Export limit exceeded: 10211 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10211 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-25139 | 1 Gnu | 1 Glibc | 2025-03-26 | 9.8 Critical |
| sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. | ||||
| CVE-2022-38657 | 1 Hcltech | 1 Hcl Leap | 2025-03-26 | 8.2 High |
| An open redirect to malicious sites can occur when accessing the "Feedback" action on the manager page. | ||||
| CVE-2023-0400 | 2 Microsoft, Trellix | 2 Windows, Data Loss Prevention | 2025-03-26 | 5.9 Medium |
| The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9 correctly detected and blocked the attempted upload of sensitive data. | ||||
| CVE-2023-20611 | 2 Google, Mediatek | 39 Android, Mt6580, Mt6731 and 36 more | 2025-03-26 | 6.4 Medium |
| In gpu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588678; Issue ID: ALPS07588678. | ||||
| CVE-2023-20610 | 2 Google, Mediatek | 23 Android, Mt6761, Mt6765 and 20 more | 2025-03-26 | 6.4 Medium |
| In display drm, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363469; Issue ID: ALPS07363469. | ||||
| CVE-2022-38389 | 1 Ibm | 1 Tivoli Workload Scheduler | 2025-03-25 | 7.1 High |
| IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 233975. | ||||
| CVE-2023-20607 | 2 Google, Mediatek | 4 Android, Mt6765, Mt6768 and 1 more | 2025-03-25 | 6.4 Medium |
| In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839. | ||||
| CVE-2024-20369 | 1 Cisco | 1 Network Services Orchestrator | 2025-03-25 | 4.7 Medium |
| A vulnerability in the web-based management interface of Cisco Crosswork Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of a parameter in an HTTP request. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to redirect a user to a malicious website. | ||||
| CVE-2024-44776 | 1 Vtiger | 1 Vtiger Crm | 2025-03-25 | 6.1 Medium |
| An Open Redirect vulnerability in the page parameter of vTiger CRM v7.4.0 allows attackers to redirect users to a malicious site via a crafted URL. | ||||
| CVE-2024-40395 | 1 Ptc | 1 Thingworx | 2025-03-25 | 6.5 Medium |
| An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level. | ||||
| CVE-2024-39734 | 1 Ibm | 1 Datacap | 2025-03-25 | 4.3 Medium |
| IBM Datacap Navigator 9.1.5, 9.1.6, 9.1.7, 9.1.8, and 9.1.9 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 296001. | ||||
| CVE-2024-36736 | 1 Oneflow | 1 Oneflow | 2025-03-25 | 9.8 Critical |
| An issue in the oneflow.permute component of OneFlow-Inc. Oneflow v0.9.1 causes an incorrect calculation when the same dimension operation is performed. | ||||
| CVE-2024-34092 | 1 Archerirm | 1 Archer | 2025-03-25 | 6.3 Medium |
| An issue was discovered in Archer Platform 6 before 2024.04. Authentication was mishandled because lock did not terminate an existing session. 6.14 P3 (6.14.0.3) is also a fixed release. | ||||
| CVE-2024-25270 | 1 Mirapolis | 1 Lms | 2025-03-25 | 4.3 Medium |
| An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | ||||
| CVE-2024-31095 | 1 Richard Torres | 1 Thumbs Rating | 2025-03-25 | 9.1 Critical |
| Authorization Bypass Through User-Controlled Key vulnerability in Ricard Torres Thumbs Rating.This issue affects Thumbs Rating: from n/a through 5.1.0. | ||||
| CVE-2023-22798 | 1 Brave | 1 Adblock-lists | 2025-03-25 | 6.1 Medium |
| Prior to commit 51867e0d15a6d7f80d5b714fd0e9976b9c160bb0, https://github.com/brave/adblock-lists removed redirect interceptors on some websites like Facebook in which the redirect interceptor may have been there for security purposes. This could potentially cause open redirects on these websites. Brave's redirect interceptor removal feature is known as "debouncing" and is intended to remove unnecessary redirects that track users across the web. | ||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 6.4 Medium |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||
| CVE-2024-38874 | 1 Typo3 | 1 Events2 | 2025-03-24 | 5.4 Medium |
| An issue was discovered in the events2 (aka Events 2) extension before 8.3.8 and 9.x before 9.0.6 for TYPO3. Missing access checks in the management plugin lead to an insecure direct object reference (IDOR) vulnerability with the potential to activate or delete various events for unauthenticated users. | ||||
| CVE-2022-48290 | 1 Huawei | 1 Harmonyos | 2025-03-24 | 9.1 Critical |
| The phone-PC collaboration module has a logic bypass vulnerability. Successful exploitation of this vulnerability may affect data confidentiality and integrity. | ||||