Export limit exceeded: 366310 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29758 1 Leap 1 Blue Light Filter 2025-01-06 5.5 Medium
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29757 1 Leap 1 Blue Light Filter 2025-01-06 7.8 High
An issue found in Blue Light Filter v.1.5.5 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-29756 1 Urbanandroid 1 Twilight 2025-01-06 5.5 Medium
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause a persistent denial of service by manipulating the SharedPreference files.
CVE-2023-29755 1 Urbanandroid 1 Twilight 2025-01-06 7.8 High
An issue found in Twilight v.13.3 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-29753 1 Ekatox 1 Facemoji\ 2025-01-06 5.5 Medium
An issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows a local attacker to cause a denial of service via the SharedPreference files.
CVE-2023-35034 1 Atos 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager 2025-01-06 9.8 Critical
Atos Unify OpenScape 4000 Assistant V10 R1 before V10 R1.42.0 and V10 R1.34.8 and Manager V10 R1 before V10 R1.42.0 and V10 R1.34.8 allow remote code execution by unauthenticated users, aka OSFOURK-24033.
CVE-2023-2455 3 Fedoraproject, Postgresql, Redhat 9 Fedora, Postgresql, Enterprise Linux and 6 more 2025-01-06 5.4 Medium
Row security policies disregard user ID changes after inlining; PostgreSQL could permit incorrect policies to be applied in certain cases where role-specific policies are used and a given query is planned under one role and then executed under other roles. This scenario can happen under security definer functions or when a common user and query is planned initially and then re-used across multiple SET ROLEs. Applying an incorrect policy may permit a user to complete otherwise-forbidden reads and modifications. This affects only databases that have used CREATE POLICY to define a row security policy.
CVE-2023-29749 1 Yandex 1 Navigator 2025-01-06 7.8 High
An issue found in Yandex Navigator v.6.60 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files.
CVE-2023-27716 1 Kafkaui-lite Project 1 Kafkaui-lite 2025-01-06 9.8 Critical
An issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes running on it.
CVE-2019-16283 2 Hp, Microsoft 2 Softpaq Installer, Windows 2025-01-06 7.8 High
A potential security vulnerability has been identified with a version of the HP Softpaq installer that can lead to arbitrary code execution.
CVE-2023-32312 1 Umbraco 1 Umbraco Identity Extensibility 2025-01-06 3.7 Low
UmbracoIdentityExtensions is an Umbraco add-on package that enables easy extensibility points for ASP.Net Identity integration. In affected versions client secrets are not required which may expose some endpoints to untrusted actors. Since Umbraco is not a single-page application, the implicit flow is not safe. For traditional MVC applications, it is recommended to use the authorization code flow, which requires the client to authenticate with the authorization server using a client secret. This flow provides better security, as it involves exchanging an authorization code for an access token and/or ID token, rather than directly returning tokens in the URL fragment. This issue has been patched in commit `e792429f9` and a release to Nuget is pending. Users are advised to upgrade when possible.
CVE-2023-32219 1 Mazda 2 Mazda, Mazda Firmware 2025-01-06 6.5 Medium
A Mazda model (2015-2016) can be unlocked via an unspecified method.
CVE-2023-21245 1 Google 1 Android 2025-01-06 7.8 High
In showNextSecurityScreenOrFinish of KeyguardSecurityContainerController.java, there is a possible way to access the lock screen during device setup due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-32221 1 Easeus 1 Todo Backup 2025-01-04 8.8 High
EaseUS Todo Backup version 20220111.390 - An omission during installation may allow a local attacker to perform privilege escalation.
CVE-2024-9257 1 Logsign 1 Unified Secops Platform 2025-01-03 6.5 Medium
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265.
CVE-2023-35053 1 Jetbrains 1 Youtrack 2025-01-03 7.5 High
In JetBrains YouTrack before 2023.1.10518 a DoS attack was possible via Helpdesk forms
CVE-2023-51644 1 Alltena 1 Allegra 2025-01-03 7.3 High
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512.
CVE-2024-27931 1 Deno 1 Deno 2025-01-03 5.8 Medium
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1.
CVE-2024-27932 1 Deno 1 Deno 2025-01-03 4.6 Medium
Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue
CVE-2023-32673 1 Hp 4 Image Assistant, Pc Hardware Diagnostics, Thunderbolt Dock G2 and 1 more 2025-01-03 9.8 Critical
Certain versions of HP PC Hardware Diagnostics Windows, HP Image Assistant, and HP Thunderbolt Dock G2 Firmware are potentially vulnerable to elevation of privilege.