Export limit exceeded: 10894 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20939 | 1 Google | 1 Android | 2025-03-21 | 7.8 High |
| In multiple functions of looper_backed_event_loop.cpp, there is a possible way to corrupt memory due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-243362981 | ||||
| CVE-2022-2431 | 1 W3eden | 1 Download Manager | 2025-03-21 | 8.1 High |
| The Download Manager plugin for WordPress is vulnerable to arbitrary file deletion in versions up to, and including 3.2.50. This is due to insufficient file type and path validation on the deleteFiles() function found in the ~/Admin/Menu/Packages.php file that triggers upon download post deletion. This makes it possible for contributor level users and above to supply an arbitrary file path via the 'file[files]' parameter when creating a download post and once the user deletes the post the supplied arbitrary file will be deleted. This can be used by attackers to delete the /wp-config.php file which will reset the installation and make it possible for an attacker to achieve remote code execution on the server. | ||||
| CVE-2021-34639 | 1 W3eden | 1 Download Manager | 2025-03-21 | 7.5 High |
| Authenticated File Upload in WordPress Download Manager <= 3.1.24 allows authenticated (Author+) users to upload files with a double extension, e.g. "payload.php.png" which is executable in some configurations. This issue affects: WordPress Download Manager version 3.1.24 and prior versions. | ||||
| CVE-2023-0704 | 1 Google | 1 Chrome | 2025-03-20 | 6.5 Medium |
| Insufficient policy enforcement in DevTools in Google Chrome prior to 110.0.5481.77 allowed a remote attacker to bypass same origin policy and proxy settings via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-0141 | 1 Google | 1 Chrome | 2025-03-20 | 4.3 Medium |
| Insufficient policy enforcement in CORS in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2023-0131 | 1 Google | 1 Chrome | 2025-03-20 | 6.5 Medium |
| Inappropriate implementation in in iframe Sandbox in Google Chrome prior to 109.0.5414.74 allowed a remote attacker to bypass file download restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2023-24187 | 1 Ureport Project | 1 Ureport | 2025-03-20 | 7.8 High |
| An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile. | ||||
| CVE-2023-23853 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability. | ||||
| CVE-2023-23855 | 1 Sap | 1 Solution Manager | 2025-03-20 | 6.5 Medium |
| SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability. | ||||
| CVE-2023-23860 | 1 Sap | 1 Netweaver Application Server Abap | 2025-03-20 | 6.1 Medium |
| SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. | ||||
| CVE-2019-6781 | 1 Gitlab | 1 Gitlab | 2025-03-20 | 7.5 High |
| An Improper Input Validation issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It was possible to use the profile name to inject a potentially malicious link into notification emails. | ||||
| CVE-2024-5691 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-03-19 | 4.7 Medium |
| By tricking the browser with a `X-Frame-Options` header, a sandboxed iframe could have presented a button that, if clicked by a user, would bypass restrictions to open a new window. This vulnerability affects Firefox < 127, Firefox ESR < 115.12, and Thunderbird < 115.12. | ||||
| CVE-2024-48428 | 1 Olivegroup | 1 Olivevle | 2025-03-19 | 9.8 Critical |
| An issue in Olive VLE allows an attacker to obtain sensitive information via the reset password function. | ||||
| CVE-2023-22377 | 1 Fujitsu | 2 Tsclinical Define.xml Generator, Tsclinical Metadata Desktop Tools | 2025-03-19 | 7.4 High |
| Improper restriction of XML external entity reference (XXE) vulnerability exists in tsClinical Define.xml Generator all versions (v1.0.0 to v1.4.0) and tsClinical Metadata Desktop Tools Version 1.0.3 to Version 1.1.0. If this vulnerability is exploited, an attacker may obtain an arbitrary file which meets a certain condition by reading a specially crafted XML file. | ||||
| CVE-2023-25765 | 1 Jenkins | 1 Email Extension | 2025-03-19 | 9.9 Critical |
| In Jenkins Email Extension Plugin 2.93 and earlier, templates defined inside a folder were not subject to Script Security protection, allowing attackers able to define email templates in folders to bypass the sandbox protection and execute arbitrary code in the context of the Jenkins controller JVM. | ||||
| CVE-2024-8897 | 2 Google, Mozilla | 2 Android, Firefox | 2025-03-19 | 6.1 Medium |
| Under certain conditions, an attacker with the ability to redirect users to a malicious site via an open redirect on a trusted site, may be able to spoof the address bar contents. This can lead to a malicious site to appear to have the same URL as the trusted site. *This bug only affects Firefox for Android. Other versions of Firefox are unaffected.* This vulnerability affects Firefox for Android < 130.0.1. | ||||
| CVE-2023-25192 | 1 Ami | 1 Megarac Sp-x | 2025-03-19 | 5.3 Medium |
| AMI MegaRAC SPX devices allow User Enumeration through Redfish. The fixed versions are SPx12-update-7.00 and SPx13-update-5.00. | ||||
| CVE-2024-47571 | 1 Fortinet | 1 Fortimanager | 2025-03-19 | 7.9 High |
| An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. | ||||
| CVE-2024-29172 | 1 Dell | 1 Bsafe Ssl-j | 2025-03-19 | 5.9 Medium |
| Dell BSAFE SSL-J, versions prior to 6.6 and versions 7.0 through 7.2, contains a deadlock vulnerability. A remote attacker could potentially exploit this vulnerability, leading to a Denial of Service. | ||||
| CVE-2024-42447 | 1 Apache | 2 Airflow, Apache-airflow-providers-fab | 2025-03-19 | 9.8 Critical |
| Insufficient Session Expiration vulnerability in Apache Airflow Providers FAB. This issue affects Apache Airflow Providers FAB: 1.2.1 (when used with Apache Airflow 2.9.3) and FAB 1.2.0 for all Airflow versions. The FAB provider prevented the user from logging out. * FAB provider 1.2.1 only affected Airflow 2.9.3 (earlier and later versions of Airflow are not affected) * FAB provider 1.2.0 affected all versions of Airflow. Users who run Apache Airflow 2.9.3 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Users who run Any Apache Airflow version and have FAB provider 1.2.0 are recommended to upgrade to Apache Airflow Providers FAB version 1.2.2 which fixes the issue. Also upgrading Apache Airflow to latest version available is recommended. Note: Early version of Airflow reference container images of Airflow 2.9.3 and constraint files contained FAB provider 1.2.1 version, but this is fixed in updated versions of the images. Users are advised to pull the latest Airflow images or reinstall FAB provider according to the current constraints. | ||||