Export limit exceeded: 10890 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10890 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36436 | 1 Mobicint | 1 Mobicint | 2025-02-05 | 5.3 Medium |
| An issue in Mobicint Backend for Credit Unions v3 allows attackers to retrieve partial email addresses and user entered information via submission to the forgotten-password endpoint. | ||||
| CVE-2022-29607 | 1 Opennetworking | 1 Onos | 2025-02-05 | 7.5 High |
| An issue was discovered in ONOS 2.5.1. Modification of an existing intent to have the same source and destination shows the INSTALLED state without any flow rule. Improper handling of such an intent is misleading to a network operator. | ||||
| CVE-2021-43819 | 1 Stargate-bukkit Project | 1 Stargate-bukkit | 2025-02-05 | 7.5 High |
| Stargate-Bukkit is a mod for the minecraft video game which adds a portal focused environment. In affected versions Minecarts with chests will drop their items when teleporting through a portal; when they reappear, they will still have their items impacting the integrity of the game world. The teleport code has since been rewritten and is available in release `0.11.5.1`. Users are advised to upgrade. There are no known workarounds for this issue. | ||||
| CVE-2023-26494 | 1 Thethingsnetwork | 1 Lorawan-stack | 2025-02-04 | 6.1 Medium |
| lorawan-stack is an open source LoRaWAN network server. Prior to version 3.24.1, an open redirect exists on the login page of the lorawan stack server, allowing an attacker to supply a user controlled redirect upon sign in. This issue may allows malicious actors to phish users, as users assume they were redirected to the homepage on login. Version 3.24.1 contains a fix. | ||||
| CVE-2024-49388 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2025-02-04 | 9.1 Critical |
| Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690. | ||||
| CVE-2023-2260 | 1 Alf | 1 Alf | 2025-02-04 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | ||||
| CVE-2023-26058 | 1 Nokia | 1 Netact | 2025-02-04 | 6.5 Medium |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2023-26057 | 1 Nokia | 1 Netact | 2025-02-04 | 6.5 Medium |
| An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user. | ||||
| CVE-2024-52537 | 3 Dell, Linux, Microsoft | 5 Dock Hd22q Firmware Update Utility, Dock Wd19 Firmware Update Utility, Dock Wd22tb4 Firmware Update Utility and 2 more | 2025-02-04 | 6.3 Medium |
| Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | ||||
| CVE-2024-38485 | 1 Dell | 1 Elastic Cloud Storage | 2025-02-04 | 4.3 Medium |
| Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | ||||
| CVE-2024-47480 | 1 Dell | 1 Inventory Collector | 2025-02-04 | 7.8 High |
| Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. | ||||
| CVE-2024-52542 | 1 Dell | 1 Appsync | 2025-02-04 | 4.4 Medium |
| Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. | ||||
| CVE-2022-23721 | 1 Pingidentity | 1 Pingid Integration For Windows Login | 2025-02-04 | 3.8 Low |
| PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times. | ||||
| CVE-2023-29443 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-02-03 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus before 14105, ServiceDesk Plus MSP before 14200, SupportCenter Plus before 14200, and AssetExplorer before 6989 allow SDAdmin attackers to conduct XXE attacks via a crafted server that sends malformed XML from a Reports integration API endpoint. | ||||
| CVE-2024-54728 | 2025-02-03 | 6.5 Medium | ||
| Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs. | ||||
| CVE-2024-42422 | 1 Dell | 1 Networker | 2025-02-03 | 8.3 High |
| Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-53007 | 2025-01-31 | 6.4 Medium | ||
| Bentley Systems ProjectWise Integration Server before 10.00.03.288 allows unintended SQL query execution by an authenticated user via an API call. | ||||
| CVE-2023-22729 | 1 Silverstripe | 1 Framework | 2025-01-31 | 5.4 Medium |
| Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, an attacker can display a link to a third party website on a login screen by convincing a legitimate content author to follow a specially crafted link. Users should upgrade to Silverstripe Framework 4.12.15 or above to address the issue. | ||||
| CVE-2025-24886 | 2025-01-31 | 7.7 High | ||
| pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users (admin not required) to perform an LFI from the CTFd container. When a user clones or updates repositories, a check is performed to see if the repository had contained any symlinks. A malicious user could craft a repository with symlinks pointed to sensitive files and then retrieve them using the CTFd website. | ||||
| CVE-2023-31893 | 1 Telefonica | 2 Brasil Vivo Play, Brasil Vivo Play Firmware | 2025-01-31 | 7.5 High |
| Telefnica Brasil Vivo Play (IPTV) Firmware: 2023.04.04.01.06.15 is vulnerable to Denial of Service (DoS) via DNS Recursion. | ||||