Export limit exceeded: 35330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25915 | 1 Danfoss | 2 Ak-sm 800a, Ak-sm 800a Firmware | 2025-01-17 | 9.9 Critical |
| Due to improper input validation, an authenticated remote attacker could execute arbitrary commands on the target system. | ||||
| CVE-2023-31994 | 1 Hanwhavision | 860 Ane-l6012r, Ane-l6012r Firmware, Ane-l7012r and 857 more | 2025-01-17 | 5.3 Medium |
| Certain Hanwha products are vulnerable to Denial of Service (DoS). ck vector is: When an empty UDP packet is sent to the listening service, the service thread results in a non-functional service (DoS) via WS Discovery and Hanwha proprietary discovery services. This affects IP Camera ANE-L7012R 1.41.01 and IP Camera XNV-9082R 2.10.02. | ||||
| CVE-2023-28015 | 1 Hcl | 1 Domino Appdev Pack | 2025-01-17 | 5.3 Medium |
| The HCL Domino AppDev Pack IAM service is susceptible to a User Account Enumeration vulnerability. During a failed login attempt a difference in messages could allow an attacker to determine if the user is valid or not. The attacker could use this information to focus a brute force attack on valid users. | ||||
| CVE-2022-24806 | 4 Debian, Fedoraproject, Net-snmp and 1 more | 16 Debian Linux, Fedora, Net-snmp and 13 more | 2025-01-17 | 6.5 Medium |
| net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a user with read-write credentials can exploit an Improper Input Validation vulnerability when SETing malformed OIDs in master agent and subagent simultaneously. Version 5.9.2 contains a patch. Users should use strong SNMPv3 credentials and avoid sharing the credentials. Those who must use SNMPv1 or SNMPv2c should use a complex community string and enhance the protection by restricting access to a given IP address range. | ||||
| CVE-2024-28235 | 1 Contao | 1 Contao | 2025-01-17 | 8.4 High |
| Contao is an open source content management system. Starting in version 4.9.0 and prior to versions 4.13.40 and 5.3.4, when checking for broken links on protected pages, Contao sends the cookie header to external urls as well, the passed options for the http client are used for all requests. Contao versions 4.13.40 and 5.3.4 have a patch for this issue. As a workaround, disable crawling protected pages. | ||||
| CVE-2023-22805 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 6.5 Medium |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 has improper access control to its read prohibition feature. This could allow a remote attacker to remotely set the feature to lock users out of reading data from the device. | ||||
| CVE-2023-22807 | 1 Ls-electric | 2 Xbc-dn32u, Xbc-dn32u Firmware | 2025-01-16 | 9.8 Critical |
| LS ELECTRIC XBC-DN32U with operating system version 01.80 does not properly control access to the PLC over its internal XGT protocol. An attacker could control and tamper with the PLC by sending the packets to the PLC over its XGT protocol. | ||||
| CVE-2023-0347 | 1 Akuvox | 2 E11, E11 Firmware | 2025-01-16 | 7.5 High |
| The Akuvox E11 Media Access Control (MAC) address, a primary identifier, combined with the Akuvox E11 IP address, could allow an attacker to identify the device on the Akuvox cloud. | ||||
| CVE-2023-1138 | 1 Deltaww | 1 Infrasuite Device Master | 2025-01-16 | 7.5 High |
| Delta Electronics InfraSuite Device Master versions prior to 1.0.5 contain an improper access control vulnerability, which could allow an attacker to retrieve Gateway configuration files to obtain plaintext credentials. | ||||
| CVE-2023-1751 | 1 Getnexx | 8 Nxal-100, Nxal-100 Firmware, Nxg-100b and 5 more | 2025-01-16 | 7.5 High |
| The listed versions of Nexx Smart Home devices use a WebSocket server that does not validate if the bearer token in the Authorization header belongs to the device attempting to associate. This could allow any authorized user to receive alarm information and signals meant for other devices which leak a deviceId. | ||||
| CVE-2023-1968 | 1 Illumina | 22 Iscan, Iscan Firmware, Iseq 100 and 19 more | 2025-01-16 | 10 Critical |
| Instruments with Illumina Universal Copy Service v2.x are vulnerable due to binding to an unrestricted IP address. An unauthenticated malicious actor could use UCS to listen on all IP addresses, including those capable of accepting remote communications. | ||||
| CVE-2023-31241 | 2 Control4, Snapone | 13 Ca-1, Ca-10, Ea-1 and 10 more | 2025-01-16 | 8.6 High |
| Snap One OvrC cloud servers contain a route an attacker can use to bypass requirements and claim devices outright. | ||||
| CVE-2023-25183 | 1 Snapone | 2 Orvc, Ovrc-300-pro | 2025-01-16 | 8.3 High |
| In Snap One OvrC Pro versions prior to 7.2, when logged into the superuser account, a new functionality appears that could allow users to execute arbitrary commands on the hub device. | ||||
| CVE-2023-4215 | 1 Advantech | 1 Webaccess | 2025-01-16 | 6.5 Medium |
| Advantech WebAccess version 9.1.3 contains an exposure of sensitive information to an unauthorized actor vulnerability that could leak user credentials. | ||||
| CVE-2023-45228 | 1 Sielco | 30 Analog Fm Transmitter Exc1000gt, Analog Fm Transmitter Exc1000gt Firmware, Analog Fm Transmitter Exc1000gx and 27 more | 2025-01-16 | 6.5 Medium |
| The application suffers from improper access control when editing users. A user with read permissions can manipulate users, passwords, and permissions by sending a single HTTP POST request with modified parameters. | ||||
| CVE-2023-46661 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 9.8 Critical |
| Sielco PolyEco1000 is vulnerable to an attacker escalating their privileges by modifying passwords in POST requests. | ||||
| CVE-2023-46662 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 7.5 High |
| Sielco PolyEco1000 is vulnerable to an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information. | ||||
| CVE-2023-46663 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 7.5 High |
| Sielco PolyEco1000 is vulnerable to an attacker bypassing authorization and accessing resources behind protected pages. The application interface allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. | ||||
| CVE-2023-46664 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 7.5 High |
| Sielco PolyEco1000 is vulnerable to an improper access control vulnerability when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability attackers can bypass authorization and access resources behind protected pages. | ||||
| CVE-2023-46665 | 1 Sielco | 6 Polyeco1000, Polyeco1000 Firmware, Polyeco300 and 3 more | 2025-01-16 | 9.8 Critical |
| Sielco PolyEco1000 is vulnerable to an authentication bypass vulnerability due to an attacker modifying passwords in a POST request and gain unauthorized access to the affected device with administrative privileges. | ||||