Export limit exceeded: 342600 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (342600 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44760 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.6 Medium |
| Unsafe default file type filter policy in HCL Leap allows execution of unsafe JavaScript in deployed applications. | ||||
| CVE-2024-30147 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 6.5 Medium |
| Multiple vectors in HCL Leap allow client-side script injection in the authoring environment and deployed applications. | ||||
| CVE-2024-30114 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 3.7 Low |
| Insufficient sanitization in HCL Leap allows client-side script injection in the authoring environment. | ||||
| CVE-2024-30113 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 6.3 Medium |
| Insufficient sanitization policy in HCL Leap allows client-side script injection in the deployed application through the HTML widget. | ||||
| CVE-2023-45720 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 5.3 Medium |
| Insufficient default configuration in HCL Leap allows anonymous access to directory information. | ||||
| CVE-2023-37534 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 7.1 High |
| Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters. | ||||
| CVE-2024-30148 | 1 Hcltech | 1 Hcl Leap | 2025-11-17 | 4.1 Medium |
| Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem. | ||||
| CVE-2025-34298 | 1 Nagios | 1 Log Server | 2025-11-17 | 8.8 High |
| Nagios Log Server versions prior to 2024R1.3.2 contain a privilege escalation vulnerability in the account email-change workflow. A user could set their own email to an invalid value and, due to insufficient validation and authorization checks tied to email identity state, trigger inconsistent account state that granted elevated privileges or bypassed intended access controls. | ||||
| CVE-2025-34280 | 1 Nagios | 1 Network Analyzer | 2025-11-17 | 7.2 High |
| Nagios Network Analyzer versions prior to 2024R2.0.1 contain a vulnerability in the LDAP certificate management functionality whereby the certificate removal operation fails to apply adequate input sanitation. An authenticated administrator can trigger command execution on the underlying host in the context of the web application service, resulting in remote code execution with the service's privileges. | ||||
| CVE-2025-34278 | 1 Nagios | 1 Network Analyzer | 2025-11-17 | 5.4 Medium |
| Nagios Network Analyzer versions prior to 2024R1 contain a stored cross-site scripting (XSS) vulnerability in the Source Groups page (percentile calculator menu). An attacker can supply a malicious payload which is stored by the application and later rendered in the context of other users. When a victim views the affected page the injected script executes in the victim's browser context. | ||||
| CVE-2025-34277 | 1 Nagios | 1 Log Server | 2025-11-17 | 9.8 Critical |
| Nagios Log Server versions prior to 2024R1.3.1 contain a code injection vulnerability where malformed dashboard ID values are not properly validated before being forwarded to an internal API. An attacker able to supply crafted dashboard ID values can cause the system to execute attacker-controlled data, leading to arbitrary code execution in the context of the Log Server process. | ||||
| CVE-2025-34274 | 1 Nagios | 1 Log Server | 2025-11-17 | 9.8 Critical |
| Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration injection, or a vulnerability in input parsing - the attacker could execute code with root privileges, resulting in full system compromise. The Logstash service has been altered to run as the lower-privileged 'nagios' user to reduce this risk associated with a network-facing service that can accept untrusted input or load third-party components. | ||||
| CVE-2025-34273 | 1 Nagios | 1 Log Server | 2025-11-17 | 6.5 Medium |
| Nagios Log Server versions prior to 2024R2.0.3 contain an incorrect authorization vulnerability that allows non-administrator users to delete global dashboards. The application did not correctly enforce authorization checks for the global dashboard deletion workflow, enabling lower-privileged users to remove dashboards that affect other users or the overall monitoring UI. | ||||
| CVE-2025-34272 | 1 Nagios | 1 Log Server | 2025-11-17 | 6.5 Medium |
| In Nagios Log Server versions prior to 2024R2.0.3, when a user's configured default dashboard is deleted, the application does not reliably fall back to an empty, default dashboard. In some implementations this can result in an unexpected dashboard being presented as the user's default view. Depending on the product's dashboard sharing and access policies, this behavior may cause information exposure or unexpected privilege exposure. | ||||
| CVE-2025-34271 | 1 Nagios | 1 Log Server | 2025-11-17 | 9.8 Critical |
| Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the cluster manager component when requesting sensitive credentials from peer nodes over an unencrypted channel even when SSL/TLS is enabled in the product configuration. As a result, an attacker positioned on the network path can intercept credentials in transit. Captured credentials could allow the attacker to authenticate as a cluster node or service account, enabling further unauthorized access, lateral movement, or system compromise. | ||||
| CVE-2025-34270 | 1 Nagios | 1 Log Server | 2025-11-17 | 4.9 Medium |
| Nagios Log Server versions prior to 2024R2.0.2 contain a vulnerability in the AD/LDAP user import functionality as it fails to obfuscate the password field during import. As a result, the plaintext password supplied for imported accounts may be exposed in the user interface, logs, or other diagnostic output. This can leak sensitive credentials to administrators or anyone with access to import results. | ||||
| CVE-2024-58273 | 1 Nagios | 1 Log Server | 2025-11-17 | 7.8 High |
| Nagios Log Server versions prior to 2024R1.0.2 contain a local privilege escalation vulnerability that allows an attacker who could execute commands as the Apache web user (or the backend shell user) to escalate to root on the host. | ||||
| CVE-2023-7323 | 1 Nagios | 1 Log Server | 2025-11-17 | 5.4 Medium |
| Nagios Log Server versions prior to 2024R1 are vulnerable to cross-site scripting (XSS) via the Create User function. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser. | ||||
| CVE-2023-7322 | 1 Nagios | 1 Log Server | 2025-11-17 | 8.1 High |
| Nagios Log Server versions prior to 2024R1 contain an incorrect authorization vulnerability. Users who lacked the required API permission were nevertheless able to invoke API endpoints, resulting in unintended access to data and actions exposed via the API. This incorrect authorization check could allow authenticated but non-privileged users to read or modify resources beyond their intended rights. | ||||
| CVE-2023-7321 | 1 Nagios | 1 Log Server | 2025-11-17 | 5.4 Medium |
| Nagios Log Server versions prior to 2.1.14 are vulnerable to cross-site scripting (XSS) via the Snapshots Page. Untrusted log content was not safely encoded for the output context, allowing attacker-controlled data present in logs to execute script in the victim’s browser within the application origin. | ||||