Export limit exceeded: 10571 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8125 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31954 | 1 Samsung | 1 Samsung Portable Ssd T5 Software For Windows | 2025-02-13 | 7.3 High |
| An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker must already have user privileges) | ||||
| CVE-2025-24389 | 2025-02-12 | 6.3 Medium | ||
| Certain errors of the upstream libraries will insert sensitive information in the OTRS or ((OTRS)) Community Edition log mechanism and mails send to the system administrator. This issue affects: * OTRS 7.0.X * OTRS 8.0.X * OTRS 2023.X * OTRS 2024.X * ((OTRS)) Community Edition: 6.0.x Products based on the ((OTRS)) Community Edition also very likely to be affected | ||||
| CVE-2024-48852 | 2025-02-12 | 9.4 Critical | ||
| Insertion of Sensitive Information into Log File vulnerability observed in FLEXON. Some information may be improperly disclosed through https access. This issue affects FLXEON through <= 9.3.4. | ||||
| CVE-2024-12703 | 2025-02-12 | 7.8 High | ||
| CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. | ||||
| CVE-2024-1651 | 1 Torrentpier | 1 Torrentpier | 2025-02-12 | 10 Critical |
| Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. | ||||
| CVE-2023-27180 | 1 Gdidees | 1 Gdidees Cms | 2025-02-12 | 7.5 High |
| GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /_admin/backup.php. | ||||
| CVE-2023-37398 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2023-35907 | 1 Ibm | 1 Aspera Faspex | 2025-02-12 | 5.9 Medium |
| IBM Aspera Faspex 5.0.0 through 5.0.10 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. | ||||
| CVE-2022-48433 | 1 Jetbrains | 1 Intellij Idea | 2025-02-12 | 6.1 Medium |
| In JetBrains IntelliJ IDEA before 2023.1 the NTLM hash could leak through an API method used in the IntelliJ IDEA built-in web server. | ||||
| CVE-2023-28642 | 2 Linuxfoundation, Redhat | 6 Runc, Enterprise Linux, Openshift and 3 more | 2025-02-12 | 6.1 Medium |
| runc is a CLI tool for spawning and running containers according to the OCI specification. It was found that AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount configuration. This issue has been fixed in runc version 1.1.5, by prohibiting symlinked `/proc`. See PR #3785 for details. users are advised to upgrade. Users unable to upgrade should avoid using an untrusted container image. | ||||
| CVE-2022-47188 | 1 Generex | 2 Cs141, Cs141 Firmware | 2025-02-12 | 7.5 High |
| There is an arbitrary file reading vulnerability in Generex UPS CS141 below 2.06 version. An attacker, making use of the default credentials, could upload a backup file containing a symlink to /etc/shadow, allowing him to obtain the content of this path. | ||||
| CVE-2022-43293 | 1 Wacom | 1 Driver | 2025-02-11 | 5.9 Medium |
| Wacom Driver 6.3.46-1 for Windows was discovered to contain an arbitrary file write vulnerability via the component \Wacom\Wacom_Tablet.exe. | ||||
| CVE-2022-38604 | 2 Microsoft, Wacom | 2 Windows, Driver | 2025-02-11 | 7.3 High |
| Wacom Driver 6.3.46-1 for Windows and lower was discovered to contain an arbitrary file deletion vulnerability. | ||||
| CVE-2023-1712 | 1 Deepset | 1 Haystack | 2025-02-11 | 9.8 Critical |
| Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack prior to 0.1.30. | ||||
| CVE-2023-1753 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-02-11 | 5.5 Medium |
| Weak Password Requirements in GitHub repository thorsten/phpmyfaq prior to 3.1.12. | ||||
| CVE-2023-1381 | 1 Joomunited | 1 Wp Meta Seo | 2025-02-11 | 8.8 High |
| The WP Meta SEO WordPress plugin before 4.5.5 does not validate image file paths before attempting to manipulate the image files, leading to a PHAR deserialization vulnerability. Furthermore, the plugin contains a gadget chain which may be used in certain configurations to achieve remote code execution. | ||||
| CVE-2023-25413 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | 7.5 High |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. The device allows unauthenticated access to Telnet and SNMP credentials. | ||||
| CVE-2023-25407 | 1 Aten | 2 Pe8108, Pe8108 Firmware | 2025-02-11 | 7.2 High |
| Aten PE8108 2.4.232 is vulnerable to Incorrect Access Control. Restricted users have read access to administrator credentials. | ||||
| CVE-2023-25940 | 1 Dell | 1 Emc Powerscale Onefs | 2025-02-11 | 6.7 Medium |
| Dell PowerScale OneFS version 9.5.0.0 contains improper link resolution before file access vulnerability in isi_gather_info. A high privileged local attacker could potentially exploit this vulnerability, leading to system takeover and it breaks the compliance mode guarantees. | ||||
| CVE-2024-52067 | 1 Apache | 1 Nifi | 2025-02-11 | 4.9 Medium |
| Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration. | ||||