Export limit exceeded: 10873 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10873 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-1020 | 1 Cisco | 1 Ios | 2025-04-03 | N/A |
| Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data. | ||||
| CVE-2003-1433 | 1 Epic Games | 1 Unreal Engine | 2025-04-03 | N/A |
| Epic Games Unreal Engine 226f through 436 does not validate the challenge key, which allows remote attackers to exhaust the player limit by joining the game multiple times. | ||||
| CVE-2004-2182 | 1 Macromedia | 1 Jrun | 2025-04-03 | N/A |
| Session fixation vulnerability in Macromedia JRun 4.0 allows remote attackers to hijack user sessions by pre-setting the user session ID information used by the session server. | ||||
| CVE-2001-0781 | 1 Pi-soft | 1 Spoonftp | 2025-04-03 | N/A |
| Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. | ||||
| CVE-2003-1434 | 1 Pete Werner | 1 Login Ldap | 2025-04-03 | N/A |
| login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthenticated bind requests if (1) bind_anon_dn is on, which allows a bind with no password provided, (2) bind_anon_cred is on, which allows a bind with no DN, or (3) bind_anon is on, which allows a bind with no DN or password. | ||||
| CVE-2001-1515 | 1 Microsoft | 1 Windows 2000 | 2025-04-03 | 7.5 High |
| Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended. | ||||
| CVE-2003-1343 | 1 Trend Micro | 1 Scanmail | 2025-04-03 | N/A |
| Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 might install a back door account in smg_Smxcfg30.exe, which allows remote attackers to gain access to the web management interface via the vcc parameter, possibly "3560121183d3". | ||||
| CVE-2006-0374 | 1 Advantage Century Telecommunication | 1 P202s | 2025-04-03 | N/A |
| Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | ||||
| CVE-2001-1585 | 1 Openbsd | 1 Openssh | 2025-04-03 | N/A |
| SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file. | ||||
| CVE-2024-1608 | 1 Oppo | 1 Usercenter Credit Software Development Kit | 2025-04-02 | 9.1 Critical |
| In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. | ||||
| CVE-2024-22234 | 2 Redhat, Vmware | 4 Apache Camel Spring Boot, Openshift Devspaces, Rhboac Hawtio and 1 more | 2025-04-02 | 7.4 High |
| In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html | ||||
| CVE-2023-24058 | 1 Twinkletoessoftware | 1 Booked | 2025-04-02 | 4.3 Medium |
| Booked Scheduler 2.5.5 allows authenticated users to create and schedule events for any other user via a modified userId value to reservation_save.php. NOTE: 2.5.5 is a version from 2014; the latest version of Booked Scheduler is not affected. However, LabArchives Scheduler (Sep 6, 2022 Feature Release) is affected. | ||||
| CVE-2023-22960 | 1 Lexmark | 256 B2236, B2236 Firmware, B2338 and 253 more | 2025-04-02 | 7.5 High |
| Lexmark products through 2023-01-10 have Improper Control of Interaction Frequency. | ||||
| CVE-2021-43445 | 1 Onlyoffice | 1 Server | 2025-04-02 | 9.8 Critical |
| ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. An attacker can authenticate with the web socket service of the ONLYOFFICE document editor which is protected by JWT auth by using a default JWT signing key. | ||||
| CVE-2021-43444 | 1 Onlyoffice | 1 Server | 2025-04-02 | 7.5 High |
| ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control. Signed document download URLs can be forged due to a weak default URL signing key. | ||||
| CVE-2025-2638 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in JIZHICMS up to 1.7.0. This affects an unknown part of the file /user/release.html of the component Article Handler. The manipulation of the argument ishot with the input 1 leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2637 | 1 Jizhicms | 1 Jizhicms | 2025-04-02 | 4.3 Medium |
| A vulnerability, which was classified as problematic, has been found in JIZHICMS up to 1.7.0. Affected by this issue is some unknown functionality of the file /user/userinfo.html of the component Account Profile Page. The manipulation of the argument jifen leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-24425 | 1 Jenkins | 1 Kubernetes Credentials Provider | 2025-04-02 | 6.5 Medium |
| Jenkins Kubernetes Credentials Provider Plugin 1.208.v128ee9800c04 and earlier does not set the appropriate context for Kubernetes credentials lookup, allowing attackers with Item/Configure permission to access and potentially capture Kubernetes credentials they are not entitled to. | ||||
| CVE-2023-20924 | 1 Google | 1 Android | 2025-04-02 | 6.8 Medium |
| In (TBD) of (TBD), there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-240428519References: N/A | ||||
| CVE-2022-40036 | 1 Blog-ssm Project | 1 Blog-ssm | 2025-04-02 | 6.5 Medium |
| An issue was discovered in Rawchen blog-ssm v1.0 allows an attacker to obtain sensitive user information by bypassing permission checks via the /adminGetUserList component. | ||||