Export limit exceeded: 35330 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35330 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25748 | 1 Kubernetes | 1 Ingress-nginx | 2025-01-16 | 7.6 High |
| A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential has access to all secrets in the cluster. | ||||
| CVE-2021-25749 | 2 Kubernetes, Redhat | 2 Kubernetes, Openshift | 2025-01-16 | 7.8 High |
| Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. | ||||
| CVE-2023-1174 | 2 Apple, Kubernetes | 2 Macos, Minikube | 2025-01-16 | 9.8 Critical |
| This vulnerability exposes a network port in minikube running on macOS with Docker driver that could enable unexpected remote access to the minikube container. | ||||
| CVE-2023-2845 | 1 Fit2cloud | 1 Cloudexplorer Lite | 2025-01-16 | 8.1 High |
| Improper Access Control in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0. | ||||
| CVE-2024-26149 | 1 Vyperlang | 1 Vyper | 2025-01-16 | 3.7 Low |
| Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. | ||||
| CVE-2023-30851 | 1 Cilium | 1 Cilium | 2025-01-16 | 2.6 Low |
| Cilium is a networking, observability, and security solution with an eBPF-based dataplane. This issue only impacts users who have a HTTP policy that applies to multiple `toEndpoints` AND have an allow-all rule in place that affects only one of those endpoints. In such cases, a wildcard rule will be appended to the set of HTTP rules, which could cause bypass of HTTP policies. This issue has been patched in Cilium 1.11.16, 1.12.9, and 1.13.2. | ||||
| CVE-2024-23302 | 1 Couchbase | 1 Couchbase Server | 2025-01-16 | 7.5 High |
| Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. | ||||
| CVE-2023-31225 | 1 Huawei | 1 Emui | 2025-01-16 | 3.3 Low |
| The Gallery app has the risk of hijacking attacks. Successful exploitation of this vulnerability may cause download failures and affect product availability. | ||||
| CVE-2024-4837 | 1 Progress | 1 Telerik Report Server | 2025-01-16 | 5.3 Medium |
| In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability. | ||||
| CVE-2024-5806 | 1 Progress | 1 Moveit Transfer | 2025-01-16 | 9.1 Critical |
| Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | ||||
| CVE-2024-34080 | 1 Mantisbt | 1 Mantisbt | 2025-01-16 | 5.3 Medium |
| MantisBT (Mantis Bug Tracker) is an open source issue tracker. If an issue references a note that belongs to another issue that the user doesn't have access to, then it gets hyperlinked. Clicking on the link gives an access denied error as expected, yet some information remains available via the link, link label, and tooltip. This can result in disclosure of the existence of the note, the note author name, the note creation timestamp, and the issue id the note belongs to. Version 2.26.2 contains a patch for the issue. No known workarounds are available. | ||||
| CVE-2023-33248 | 1 Amazon | 2 Alexa, Echo Dot | 2025-01-16 | 7.6 High |
| Amazon Alexa software version 8960323972 on Echo Dot 2nd generation and 3rd generation devices potentially allows attackers to deliver security-relevant commands via an audio signal between 16 and 22 kHz (often outside the range of human adult hearing). Commands at these frequencies are essentially never spoken by authorized actors, but a substantial fraction of the commands are successful. | ||||
| CVE-2023-33247 | 1 Talend | 1 Data Catalog | 2025-01-16 | 7.5 High |
| Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) | ||||
| CVE-2023-26280 | 1 Ibm | 1 Jazz Foundation | 2025-01-16 | 5.3 Medium |
| IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | ||||
| CVE-2023-20882 | 1 Cloudfoundry | 2 Cf-deployment, Routing Release | 2025-01-16 | 5.9 Medium |
| In Cloud foundry routing release versions from 0.262.0 and prior to 0.266.0,a bug in the gorouter process can lead to a denial of service of applications hosted on Cloud Foundry. Under the right circumstances, when client connections are closed prematurely, gorouter marks the currently selected backend as failed and removes it from the routing pool. | ||||
| CVE-2024-37966 | 1 Microsoft | 4 Sql Server, Sql Server 2017, Sql Server 2019 and 1 more | 2025-01-15 | 7.1 High |
| Microsoft SQL Server Native Scoring Information Disclosure Vulnerability | ||||
| CVE-2023-31227 | 1 Huawei | 1 Emui | 2025-01-15 | 7.5 High |
| The hwPartsDFR module has a vulnerability in API calling verification. Successful exploitation of this vulnerability may affect device confidentiality. | ||||
| CVE-2024-43755 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||
| CVE-2024-43731 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 4.3 Medium |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on integrity. Exploitation of this issue does not require user interaction. | ||||
| CVE-2024-52831 | 1 Adobe | 1 Experience Manager | 2025-01-15 | 3.5 Low |
| Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction. | ||||