Search

Expected end of text, found '/' (at char 31), (line:1, col:32)
Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (349844 CVEs found)

Export CSV
CVE Vendors Products Updated CVSS v3.1
CVE-2024-39694 2024-08-01 4.7 Medium
Duende IdentityServer is an OpenID Connect and OAuth 2.x framework for ASP.NET Core. It is possible for an attacker to craft malicious Urls that certain functions in IdentityServer will incorrectly treat as local and trusted. If such a Url is returned as a redirect, some browsers will follow it to a third-party, untrusted site. Note: by itself, this vulnerability does **not** allow an attacker to obtain user credentials, authorization codes, access tokens, refresh tokens, or identity tokens. An attacker could however exploit this vulnerability as part of a phishing attack designed to steal user credentials. This vulnerability is fixed in 7.0.6, 6.3.10, 6.2.5, 6.1.8, and 6.0.5. Duende.IdentityServer 5.1 and earlier and all versions of IdentityServer4 are no longer supported and will not be receiving updates. If upgrading is not possible, use `IUrlHelper.IsLocalUrl` from ASP.NET Core to validate return Urls in user interface code in the IdentityServer host.
CVE-2024-41660 1 Openbmc-project 1 Slpd-lite 2024-08-01 9.8 Critical
slpd-lite is a unicast SLP UDP server. Any OpenBMC system that includes the slpd-lite package is impacted. Installing this package is the default when building OpenBMC. Nefarious users can send slp packets to the BMC using UDP port 427 to cause memory overflow issues within the slpd-lite daemon on the BMC. Patches will be available in the latest openbmc/slpd-lite repository.
CVE-2023-4262 2024-08-01 N/A
User data field is not attacker controlled
CVE-2024-7205 1 Coolkit 1 Ewelink 2024-07-31 N/A
When the device is shared, the homepage module are before 2.19.0  in eWeLink Cloud Service allows Secondary user to take over devices as primary user via sharing unnecessary device-sensitive information.
CVE-2024-35918 1 Redhat 1 Enterprise Linux 2024-07-30 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-6185 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-6174 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-6164 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-6162 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2017-3769 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2017-3766 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2017-3755 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-4038 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-48185 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-19761 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-19760 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2019-19759 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-26905 2024-07-29 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-6761 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-4848 2024-07-29 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.