Export limit exceeded: 344111 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2919 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-2822 | 1 Ellucian | 1 Ethos Identity | 2025-02-12 | 4.3 Medium |
| A vulnerability was found in Ellucian Ethos Identity up to 5.10.5. It has been classified as problematic. Affected is an unknown function of the file /cas/logout. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.10.6 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-229596. | ||||
| CVE-2023-27179 | 1 Gdidees | 1 Gdidees Cms | 2025-02-11 | 7.5 High |
| GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php. | ||||
| CVE-2023-26067 | 1 Lexmark | 163 B2236, B2338, B2442 and 160 more | 2025-02-11 | 8.1 High |
| Certain Lexmark devices through 2023-02-19 mishandle Input Validation (issue 1 of 4). | ||||
| CVE-2024-24116 | 1 Ruijie | 2 Rg-nbs2009g-p, Rg-nbs2009g-p Firmware | 2025-02-10 | 9.8 Critical |
| An issue in Ruijie RG-NBS2009G-P RGOS v.10.4(1)P2 Release(9736) allows a remote attacker to gain privileges via the system/config_menu.htm. | ||||
| CVE-2023-28341 | 1 Zohocorp | 1 Manageengine Applications Manager | 2025-02-10 | 6.1 Medium |
| Stored Cross site scripting (XSS) vulnerability in Zoho ManageEngine Applications Manager through 16340 allows an unauthenticated user to inject malicious javascript on the incorrect login details page. | ||||
| CVE-2022-1329 | 1 Elementor | 1 Website Builder | 2025-02-07 | 8.8 High |
| The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2. | ||||
| CVE-2023-29084 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2025-02-07 | 7.2 High |
| Zoho ManageEngine ADManager Plus before 7181 allows for authenticated users to exploit command injection via Proxy settings. | ||||
| CVE-2022-38840 | 1 Guralp | 1 Man-eam-0003 | 2025-02-06 | 7.5 High |
| cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity (XXE) issue via XML file upload, which leads to local file disclosure. | ||||
| CVE-2023-29887 | 1 Nuovo | 1 Spreadsheet-reader | 2025-02-06 | 7.5 High |
| A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. | ||||
| CVE-2023-30547 | 2 Redhat, Vm2 Project | 3 Acm, Multicluster Engine, Vm2 | 2025-02-05 | 9.8 Critical |
| vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to raise an unsanitized host exception inside `handleException()` which can be used to escape the sandbox and run arbitrary code in host context. This vulnerability was patched in the release of version `3.9.17` of `vm2`. There are no known workarounds for this vulnerability. Users are advised to upgrade. | ||||
| CVE-2023-29923 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 5.3 Medium |
| PowerJob V4.3.1 is vulnerable to Insecure Permissions. via the list job interface. | ||||
| CVE-2023-29922 | 1 Powerjob | 1 Powerjob | 2025-02-05 | 5.3 Medium |
| PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface. | ||||
| CVE-2023-20864 | 1 Vmware | 2 Aria Operations For Logs, Cloud Foundation | 2025-02-05 | 9.8 Critical |
| VMware Aria Operations for Logs contains a deserialization vulnerability. An unauthenticated, malicious actor with network access to VMware Aria Operations for Logs may be able to execute arbitrary code as root. | ||||
| CVE-2024-2330 | 1 Netentsec | 1 Application Security Gateway | 2025-02-05 | 6.3 Medium |
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2227 | 1 Modoboa | 1 Modoboa | 2025-02-04 | 9.1 Critical |
| Improper Authorization in GitHub repository modoboa/modoboa prior to 2.1.0. | ||||
| CVE-2023-31059 | 1 Repetier-server | 1 Repetier-server | 2025-02-04 | 7.5 High |
| Repetier Server through 1.4.10 allows ..%5c directory traversal for reading files that contain credentials, as demonstrated by connectionLost.php. | ||||
| CVE-2023-1020 | 1 Wp Live Chat Shoutbox Project | 1 Wp Live Chat Shoutbox | 2025-02-04 | 9.8 Critical |
| The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. | ||||
| CVE-2023-28770 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | 7.5 High |
| The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | ||||
| CVE-2021-39312 | 1 Trueranker | 1 True Ranker | 2025-01-31 | 7.5 High |
| The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. | ||||
| CVE-2023-2356 | 1 Lfprojects | 1 Mlflow | 2025-01-30 | 7.5 High |
| Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||