Export limit exceeded: 12006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8133 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4612 | 1 Clickstudios | 1 Passwordstate | 2025-04-15 | 4.3 Medium |
| A vulnerability has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome and classified as problematic. This vulnerability affects unknown code. The manipulation leads to insufficiently protected credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. VDB-216274 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-38159 | 1 Microsoft | 10 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 7 more | 2025-04-14 | 7 High |
| Windows Graphics Component Elevation of Privilege Vulnerability | ||||
| CVE-2023-36568 | 1 Microsoft | 3 365 Apps, Office, Office Long Term Servicing Channel | 2025-04-14 | 7 High |
| Microsoft Office Click-To-Run Elevation of Privilege Vulnerability | ||||
| CVE-2023-36711 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2025-04-14 | 7.8 High |
| Windows Runtime C++ Template Library Elevation of Privilege Vulnerability | ||||
| CVE-2023-36723 | 1 Microsoft | 7 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 4 more | 2025-04-14 | 7.8 High |
| Windows Container Manager Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-36737 | 1 Microsoft | 1 Azure Network Watcher | 2025-04-14 | 7.8 High |
| Azure Network Watcher VM Agent Elevation of Privilege Vulnerability | ||||
| CVE-2022-4106 | 1 Cedcommerce | 1 Wholesale Market For Woocommerce | 2025-04-14 | 7.5 High |
| The Wholesale Market for WooCommerce WordPress plugin before 1.0.7 does not have authorisation check, as well as does not validate user input used to generate system path, allowing unauthenticated attackers to download arbitrary file from the server. | ||||
| CVE-2019-14802 | 1 Hashicorp | 1 Nomad | 2025-04-14 | 5.3 Medium |
| HashiCorp Nomad 0.5.0 through 0.9.4 (fixed in 0.9.5) reveals unintended environment variables to the rendering task during template rendering, aka GHSA-6hv3-7c34-4hx8. This applies to nomad/client/allocrunner/taskrunner/template. | ||||
| CVE-2022-4312 | 1 Arcinformatique | 1 Pcvue | 2025-04-14 | 5.5 Medium |
| A cleartext storage of sensitive information vulnerability exists in PcVue versions 8.10 through 15.2.3. This could allow an unauthorized user with access the email and short messaging service (SMS) accounts configuration files to discover the associated simple mail transfer protocol (SMTP) account credentials and the SIM card PIN code. Successful exploitation of this vulnerability could allow an unauthorized user access to the underlying email account and SIM card. | ||||
| CVE-2022-4311 | 1 Arcinformatique | 1 Pcvue | 2025-04-14 | 4.7 Medium |
| An insertion of sensitive information into log file vulnerability exists in PcVue versions 15 through 15.2.2. This could allow a user with access to the log files to discover connection strings of data sources configured for the DbConnect, which could include credentials. Successful exploitation of this vulnerability could allow other users unauthorized access to the underlying data sources. | ||||
| CVE-2024-42196 | 1 Hcltechsw | 1 Hcl Launch | 2025-04-14 | 6.2 Medium |
| HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | ||||
| CVE-2021-44854 | 1 Mediawiki | 1 Mediawiki | 2025-04-14 | 5.3 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis. | ||||
| CVE-2022-45426 | 1 Dahuasecurity | 8 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 5 more | 2025-04-14 | 6.5 Medium |
| Some Dahua software products have a vulnerability of unrestricted download of file. After obtaining the permissions of ordinary users, by sending a specific crafted packet to the vulnerable interface, an attacker can download arbitrary files. | ||||
| CVE-2024-47822 | 2 Directus, Monospace | 2 Directus, Directus | 2025-04-14 | 4.2 Medium |
| Directus is a real-time API and App dashboard for managing SQL database content. Access tokens from query strings are not redacted and are potentially exposed in system logs which may be persisted. The access token in `req.query` is not redacted when the `LOG_STYLE` is set to `raw`. If these logs are not properly sanitized or protected, an attacker with access to it can potentially gain administrative control, leading to unauthorized data access and manipulation. This impacts systems where the `LOG_STYLE` is set to `raw`. The `access_token` in the query could potentially be a long-lived static token. Users with impacted systems should rotate their static tokens if they were provided using query string. This vulnerability has been patched in release version 10.13.2 and subsequent releases as well. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2015-1335 | 2 Canonical, Linuxcontainers | 2 Ubuntu Linux, Lxc | 2025-04-12 | N/A |
| lxc-start in lxc before 1.0.8 and 1.1.x before 1.1.4 allows local container administrators to escape AppArmor confinement via a symlink attack on a (1) mount target or (2) bind mount source. | ||||
| CVE-2013-4472 | 1 Freedesktop | 1 Poppler | 2025-04-12 | N/A |
| The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | ||||
| CVE-2016-9566 | 2 Nagios, Redhat | 3 Nagios, Openstack, Storage | 2025-04-12 | N/A |
| base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565. | ||||
| CVE-2016-7490 | 1 Teradata | 1 Studio Express | 2025-04-12 | N/A |
| The installation script studioexpressinstall for Teradata Studio Express 15.12.00.00 creates files in /tmp insecurely. A malicious local user could create a symlink in /tmp and possibly clobber system files or perhaps elevate privileges. | ||||
| CVE-2016-7124 | 2 Php, Redhat | 2 Php, Rhel Software Collections | 2025-04-12 | N/A |
| ext/standard/var_unserializer.c in PHP before 5.6.25 and 7.x before 7.0.10 mishandles certain invalid objects, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted serialized data that leads to a (1) __destruct call or (2) magic method call. | ||||
| CVE-2016-6330 | 1 Redhat | 1 Jboss Operations Network | 2025-04-12 | N/A |
| The server in Red Hat JBoss Operations Network (JON), when SSL authentication is not configured for JON server / agent communication, allows remote attackers to execute arbitrary code via a crafted HTTP request, related to message deserialization. NOTE: this vulnerability exists because of an incomplete fix for CVE-2016-3737. | ||||