data in an SQL statement. This allows attackers to inject unwanted SQL code into the statement. The `period` should be escaped before inserting it in the query. As of time of publication, a patched version is not available. | ||||
| CVE-2024-4109 | 1 Redhat | 1 Jboss Enterprise Application Platform | 2025-01-16 | 0.0 Low |
| Red Hat Product Security has determined that this CVE is not a security vulnerability. | ||||
| CVE-2022-3091 | 1 Ronds | 1 Equipment Predictive Maintenance | 2025-01-16 | 7.5 High |
| RONDS EPM version 1.19.5 has a vulnerability in which a function could allow unauthenticated users to leak credentials. In some circumstances, an attacker can exploit this vulnerability to execute operating system (OS) commands. | ||||
| CVE-2022-43455 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 5.5 Medium |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to the service_start, service_stop, and service_restart modules of the software. This could allow an attacker to start, stop, or restart arbitrary services running on the server. | ||||
| CVE-2022-47917 | 1 Sewio | 1 Real-time Location System Studio | 2025-01-16 | 6.8 Medium |
| Sewio’s Real-Time Location System (RTLS) Studio version 2.0.0 up to and including version 2.6.2 is vulnerable to improper input validation of user input to several modules and services of the software. This could allow an attacker to delete arbitrary files and cause a denial-of-service condition. | ||||
| CVE-2023-32346 | 1 Teltonika | 1 Remote Management System | 2025-01-16 | 5.3 Medium |
| Teltonika’s Remote Management System versions prior to 4.10.0 contain a function that allows users to claim their devices. This function returns information based on whether the serial number of a device has already been claimed, the MAC address of a device has already been claimed, or whether the attempt to claim a device was successful. An attacker could exploit this to create a list of the serial numbers and MAC addresses of all devices cloud-connected to the Remote Management System. | ||||
| CVE-2023-28649 | 1 Snapone | 2 Orvc, Ovrc-300-pro | 2025-01-16 | 8.6 High |
| The Hub in the Snap One OvrC cloud platform is a device used to centralize and manage nested devices connected to it. A vulnerability exists in which an attacker could impersonate a hub and send device requests to claim already claimed devices. The OvrC cloud platform receives the requests but does not validate if the found devices are already managed by another user. | ||||
| CVE-2023-28412 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2025-01-16 | 5.3 Medium |
| When supplied with a random MAC address, Snap One OvrC cloud servers will return information about the device. The MAC address of devices can be enumerated in an attack and the OvrC cloud will disclose their information. | ||||
| CVE-2023-34437 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2025-01-16 | 7.5 High |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a vulnerability in their password retrieval functionality which could allow an attacker to access passwords stored on the device. | ||||
| CVE-2021-25748 | 1 Kubernetes | 1 Ingress-nginx | 2025-01-16 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2023-32694 | 1 Saleor | 1 Saleor | 2025-01-16 | 4.8 Medium |
| Saleor Core is a composable, headless commerce API. Saleor's `validate_hmac_signature` function is vulnerable to timing attacks. Malicious users could abuse this vulnerability on Saleor deployments having the Adyen plugin enabled in order to determine the secret key and forge fake events, this could affect the database integrity such as marking an order as paid when it is not. This issue has been patched in versions 3.7.68, 3.8.40, 3.9.49, 3.10.36, 3.11.35, 3.12.25, and 3.13.16. | ||||
| CVE-2023-26215 | 1 Tibco | 1 Ebx Add-ons | 2025-01-16 | 7.7 High |
| The server component of TIBCO Software Inc.'s TIBCO EBX Add-ons contains a vulnerability that allows an attacker with low-privileged application access to read system files that are accessible to the web server. Affected releases are TIBCO Software Inc.'s TIBCO EBX Add-ons: versions 4.5.16 and below. | ||||
| CVE-2024-23302 | 1 Couchbase | 1 Couchbase Server | 2025-01-16 | 7.5 High |
| Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. | ||||
| CVE-2024-4837 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 5.3 Medium |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | ||||
| CVE-2024-34080 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | 5.3 Medium |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2023-21514 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2024-43755 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-52831 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||
| CVE-2023-21516 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||
| CVE-2023-21515 | 1 Samsung | 1 Galaxy Store | 2025-01-15 | 7.5 High |
| InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store. | ||||