Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38181 | 1 Microsoft | 1 Exchange Server | 2025-02-27 | 8.8 High |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2023-38154 | 1 Microsoft | 2 Windows 10 1809, Windows Server 2019 | 2025-02-27 | 7.8 High |
| Windows Kernel Elevation of Privilege Vulnerability | ||||
| CVE-2023-36741 | 1 Microsoft | 1 Edge Chromium | 2025-02-27 | 8.3 High |
| Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | ||||
| CVE-2023-22301 | 1 Openatom | 1 Openharmony | 2025-02-27 | 6.5 Medium |
| The kernel subsystem hmdfs within OpenHarmony-v3.1.5 and prior versions has an arbitrary memory accessing vulnerability which network attackers can launch a remote attack to obtain kernel memory data of the target system. | ||||
| CVE-2023-40060 | 1 Solarwinds | 1 Serv-u | 2025-02-27 | 7.2 High |
| A vulnerability has been identified within Serv-U 15.4 and 15.4 Hotfix 1 that, if exploited, allows an actor to bypass multi-factor/two-factor authentication. The actor must have administrator-level access to Serv-U to perform this action. 15.4. SolarWinds found that the issue was not completely fixed in 15.4 Hotfix 1. | ||||
| CVE-2023-5158 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-02-27 | 6.5 Medium |
| A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. | ||||
| CVE-2023-22382 | 1 Qualcomm | 58 Apq8064au, Apq8064au Firmware, Msm8996au and 55 more | 2025-02-27 | 7.4 High |
| Weak configuration in Automotive while VM is processing a listener request from TEE. | ||||
| CVE-2023-28805 | 1 Zscaler | 1 Client Connector | 2025-02-27 | 6.7 Medium |
| An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | ||||
| CVE-2023-2622 | 1 Hitachienergy | 1 Modular Advanced Control For Hvdc | 2025-02-27 | 2.7 Low |
| Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. | ||||
| CVE-2023-5515 | 1 Hitachienergy | 1 Esoms | 2025-02-27 | 5.3 Medium |
| The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications. | ||||
| CVE-2023-5516 | 1 Hitachienergy | 1 Esoms | 2025-02-27 | 5.3 Medium |
| Poorly constructed webap requests and URI components with special characters trigger unhandled errors and exceptions, disclosing information about the underlying technology and other sensitive information details. The website unintentionally reveals sensitive information including technical details like version Info, endpoints, backend server, Internal IP. etc., which can potentially expose additional attack surface containing other interesting vulnerabilities. | ||||
| CVE-2023-5920 | 2 Apple, Mattermost | 2 Macos, Mattermost Desktop | 2025-02-27 | 2.9 Low |
| Mattermost Desktop for MacOS fails to utilize the secure keyboard input functionality provided by macOS, allowing for other processes to read the keyboard input. | ||||
| CVE-2023-6073 | 1 Volkswagen | 2 Id.3, Id.3 Firmware | 2025-02-27 | 5.7 Medium |
| Attacker can perform a Denial of Service attack to crash the ICAS 3 IVI ECU in a Volkswagen ID.3 (and other vehicles of the VW Group with the same hardware) and spoof volume setting commands to irreversibly turn on audio volume to maximum via REST API calls. | ||||
| CVE-2023-6076 | 1 Phpgurukul | 1 Restaurant Table Booking System | 2025-02-27 | 5.3 Medium |
| A vulnerability classified as problematic was found in PHPGurukul Restaurant Table Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file booking-details.php of the component Reservation Status Handler. The manipulation of the argument bid leads to information disclosure. The attack can be launched remotely. The identifier VDB-244945 was assigned to this vulnerability. | ||||
| CVE-2025-27098 | 1 The-guild | 2 Graphql Mesh Cli, Graphql Mesh Http | 2025-02-27 | 5.8 Medium |
| GraphQL Mesh is a GraphQL Federation framework and gateway for both GraphQL Federation and non-GraphQL Federation subgraphs, non-GraphQL services, such as REST and gRPC, and also databases such as MongoDB, MySQL, and PostgreSQL. Missing check vulnerability in the static file handler allows any client to access the files in the server's file system. When `staticFiles` is set in the `serve` settings in the configuration file, the following handler doesn't check if `absolutePath` is still under the directory provided as `staticFiles`. Users have two options to fix vulnerability; 1. Update `@graphql-mesh/cli` to a version higher than `0.82.21`, and if you use `@graphql-mesh/http`, update it to a version higher than `0.3.18` 2. Remove `staticFiles` option from the configuration, and use other solutions to serve static files. | ||||
| CVE-2023-28339 | 1 Opendoas Project | 1 Opendoas | 2025-02-27 | 8.8 High |
| OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later. | ||||
| CVE-2023-28154 | 2 Redhat, Webpack.js | 2 Enterprise Linux, Webpack | 2025-02-27 | 9.8 Critical |
| Webpack 5 before 5.76.0 does not avoid cross-realm object access. ImportParserPlugin.js mishandles the magic comment feature. An attacker who controls a property of an untrusted object can obtain access to the real global object. | ||||
| CVE-2023-0629 | 1 Docker | 1 Docker Desktop | 2025-02-27 | 7.1 High |
| Docker Desktop before 4.17.0 allows an unprivileged user to bypass Enhanced Container Isolation (ECI) restrictions by setting the Docker host to docker.raw.sock, or npipe:////.pipe/docker_engine_linux on Windows, via the -H (--host) CLI flag or the DOCKER_HOST environment variable and launch containers without the additional hardening features provided by ECI. This would not affect already running containers, nor containers launched through the usual approach (without Docker's raw socket). The affected functionality is available for Docker Business customers only and assumes an environment where users are not granted local root or Administrator privileges. This issue has been fixed in Docker Desktop 4.17.0. Affected Docker Desktop versions: from 4.13.0 before 4.17.0. | ||||
| CVE-2024-22360 | 1 Ibm | 1 Db2 | 2025-02-27 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to a denial of service with a specially crafted query on certain columnar tables. IBM X-Force ID: 280905. | ||||
| CVE-2023-25595 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 5.5 Medium |
| A vulnerability exists in the ClearPass OnGuard Ubuntu agent that allows for an attacker with local Ubuntu instance access to potentially obtain sensitive information. Successful Exploitation of this vulnerability allows an attacker to retrieve information that is of a sensitive nature to the ClearPass/OnGuard environment. | ||||