Export limit exceeded: 346619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 346619 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29902 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-1160 | 1 Remyandrade | 1 Employee Management System | 2025-03-03 | 7.3 High |
| A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument username/password leads to use of default credentials. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-25134 | 1 Mcafee | 1 Total Protection | 2025-02-28 | 6.7 Medium |
| McAfee Total Protection prior to 16.0.50 may allow an adversary (with full administrative access) to modify a McAfee specific Component Object Model (COM) in the Windows Registry. This can result in the loading of a malicious payload. | ||||
| CVE-2023-20929 | 1 Google | 1 Android | 2025-02-28 | 5.5 Medium |
| In sendHalfSheetCancelBroadcast of HalfSheetActivity.java, there is a possible way to learn nearby BT MAC addresses due to an unrestricted broadcast intent. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-234442700 | ||||
| CVE-2022-20467 | 1 Google | 1 Android | 2025-02-28 | 5.5 Medium |
| In isBluetoothShareUri of BluetoothOppUtility.java, there is a possible incorrect file read due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-225880741 | ||||
| CVE-2022-46752 | 1 Dell | 150 Inspiron 14 Plus 7420, Inspiron 14 Plus 7420 Firmware, Inspiron 14 Plus 7620 and 147 more | 2025-02-28 | 4.6 Medium |
| Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2021-33360 | 1 Stoqey | 1 Gnuplot | 2025-02-28 | 9.8 Critical |
| An issue found in Stoqey gnuplot v.0.0.3 and earlier allows attackers to execute arbitrary code via the src/index.ts, plotCallack, child_process, and/or filePath parameter(s). | ||||
| CVE-2023-34188 | 1 Cesanta | 1 Mongoose | 2025-02-28 | 7.5 High |
| The HTTP server in Mongoose before 7.10 accepts requests containing negative Content-Length headers. By sending a single attack payload over TCP, an attacker can cause an infinite loop in which the server continuously reparses that payload, and does not respond to any other requests. | ||||
| CVE-2023-32709 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11. and 8.1.14, and Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user who holds the ‘user’ role can see the hashed version of the initial user name and password for the Splunk instance by using the ‘rest’ SPL command against the ‘conf-user-seed’ REST endpoint. | ||||
| CVE-2023-32710 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.8 Medium |
| In Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, a low-privileged user can perform an unauthorized transfer of data from a search using the ‘copyresults’ command if they know the search ID (SID) of a search job that has recently run. | ||||
| CVE-2023-32717 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-02-28 | 4.3 Medium |
| On Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14, and in Splunk Cloud Platform versions below 9.0.2303.100, an unauthorized user can access the {{/services/indexing/preview}} REST endpoint to overwrite search results if they know the search ID (SID) of an existing search job. | ||||
| CVE-2023-38206 | 1 Adobe | 1 Coldfusion | 2025-02-27 | 5.3 Medium |
| Adobe ColdFusion versions 2018u18 (and earlier), 2021u8 (and earlier) and 2023u2 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to access the administration CFM and CFC endpoints resulting in a low-confidentiality impact. Exploitation of this issue does not require user interaction. | ||||
| CVE-2023-24844 | 1 Qualcomm | 86 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 83 more | 2025-02-27 | 8.4 High |
| Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range. | ||||
| CVE-2023-5916 | 1 Dashy | 1 Dashy | 2025-02-27 | 4.3 Medium |
| A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability. | ||||
| CVE-2024-47059 | 2 Acquia, Mautic | 2 Mautic, Mautic | 2025-02-27 | 4.3 Medium |
| When logging in with the correct username and incorrect weak password, the user receives the notification, that their password is too weak. However when an incorrect username is provided alongside with a weak password, the application responds with ’Invalid credentials’ notification. This difference could be used to perform username enumeration. | ||||
| CVE-2023-25589 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2025-02-27 | 9.8 Critical |
| A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to create arbitrary users on the platform. A successful exploit allows an attacker to achieve total cluster compromise. | ||||
| CVE-2023-26284 | 1 Ibm | 1 Mq Certified Container | 2025-02-26 | 7.5 High |
| IBM MQ Certified Container 9.3.0.1 through 9.3.0.3 and 9.3.1.0 through 9.3.1.1 could allow authenticated users with the cluster to be granted administration access to the MQ console due to improper access controls. IBM X-Force ID: 248417. | ||||
| CVE-2023-21449 | 1 Samsung | 1 Android | 2025-02-26 | 4 Medium |
| Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | ||||
| CVE-2023-21452 | 1 Samsung | 1 Android | 2025-02-26 | 3.3 Low |
| Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device. | ||||
| CVE-2023-21454 | 1 Samsung | 1 Android | 2025-02-26 | 2.4 Low |
| Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | ||||
| CVE-2023-21455 | 1 Samsung | 2 Exynos, Exynos Firmware | 2025-02-26 | 5.9 Medium |
| Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. | ||||