Export limit exceeded: 352128 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35344 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35344 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-27951 | 1 Apple | 1 Macos | 2025-01-29 | 5.5 Medium |
| The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.3, macOS Monterey 12.6.4, macOS Big Sur 11.7.5. An archive may be able to bypass Gatekeeper. | ||||
| CVE-2023-31133 | 1 Ghost | 1 Ghost | 2025-01-29 | 7.5 High |
| Ghost is an app for new-media creators with tools to build a website, publish content, send newsletters, and offer paid subscriptions to members. Prior to version 5.46.1, due to a lack of validation when filtering on the public API endpoints, it is possible to reveal private fields via a brute force attack. Ghost(Pro) has already been patched. Maintainers can find no evidence that the issue was exploited on Ghost(Pro) prior to the patch being added. Self-hosters are impacted if running Ghost a version below v5.46.1. v5.46.1 contains a fix for this issue. As a workaround, add a block for requests to `/ghost/api/content/*` where the `filter` query parameter contains `password` or `email`. | ||||
| CVE-2023-28318 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where messages can be hidden regardless of the Message_KeepHistory or Message_ShowDeletedStatus server configuration. This allows users to bypass the intended message deletion behavior, hiding messages and deletion notices. | ||||
| CVE-2023-28317 | 1 Rocket.chat | 1 Rocket.chat | 2025-01-28 | 5.3 Medium |
| A vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messages in an incorrect order. | ||||
| CVE-2023-23578 | 1 Seiko-sol | 2 Skybridge Mb-a200, Skybridge Mb-a200 Firmware | 2025-01-28 | 7.5 High |
| Improper access control vulnerability in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier allows a remote unauthenticated attacker to connect to the product's ADB port. | ||||
| CVE-2022-44419 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-01-28 | 5.5 Medium |
| In modem, there is a possible missing verification of NAS Security Mode Command Replay Attacks in LTE. This could local denial of service with no additional execution privileges. | ||||
| CVE-2023-28762 | 1 Sap | 1 Businessobjects Business Intelligence | 2025-01-28 | 9.1 Critical |
| SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting into accessing and modifying data. The attacker can also make the system partially or entirely unavailable. | ||||
| CVE-2021-46755 | 1 Amd | 46 Ryzen 3100, Ryzen 3100 Firmware, Ryzen 3300x and 43 more | 2025-01-28 | 7.5 High |
| Failure to unmap certain SysHub mappings in error paths of the ASP (AMD Secure Processor) bootloader may allow an attacker with a malicious bootloader to exhaust the SysHub resources resulting in a potential denial of service. | ||||
| CVE-2021-46753 | 1 Amd | 132 Athlon Gold 3150g, Athlon Gold 3150g Firmware, Athlon Gold 3150ge and 129 more | 2025-01-28 | 9.1 Critical |
| Failure to validate the length fields of the ASP (AMD Secure Processor) sensor fusion hub headers may allow an attacker with a malicious Uapp or ABL to map the ASP sensor fusion hub region and overwrite data structures leading to a potential loss of confidentiality and integrity. | ||||
| CVE-2021-26406 | 1 Amd | 80 Epyc 7232p, Epyc 7232p Firmware, Epyc 7251 and 77 more | 2025-01-28 | 7.5 High |
| Insufficient validation in parsing Owner's Certificate Authority (OCA) certificates in SEV (AMD Secure Encrypted Virtualization) and SEV-ES user application can lead to a host crash potentially resulting in denial of service. | ||||
| CVE-2021-26397 | 1 Amd | 46 Epyc 72f3, Epyc 72f3 Firmware, Epyc 7313 and 43 more | 2025-01-28 | 7.1 High |
| Insufficient address validation, may allow an attacker with a compromised ABL and UApp to corrupt sensitive memory locations potentially resulting in a loss of integrity or availability. | ||||
| CVE-2021-26379 | 1 Amd | 96 Epyc 7232p, Epyc 7232p Firmware, Epyc 7252 and 93 more | 2025-01-28 | 9.8 Critical |
| Insufficient input validation of mailbox data in the SMU may allow an attacker to coerce the SMU to corrupt SMRAM, potentially leading to a loss of integrity and privilege escalation. | ||||
| CVE-2021-26371 | 1 Amd | 256 Amd 3015ce, Amd 3015ce Firmware, Amd 3015e and 253 more | 2025-01-28 | 5.5 Medium |
| A compromised or malicious ABL or UApp could send a SHA256 system call to the bootloader, which may result in exposure of ASP memory to userspace, potentially leading to information disclosure. | ||||
| CVE-2023-29752 | 1 Ekatox | 1 Facemoji Emoji Keyboard | 2025-01-28 | 7.8 High |
| An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the component. | ||||
| CVE-2023-25650 | 1 Zte | 1 Zxcloud Irai | 2025-01-28 | 6.5 Medium |
| There is an arbitrary file download vulnerability in ZXCLOUD iRAI. Since the backend does not escape special strings or restrict paths, an attacker with user permission could access the download interface by modifying the request parameter, causing arbitrary file downloads. | ||||
| CVE-2023-27510 | 1 Jubei | 1 Jb Inquiry Form | 2025-01-28 | 5.3 Medium |
| JB Inquiry form contains an exposure of private personal information to an unauthorized actor vulnerability, which may allow a remote unauthenticated attacker to obtain information entered from forms created using the affected product. The affected products and versions are as follows: JB Inquiry form versions 0.6.1 and 0.6.0, JB Inquiry form versions 0.5.2, 0.5.1 and 0.5.0, and JB Inquiry form version 0.40. | ||||
| CVE-2023-22361 | 1 Seiko-sol | 4 Skybridge Mb-a100, Skybridge Mb-a100 Firmware, Skybridge Mb-a110 and 1 more | 2025-01-28 | 4.3 Medium |
| Improper privilege management vulnerability in SkyBridge MB-A100/110 firmware Ver. 4.2.0 and earlier allows a remote authenticated attacker to alter a WebUI password of the product. | ||||
| CVE-2023-27563 | 1 N8n | 1 N8n | 2025-01-27 | 8.8 High |
| The n8n package 0.218.0 for Node.js allows Escalation of Privileges. | ||||
| CVE-2023-31587 | 1 Tenda | 2 Ac5, Ac5 Firmware | 2025-01-27 | 9.8 Critical |
| Tenda AC5 router V15.03.06.28 was discovered to contain a remote code execution (RCE) vulnerability via the Mac parameter at ip/goform/WriteFacMac. | ||||
| CVE-2023-31471 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-27 | 9.8 Critical |
| An issue was discovered on GL.iNet devices before 3.216. Through the software installation feature, it is possible to install arbitrary software, such as a reverse shell, because the restrictions on the available package list are limited to client-side verification. It is possible to install software from the filesystem, the package list, or a URL. | ||||