Export limit exceeded: 74732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-31158 | 1 Intel | 1 Server Board S2600bp Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-28028 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7.5 High |
| Improper input validation in some Intel(R) Neural Compressor software before version v3.0 may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-36282 | 1 Intel | 1 Server Board S2600st Firmware | 2024-11-15 | 8.2 High |
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21799 | 2024-11-15 | 7.1 High | ||
| Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-31154 | 1 Intel | 1 S2600bpbr Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-39766 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7 High |
| Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-36242 | 1 Intel | 1 Processors | 2024-11-15 | 8.8 High |
| Protection mechanism failure in the SPP for some Intel(R) Processors may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-47916 | 2024-11-15 | 7.5 High | ||
| Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-47915 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2024-11-15 | 7.5 High |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-6068 | 1 Rcokwellautomation | 1 Arena Input Analyzer | 2024-11-15 | 7.3 High |
| A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2024-11-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2024-10962 | 1 Wpvividplugins | 1 Migration Backup Staging Wpvivd Backup And Migration | 2024-11-15 | 8.8 High |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit. | ||||
| CVE-2024-45253 | 1 Avigilon | 1 Videolq Icvr Hd Camera | 2024-11-15 | 7.5 High |
| Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-45254 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2024-11-15 | 7.5 High |
| VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-51687 | 2024-11-15 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3. | ||||
| CVE-2024-51688 | 2024-11-15 | 7.1 High | ||
| Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1. | ||||
| CVE-2024-51377 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-11-14 | 8.8 High |
| An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields | ||||
| CVE-2024-49381 | 1 Plenti | 2 Plenti, Plentico | 2024-11-14 | 7.5 High |
| Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability. | ||||
| CVE-2024-49376 | 1 Autolabproject | 1 Autolab | 2024-11-14 | 8.8 High |
| Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist. | ||||
| CVE-2024-25431 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-14 | 8.8 High |
| An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | ||||