Export limit exceeded: 35512 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2410 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24461 | 3 Apple, F5, Microsoft | 3 Macos, Big-ip Access Policy Manager, Windows | 2025-01-29 | 7.4 High |
| An improper certificate validation vulnerability exists in the BIG-IP Edge Client for Windows and macOS and may allow an attacker to impersonate a BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||
| CVE-2024-35299 | 1 Jetbrains | 1 Youtrack | 2025-01-28 | 5.9 Medium |
| In JetBrains YouTrack before 2024.1.29548 the SMTPS protocol communication lacked proper certificate hostname validation | ||||
| CVE-2023-23901 | 1 Seiko-sol | 4 Skybridge Basic Mb-a130, Skybridge Basic Mb-a130 Firmware, Skybridge Mb-a200 and 1 more | 2025-01-28 | 4.8 Medium |
| Improper following of a certificate's chain of trust exists in SkyBridge MB-A200 firmware Ver. 01.00.05 and earlier, and SkyBridge BASIC MB-A130 firmware Ver. 1.4.1 and earlier, which may allow a remote unauthenticated attacker to eavesdrop on or alter the communication sent to the WebUI of the product. | ||||
| CVE-2024-22092 | 1 Openatom | 1 Openharmony | 2025-01-27 | 7.7 High |
| in OpenHarmony v3.2.4 and prior versions allow a remote attacker bypass permission verification to install apps, although these require user action. | ||||
| CVE-2023-27823 | 1 Optoma | 1 1080pstx | 2025-01-24 | 9.8 Critical |
| An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials. | ||||
| CVE-2023-31151 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-24 | 4.7 Medium |
| An Improper Certificate Validation vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface could allow a remote unauthenticated attacker to conduct a man-in-the-middle (MitM) attack. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2024-3848 | 1 Lfprojects | 1 Mlflow | 2025-01-24 | 7.5 High |
| A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for the previously addressed CVE-2023-6909. The vulnerability arises from the application's handling of artifact URLs, where a '#' character can be used to insert a path into the fragment, effectively skipping validation. This allows an attacker to construct a URL that, when processed, ignores the protocol scheme and uses the provided path for filesystem access. As a result, an attacker can read arbitrary files, including sensitive information such as SSH and cloud keys, by exploiting the way the application converts the URL into a filesystem path. The issue stems from insufficient validation of the fragment portion of the URL, leading to arbitrary file read through path traversal. | ||||
| CVE-2023-32994 | 1 Jenkins | 1 Saml Single Sign On | 2025-01-23 | 3.7 Low |
| Jenkins SAML Single Sign On(SSO) Plugin 2.1.0 and earlier unconditionally disables SSL/TLS certificate validation for connections to miniOrange or the configured IdP to retrieve SAML metadata, which could be abused using a man-in-the-middle attack to intercept these connections. | ||||
| CVE-2024-42186 | 2025-01-23 | 2.8 Low | ||
| BigFix Patch Download Plug-ins are affected by an insecure protocol support. The application can allow improper handling of SSL certificates validation. | ||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2025-01-22 | 9.8 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
| CVE-2022-45457 | 2 Acronis, Microsoft | 3 Agent, Cyber Protect, Windows | 2025-01-22 | 7.5 High |
| Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows) before build 29633, Acronis Cyber Protect 15 (Windows) before build 30984. | ||||
| CVE-2022-45458 | 4 Acronis, Apple, Linux and 1 more | 5 Agent, Cyber Protect, Macos and 2 more | 2025-01-22 | 7.5 High |
| Sensitive information disclosure and manipulation due to improper certification validation. The following products are affected: Acronis Agent (Windows, macOS, Linux) before build 29633, Acronis Cyber Protect 15 (Windows, macOS, Linux) before build 30984. | ||||
| CVE-2024-52534 | 1 Dell | 1 Elastic Cloud Storage | 2025-01-21 | 5.4 Medium |
| Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | ||||
| CVE-2023-20881 | 1 Cloudfoundry | 3 Capi-release, Cf-deployment, Loggregator-agent | 2025-01-21 | 8.1 High |
| Cloud foundry instances having CAPI version between 1.140 and 1.152.0 along with loggregator-agent v7+ may override other users syslog drain credentials if they're aware of the client certificate used for that syslog drain. This applies even if the drain has zero certs. This would allow the user to override the private key and add or modify a certificate authority used for the connection. | ||||
| CVE-2023-31762 | 1 Mydigoo | 2 Dg-hamb, Dg-hamb Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31761 | 1 Blitzwolf | 2 Bw-is22, Bw-is22 Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of Blitzwolf BW-IS22 Smart Home Security Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-31759 | 1 Keruistore | 2 Kerui W18, Kerui W18 Firmware | 2025-01-17 | 7.5 High |
| Weak Security in the 433MHz keyfob of Kerui W18 Alarm System v1.0 allows attackers to gain full access via a code replay attack. | ||||
| CVE-2023-31763 | 1 Agshome Smart Alarm Project | 2 Agshome Smart Alarm, Agshome Smart Alarm Firmware | 2025-01-17 | 7.5 High |
| Weak security in the transmitter of AGShome Smart Alarm v1.0 allows attackers to gain full access to the system via a code replay attack. | ||||
| CVE-2023-0104 | 1 Weintek | 1 Easybuilder Pro | 2025-01-16 | 9.3 Critical |
| The listed versions for Weintek EasyBuilder Pro are vulnerable to a ZipSlip attack caused by decompiling a malicious project file. This may allow an attacker to gain control of the user’s computer or gain access to sensitive data. | ||||
| CVE-2023-36857 | 1 Bakerhughes | 2 Bentley Nevada 3500 System, Bentley Nevada 3500 System Firmware | 2025-01-16 | 5.4 Medium |
| Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access. | ||||