Export limit exceeded: 11531 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11531 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-20184 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.4 Medium |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2020-3411 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 7.5 High |
| A vulnerability in Cisco DNA Center software could allow an unauthenticated remote attacker access to sensitive information on an affected system. The vulnerability is due to improper handling of authentication tokens by the affected software. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker access to sensitive device information, which includes configuration files. | ||||
| CVE-2023-20182 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 5.4 Medium |
| Multiple vulnerabilities in the API of Cisco DNA Center Software could allow an authenticated, remote attacker to read information from a restricted container, enumerate user information, or execute arbitrary commands in a restricted container as the root user. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2025-20223 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 4.7 Medium |
| A vulnerability in Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to read and modify data in a repository that belongs to an internal service of an affected device. This vulnerability is due to insufficient enforcement of access control on HTTP requests. An attacker could exploit this vulnerability by submitting a crafted HTTP request to an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. | ||||
| CVE-2024-20333 | 1 Cisco | 1 Catalyst Center | 2025-07-23 | 4.3 Medium |
| A vulnerability in the web-based management interface of Cisco Catalyst Center, formerly Cisco DNA Center, could allow an authenticated, remote attacker to change specific data within the interface on an affected device. This vulnerability is due to insufficient authorization enforcement. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could allow the attacker to change a specific field within the web-based management interface, even though they should not have access to change that field. | ||||
| CVE-2024-7401 | 1 Netskope | 1 Netskope | 2025-07-23 | 7.5 High |
| Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. Since this is a static token, if leaked, cannot be rotated or revoked. A malicious actor can use this token to enroll NSClient from a customer’s tenant and impersonate a user. | ||||
| CVE-2024-32124 | 1 Fortinet | 1 Fortiisolator | 2025-07-22 | 4 Medium |
| An improper access control vulnerability [CWE-284] in FortiIsolator version 2.4.4, version 2.4.3, 2.3 all versions logging component may allow a remote authenticated read-only attacker to alter logs via a crafted HTTP request. | ||||
| CVE-2025-20130 | 1 Cisco | 2 Identity Services Engine, Identity Services Engine Passive Identity Connector | 2025-07-22 | 4.9 Medium |
| A vulnerability in the API of Cisco Identity Services Engine (ISE) and Cisco ISE Passive Identity Connector (ISE-PIC) could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy function. An attacker could exploit this vulnerability by sending a crafted file upload request to a specific API endpoint. A successful exploit could allow the attacker to upload arbitrary files to an affected system. | ||||
| CVE-2025-2121 | 1 Thinkware | 2 F800 Pro, F800 Pro Firmware | 2025-07-22 | 6.3 Medium |
| A vulnerability classified as critical has been found in Thinkware Car Dashcam F800 Pro up to 20250226. Affected is an unknown function of the component File Storage. The manipulation leads to improper access controls. The attack can only be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-44619 | 1 Tinxy | 2 Wifi Lock Controller V1 Rf, Wifi Lock Controller V1 Rf Firmware | 2025-07-22 | 9.1 Critical |
| Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication. | ||||
| CVE-2025-20323 | 1 Splunk | 2 Splunk, Splunk Enterprise | 2025-07-21 | 4.3 Medium |
| In Splunk Enterprise versions below 9.4.3, 9.3.5, 9.2.7, and 9.1.10, a low-privileged user that does not hold the "admin" or "power" Splunk roles could turn off the scheduled search `Bucket Copy Trigger` within the Splunk Archiver application. This is because of missing access controls in the saved searches for this app. | ||||
| CVE-2025-20324 | 1 Splunk | 3 Splunk, Splunk Cloud Platform, Splunk Enterprise | 2025-07-21 | 5.4 Medium |
| In Splunk Enterprise versions below 9.4.2, 9.3.5, 9.2.7, and 9.1.10 and Splunk Cloud Platform versions below 9.3.2411.104, 9.3.2408.113, and 9.2.2406.119, a low-privileged user that does not hold the "admin" or "power" Splunk roles could create or overwrite [system source type](https://help.splunk.com/en/splunk-enterprise/get-started/get-data-in/9.2/configure-source-types/create-source-types) configurations by sending a specially-crafted payload to the `/servicesNS/nobody/search/admin/sourcetypes/` REST endpoint on the Splunk management port. | ||||
| CVE-2025-44526 | 1 Realtek | 2 Rtl8762e Software Development Kit, Rtl8762ekf-evb | 2025-07-18 | 6.5 Medium |
| Realtek RTL8762EKF-EVB RTL8762E SDK V1.4.0 was discovered to utilize insufficient permission checks on critical fields within Bluetooth Low Energy (BLE) data packets. This issue allows attackers to cause a Denial of Service (DoS) via a crafted LL_Length_Req packet. | ||||
| CVE-2025-7095 | 1 Comodo | 1 Internet Security | 2025-07-18 | 3.7 Low |
| A vulnerability classified as critical has been found in Comodo Internet Security Premium 12.3.4.8162. This affects an unknown part of the component Update Handler. The manipulation leads to improper certificate validation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-52359 | 1 Ibm | 1 Concert | 2025-07-18 | 4.3 Medium |
| IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | ||||
| CVE-2025-6329 | 1 Scriptandtools | 1 Real Estate Management System | 2025-07-18 | 5.4 Medium |
| A vulnerability was found in ScriptAndTools Real Estate Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file userdelete.php of the component User Delete Handler. The manipulation of the argument ID leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-7565 | 1 Lb-link | 2 Bl-ac3600, Bl-ac3600 Firmware | 2025-07-17 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in LB-LINK BL-AC3600 up to 1.0.22. This affects the function geteasycfg of the file /cgi-bin/lighttpd.cgi of the component Web Management Interface. The manipulation of the argument Password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-50087 | 1 Oracle | 2 Mysql, Mysql Server | 2025-07-17 | 4.9 Medium |
| Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MySQL Server accessible data. CVSS 3.1 Base Score 4.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N). | ||||
| CVE-2025-2572 | 1 Progress | 1 Whatsup Gold | 2025-07-17 | 5.6 Medium |
| In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. | ||||
| CVE-2025-50081 | 1 Oracle | 2 Mysql, Mysql Client | 2025-07-17 | 3.1 Low |
| Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Client. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Client accessible data as well as unauthorized read access to a subset of MySQL Client accessible data. CVSS 3.1 Base Score 3.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N). | ||||