Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-26471 | 1 Xwiki | 1 Xwiki | 2025-03-05 | 10 Critical |
| XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`. | ||||
| CVE-2023-26108 | 1 Nestjs | 1 Nest | 2025-03-05 | 3.7 Low |
| Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open. | ||||
| CVE-2023-22232 | 1 Adobe | 1 Connect | 2025-03-05 | 5.3 Medium |
| Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction. | ||||
| CVE-2021-41613 | 1 Openrisc | 2 Mor1kx, Mor1kx Firmware | 2025-03-05 | 4.3 Medium |
| An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR. | ||||
| CVE-2023-26406 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-03-05 | 7.8 High |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-26408 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-03-05 | 7.8 High |
| Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2023-2679 | 2 Microsoft, Snowsoftware | 2 Windows, Snow License Manager | 2025-03-05 | 4.1 Medium |
| Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data. | ||||
| CVE-2014-125102 | 1 Bestwebsoft | 1 Relevant | 2025-03-05 | 4.3 Medium |
| A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability. | ||||
| CVE-2021-46876 | 1 Ibexa | 1 Ez Platform Kernel | 2025-03-05 | 5.3 Medium |
| An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence. | ||||
| CVE-2023-30630 | 2 Nongnu, Redhat | 2 Dmidecode, Enterprise Linux | 2025-03-04 | 7.1 High |
| Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly). | ||||
| CVE-2023-37412 | 1 Ibm | 1 Aspera Faspex | 2025-03-04 | 4.4 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls. | ||||
| CVE-2021-33639 | 1 Openatom | 1 Openeuler Kernel | 2025-03-04 | 7.5 High |
| REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified. | ||||
| CVE-2024-45426 | 1 Zoom | 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more | 2025-03-04 | 4.9 Medium |
| Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access. | ||||
| CVE-2024-45417 | 1 Zoom | 4 Meeting Software Development Kit, Rooms, Video Software Development Kit and 1 more | 2025-03-04 | 6 Medium |
| Uncontrolled resource consumption in the installer for some Zoom apps for macOS before version 6.1.5 may allow a privileged user to conduct a disclosure of information via local access. | ||||
| CVE-2025-21626 | 1 Glpi-project | 1 Glpi | 2025-03-04 | 5.8 Medium |
| GLPI is a free asset and IT management software package. Starting in version 0.71 and prior to version 10.0.18, an anonymous user can fetch sensitive information from the `status.php` endpoint. Version 10.0.18 contains a fix for the issue. Some workarounds are available. One may delete the `status.php` file, restrict its access, or remove any sensitive values from the `name` field of the active LDAP directories, mail servers authentication providers and mail receivers. | ||||
| CVE-2024-1619 | 1 Kaspersky | 1 Security | 2025-03-04 | 6.1 Medium |
| Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions. | ||||
| CVE-2024-0819 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-03-03 | 7.3 High |
| Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. | ||||
| CVE-2023-24033 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2025-03-03 | 7.5 High |
| The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | ||||
| CVE-2022-2259 | 1 Octopus | 1 Octopus Server | 2025-03-03 | 4.3 Medium |
| In affected versions of Octopus Deploy it is possible for a user to view Workerpools without being explicitly assigned permissions to view these items | ||||
| CVE-2023-24579 | 1 Mcafee | 1 Total Protection | 2025-03-03 | 7.8 High |
| McAfee Total Protection prior to 16.0.51 allows attackers to trick a victim into uninstalling the application via the command prompt. | ||||