Export limit exceeded: 10764 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10764 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0570 | 1 Totolink | 2 N350rt, N350rt Firmware | 2025-05-09 | 7.3 High |
| A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-21402 | 1 Microsoft | 1 365 Apps | 2025-05-09 | 7.1 High |
| Microsoft Outlook Elevation of Privilege Vulnerability | ||||
| CVE-2022-23241 | 1 Netapp | 1 Clustered Data Ontap | 2025-05-09 | 8.1 High |
| Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. | ||||
| CVE-2025-46348 | 1 Yeswiki | 1 Yeswiki | 2025-05-09 | 10 Critical |
| YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication. The archives are created with a predictable filename, so a malicious user could create and download an archive without being authenticated. This could result in a malicious attacker making numerous requests to create archives and fill up the file system, or by downloading the archive which contains sensitive site information. This issue has been patched in version 4.5.4. | ||||
| CVE-2023-51774 | 1 Json-jwt Project | 1 Json-jwt | 2025-05-08 | 8.4 High |
| The json-jwt (aka JSON::JWT) gem 1.16.3 for Ruby sometimes allows bypass of identity checks via a sign/encryption confusion attack. For example, JWE can sometimes be used to bypass JSON::JWT.decode. | ||||
| CVE-2022-41708 | 1 Relatedcode | 1 Messenger | 2025-05-08 | 4.3 Medium |
| Relatedcode's Messenger version 7bcd20b allows an authenticated external attacker to access existing chats in the workspaces of any user of the application. This is possible because the application does not validate permissions correctly. | ||||
| CVE-2022-40798 | 1 Ocomon Project | 1 Ocomon | 2025-05-08 | 7.5 High |
| OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover. | ||||
| CVE-2022-43429 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2025-05-08 | 7.5 High |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2020-12744 | 1 Verint | 1 Desktop And Process Analytics | 2025-05-08 | 7.8 High |
| The MSI installer in Verint Desktop Resources 15.2 allows an unprivileged local user to elevate their privileges during install or repair. | ||||
| CVE-2016-5527 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality via unknown vectors, a different vulnerability than CVE-2016-5524. | ||||
| CVE-2016-5521 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5512. | ||||
| CVE-2016-5526 | 1 Oracle | 1 Agile Product Lifecycle Management | 2025-05-08 | N/A |
| Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Apache Tomcat. | ||||
| CVE-2022-37298 | 1 Shinken-monitoring | 1 Shinken Monitoring | 2025-05-08 | 9.8 Critical |
| Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server. | ||||
| CVE-2024-21376 | 1 Microsoft | 1 Azure Kubernetes Service | 2025-05-08 | 9 Critical |
| Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | ||||
| CVE-2023-24481 | 1 Intel | 1 Thunderbolt Dch Driver | 2025-05-08 | 6.3 Medium |
| Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-0568 | 1 Se | 4 Renf22r2mmw, Renf22r2mmw Firmware, Rmnf22tb30 and 1 more | 2025-05-08 | 8.8 High |
| CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. | ||||
| CVE-2024-21114 | 1 Oracle | 1 Vm Virtualbox | 2025-05-08 | 8.8 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2024-21110 | 1 Oracle | 1 Vm Virtualbox | 2025-05-08 | 7.3 High |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-21107 | 2 Microsoft, Oracle | 2 Windows, Vm Virtualbox | 2025-05-08 | 6.7 Medium |
| Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. Note: This vulnerability applies to Windows hosts only. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2024-21076 | 1 Oracle | 1 Trade Management | 2025-05-08 | 7.5 High |
| Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite (component: Offer LOV). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Trade Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Trade Management accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | ||||