Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27087 | 1 Xuxueli | 1 Xxl-job | 2025-02-26 | 7.5 High |
| Permissions vulnerabiltiy found in Xuxueli xxl-job v2.2.0, v 2.3.0 and v.2.3.1 allows attacker to obtain sensitive information via the pageList parameter. | ||||
| CVE-2023-1542 | 1 Answer | 1 Answer | 2025-02-26 | 5.4 Medium |
| Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-27842 | 1 Extplorer | 1 Extplorer | 2025-02-26 | 8.8 High |
| Insecure Permissions vulnerability found in Extplorer File manager eXtplorer v.2.1.15 allows a remote attacker to execute arbitrary code via the index.php compenent | ||||
| CVE-2023-24795 | 1 Jcgcn.com | 2 Jhr-n916r, Jhr-n916r Firmware | 2025-02-26 | 9.8 Critical |
| Command execution vulnerability was discovered in JHR-N916R router firmware version<=21.11.1.1483. | ||||
| CVE-2023-1168 | 1 Hpe | 20 Aruba Cx 10000-48y6, Aruba Cx 6200f 48g, Aruba Cx 6200m 24g and 17 more | 2025-02-26 | 7.2 High |
| An authenticated remote code execution vulnerability exists in the AOS-CX Network Analytics Engine. Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system, leading to a complete compromise of the switch running AOS-CX. | ||||
| CVE-2022-45634 | 1 Megaeis | 1 Dbd\+ | 2025-02-26 | 4.3 Medium |
| An issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 allows authenticated attacker to gain access to sensitive account information | ||||
| CVE-2023-27873 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-26 | 6.5 Medium |
| IBM Aspera Faspex 4.4.2 could allow a remote authenticated attacker to obtain sensitive credential information using specially crafted XML input. IBM X-Force ID: 249654. | ||||
| CVE-2023-27060 | 1 Lightcms Project | 1 Lightcms | 2025-02-26 | 9.8 Critical |
| LightCMS v1.3.7 was discovered to contain a remote code execution (RCE) vulnerability via the image:make function. | ||||
| CVE-2023-28610 | 1 Omicronenergy | 2 Stationguard, Stationscout | 2025-02-26 | 9.8 Critical |
| The update process in OMICRON StationGuard and OMICRON StationScout before 2.21 can be exploited by providing a modified firmware update image. This allows a remote attacker to gain root access to the system. | ||||
| CVE-2024-1302 | 1 Badgermeter | 1 Monitool | 2025-02-26 | 7.3 High |
| Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials. | ||||
| CVE-2024-24765 | 1 Icewhale | 1 Casaos | 2025-02-26 | 7.5 High |
| CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue. | ||||
| CVE-2023-31341 | 1 Amd | 2 Amd Uprof, Uprof | 2025-02-26 | 7.3 High |
| Insufficient validation of the Input Output Control (IOCTL) input buffer in AMD μProf may allow an authenticated attacker to cause an out-of-bounds write, potentially causing a Windows® OS crash, resulting in denial of service. | ||||
| CVE-2024-0387 | 1 Moxa | 14 Eds-4008, Eds-4008 Firmware, Eds-4009 and 11 more | 2025-02-25 | 6.5 Medium |
| The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. | ||||
| CVE-2023-20953 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to bypass factory reset protection due to incorrect UI being shown prior to setup completion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-251778420 | ||||
| CVE-2022-45003 | 1 Getgophish | 1 Gophish | 2025-02-25 | 7.5 High |
| Gophish through 0.12.1 allows attackers to cause a Denial of Service (DoS) via a crafted payload involving autofocus. | ||||
| CVE-2023-28758 | 1 Veritas | 1 Netbackup | 2025-02-25 | 7.1 High |
| An issue was discovered in Veritas NetBackup before 8.3.0.2. BPCD allows an unprivileged user to specify a log file path when executing a NetBackup command. This can be used to overwrite existing NetBackup log files. | ||||
| CVE-2024-2424 | 1 Rockwellautomation | 2 5015-aenftxt, 5015-aenftxt Firmware | 2025-02-25 | 7.5 High |
| An input validation vulnerability exists in the Rockwell Automation 5015-AENFTXT that causes the secondary adapter to result in a major nonrecoverable fault (MNRF) when malicious input is entered. If exploited, the availability of the device will be impacted, and a manual restart is required. Additionally, a malformed PTP packet is needed to exploit this vulnerability. | ||||
| CVE-2022-25899 | 1 Intel | 1 Open Active Management Technology Cloud Toolkit | 2025-02-25 | 9.8 Critical |
| Authentication bypass for the Open AMT Cloud Toolkit software maintained by Intel(R) before versions 2.0.2 and 2.2.2 may allow an unauthenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-20962 | 1 Google | 1 Android | 2025-02-25 | 5.5 Medium |
| In getSliceEndItem of MediaVolumePreferenceController.java, there is a possible way to start foreground activity from the background due to an unsafe PendingIntent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-256590210 | ||||
| CVE-2023-20559 | 1 Amd | 178 Athlon Gold 3150u, Athlon Gold 3150u Firmware, Athlon Silver 3050u and 175 more | 2025-02-25 | 8.8 High |
| Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges. | ||||