Export limit exceeded: 20721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10199 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10199 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28799 | 1 Zscaler | 1 Client Connector | 2024-12-05 | 8.2 High |
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | ||||
| CVE-2023-28202 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 5.5 Medium |
| This issue was addressed with improved state management. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. An app firewall setting may not take effect after exiting the Settings app. | ||||
| CVE-2023-32394 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-12-05 | 2.4 Low |
| The issue was addressed with improved checks. This issue is fixed in iOS 16.5 and iPadOS 16.5, watchOS 9.5, tvOS 16.5, macOS Ventura 13.4. A person with physical access to a device may be able to view contact information from the lock screen. | ||||
| CVE-2023-32613 | 1 Wavlink | 2 Wl-wn531ax2, Wl-wn531ax2 Firmware | 2024-12-05 | 8.1 High |
| Exposure of resource to wrong sphere issue exists in WL-WN531AX2 firmware versions prior to 2023526, which may allow a network-adjacent attacker to use functions originally available after login without logging in. | ||||
| CVE-2023-21189 | 1 Google | 1 Android | 2024-12-04 | 7.3 High |
| In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-213942596 | ||||
| CVE-2023-2990 | 1 Globalscape | 1 Eft Server | 2024-12-04 | 7.5 High |
| Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service | ||||
| CVE-2024-28826 | 1 Checkmk | 1 Checkmk | 2024-12-04 | 8.8 High |
| Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site server. | ||||
| CVE-2024-12099 | 2024-12-04 | 4.3 Medium | ||
| The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | ||||
| CVE-2023-36252 | 1 Ateme | 4 Flamingo Xl, Flamingo Xl Firmware, Flamingo Xs and 1 more | 2024-12-03 | 8.8 High |
| An issue in Ateme Flamingo XL v.3.6.20 and XS v.3.6.5 allows a remote authenticated attacker to execute arbitrary code and cause a denial of service via a the session expiration function. | ||||
| CVE-2023-3113 | 1 Lenovo | 1 Xclarity Administrator | 2024-12-03 | 8.2 High |
| An unauthenticated XML external entity injection (XXE) vulnerability exists in LXCA's Common Information Model (CIM) server that could result in read-only access to specific files. | ||||
| CVE-2024-53429 | 1 Open62541 | 1 Open62541 | 2024-12-03 | 7.5 High |
| Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. | ||||
| CVE-2024-54159 | 2024-12-03 | 4.1 Medium | ||
| stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. | ||||
| CVE-2021-20784 | 1 Voidtools | 1 Everything | 2024-12-03 | 6.1 Medium |
| HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product. | ||||
| CVE-2018-0094 | 1 Cisco | 1 Unified Computing System Central Software | 2024-12-02 | N/A |
| A vulnerability in IPv6 ingress packet processing for Cisco UCS Central Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition due to high CPU utilization on the targeted device. The vulnerability is due to insufficient rate limiting protection for IPv6 ingress traffic. An attacker could exploit this vulnerability by sending the affected device a high rate of IPv6 packets. Successful exploitation could allow the attacker to cause a DoS condition due to CPU and resource constraints. Cisco Bug IDs: CSCuv34544. | ||||
| CVE-2018-0097 | 1 Cisco | 1 Prime Infrastructure | 2024-12-02 | N/A |
| A vulnerability in the web interface of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to redirect a user to a malicious web page, aka an Open Redirect. The vulnerability is due to improper input validation of the parameters in the HTTP request. An attacker could exploit this vulnerability by crafting an HTTP request that could cause the web application to redirect the request to a specific malicious URL. This vulnerability is known as an open redirect attack and is used in phishing attacks to get users to visit malicious sites without their knowledge. Cisco Bug IDs: CSCve37646. | ||||
| CVE-2018-0100 | 1 Cisco | 1 Anyconnect Secure Mobility Client | 2024-12-02 | N/A |
| A vulnerability in the Profile Editor of the Cisco AnyConnect Secure Mobility Client could allow an unauthenticated, local attacker to have read and write access to information stored in the affected system. The vulnerability is due to improper handling of the XML External Entity (XXE) entries when parsing an XML file. An attacker could exploit this vulnerability by injecting a crafted XML file with malicious entries, which could allow the attacker to read and write files. Cisco Bug IDs: CSCvg19341. | ||||
| CVE-2018-0108 | 1 Cisco | 1 Webex Meetings Server | 2024-12-02 | N/A |
| A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to collect customer files via an out-of-band XML External Entity (XXE) injection. An attacker could exploit this vulnerability to gain information to conduct additional reconnaissance attacks. The vulnerability is due to the ability of an attacker to perform an out-of-band XXE injection on the system, which could allow an attacker to capture customer files and redirect them to another destination address. An exploit could allow the attacker to discover sensitive customer data. Cisco Bug IDs: CSCvg36996. | ||||
| CVE-2023-5986 | 1 Schneider-electric | 1 Ecostruxure Power Monitoring Expert | 2024-12-02 | 8.2 High |
| A CWE-601 URL Redirection to Untrusted Site vulnerability exists that could cause an openredirect vulnerability leading to a cross site scripting attack. By providing a URL-encoded input attackers can cause the software’s web application to redirect to the chosen domain after a successful login is performed. | ||||
| CVE-2018-0138 | 1 Cisco | 1 Firepower Threat Defense | 2024-12-02 | N/A |
| A vulnerability in the detection engine of Cisco Firepower System Software could allow an unauthenticated, remote attacker to bypass file policies that are configured to block files transmitted to an affected device via the BitTorrent protocol. The vulnerability exists because the affected software does not detect BitTorrent handshake messages correctly. An attacker could exploit this vulnerability by sending a crafted BitTorrent connection request to an affected device. A successful exploit could allow the attacker to bypass file policies that are configured to block files transmitted to the affected device via the BitTorrent protocol. Cisco Bug IDs: CSCve26946. | ||||
| CVE-2018-0207 | 1 Cisco | 1 Secure Access Control Server Solution Engine | 2024-12-02 | 3.3 Low |
| A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities (XXEs) when parsing an XML file. An attacker could exploit this vulnerability by convincing the administrator of an affected system to import a crafted XML file. Cisco Bug IDs: CSCve70595. | ||||