Export limit exceeded: 11548 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10897 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10897 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-25270 | 1 Mirapolis | 1 Lms | 2025-03-25 | 4.3 Medium |
| An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | ||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2025-03-25 | 6.1 Medium |
| Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. | ||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 6.4 Medium |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2024-38874 | 1 Typo3 | 1 Events2 | 2025-03-24 | 5.4 Medium |
| An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users. | ||||
| CVE-2022-48290 | 1 Huawei | 1 Harmonyos | 2025-03-24 | 9.1 Critical |
| The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | ||||
| CVE-2022-48287 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-24 | 7.5 High |
| The HwContacts module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data integrity. | ||||
| CVE-2023-22797 | 2 Actionpack Project, Rubyonrails | 2 Actionpack, Rails | 2025-03-24 | 6.1 Medium |
| An open redirect vulnerability is fixed in Rails 7.0.4.1 with the new protection against open redirects from calling redirect_to with untrusted user input. In prior versions the developer was fully responsible for only providing trusted input. However the check introduced could allow an attacker to bypass with a carefully crafted URL resulting in an open redirect vulnerability. | ||||
| CVE-2023-24323 | 1 Mojoportal | 1 Mojoportal | 2025-03-24 | 8.8 High |
| Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability. | ||||
| CVE-2023-21445 | 1 Samsung | 1 Android | 2025-03-24 | 5.5 Medium |
| Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent. | ||||
| CVE-2024-0008 | 1 Paloaltonetworks | 1 Pan-os | 2025-03-24 | 6.6 Medium |
| Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. | ||||
| CVE-2023-21447 | 1 Samsung | 1 Cloud | 2025-03-24 | 4 Medium |
| Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | ||||
| CVE-2023-21438 | 1 Samsung | 1 Android | 2025-03-24 | 2.1 Low |
| Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | ||||
| CVE-2022-34366 | 1 Dell | 1 Supportassist For Home Pcs | 2025-03-24 | 6.5 Medium |
| Dell SupportAssist for Home PCs (version 3.11.2 and prior) contain Overly Permissive Cross-domain Whitelist vulnerability. An authenticated non-admin user could potentially exploit the issue and obtain sensitive information. | ||||
| CVE-2022-4903 | 1 Codenameone | 1 Codename One | 2025-03-24 | 5 Medium |
| A vulnerability was found in CodenameOne 7.0.70. It has been classified as problematic. Affected is an unknown function. The manipulation leads to use of implicit intent for sensitive communication. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 7.0.71 is able to address this issue. The patch is identified as dad49c9ef26a598619fc48d2697151a02987d478. It is recommended to upgrade the affected component. VDB-220470 is the identifier assigned to this vulnerability. | ||||
| CVE-2022-34452 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-24 | 2.7 Low |
| PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs. | ||||
| CVE-2023-0575 | 4 Apple, Linux, Microsoft and 1 more | 5 Iphone Os, Macos, Linux Kernel and 2 more | 2025-03-24 | 7.2 High |
| External Control of Critical State Data, Improper Control of Generation of Code ('Code Injection') vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS (DevopsBase.Java:execCommand, TableManager.Java:runCommand modules) allows API Manipulation, Privilege Abuse. This vulnerability is associated with program files backup.Py. This issue affects Yugabyte DB: Lesser then 2.2.0.0 | ||||
| CVE-2022-21940 | 1 Johnsoncontrols | 1 Metasys System Configuration Tool | 2025-03-24 | 7.5 High |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie. | ||||
| CVE-2023-22832 | 1 Apache | 1 Nifi | 2025-03-24 | 7.5 High |
| The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor. | ||||
| CVE-2025-2125 | 1 Assaabloy | 1 Control Id Rhid | 2025-03-24 | 4.3 Medium |
| A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovante_marcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of resource identifiers. The attack can be initiated remotely. The vendor was contacted early about this disclosure but did not respond in any way. | ||||