Export limit exceeded: 366299 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (35583 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-25369 1 Siglent 6 Sds1074x-e, Sds1074x-e Firmware, Sds1104x-e and 3 more 2025-01-03 7.5 High
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Denial of Service on the user interface triggered by malformed SCPI command.
CVE-2023-25368 1 Siglent 6 Sds1074x-e, Sds1074x-e Firmware, Sds1104x-e and 3 more 2025-01-03 7.5 High
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS is vulnerable to Incorrect Access Control. An unauthenticated attacker can overwrite firmnware.
CVE-2023-25367 1 Siglent 6 Sds1074x-e, Sds1074x-e Firmware, Sds1104x-e and 3 more 2025-01-03 9.8 Critical
Siglent SDS 1104X-E SDS1xx4X-E_V6.1.37R9.ADS allows unfiltered user input resulting in Remote Code Execution (RCE) with SCPI interface or web server.
CVE-2023-1707 1 Hp 317 Color Laserjet Enterprise 5700 49k98a, Color Laserjet Enterprise 5700 6qn28a, Color Laserjet Enterprise 6700 49l00a and 314 more 2025-01-03 7.5 High
Certain HP Enterprise LaserJet and HP LaserJet Managed Printers are potentially vulnerable to information disclosure when IPsec is enabled with FutureSmart version 5.6.
CVE-2024-39896 1 Monospace 1 Directus 2025-01-03 7.5 High
Directus is a real-time API and App dashboard for managing SQL database content. When relying on SSO providers in combination with local authentication it can be possible to enumerate existing SSO users in the instance. This is possible because if an email address exists in Directus and belongs to a known SSO provider then it will throw a "helpful" error that the user belongs to another provider. This vulnerability is fixed in 10.13.0.
CVE-2024-34708 1 Monospace 1 Directus 2025-01-03 4.9 Medium
Directus is a real-time API and App dashboard for managing SQL database content. A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the `alias` functionality on the API. Normally, these redacted fields will return `**********` however if we change the request to `?alias[workaround]=redacted` we can instead retrieve the plain text value for the field. This can be avoided by removing permission to view the sensitive fields entirely from users or roles that should not be able to see them. This vulnerability is fixed in 10.11.0.
CVE-2024-27296 1 Monospace 1 Directus 2025-01-03 5.3 Medium
Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer.
CVE-2023-2673 1 Phoenixcontact 52 Fl Mguard 2102, Fl Mguard 2102 Firmware, Fl Mguard 4102 Pci and 49 more 2025-01-03 5.3 Medium
Improper Input Validation vulnerability in PHOENIX CONTACT FL/TC MGUARD Family in multiple versions may allow UDP packets to bypass the filter rules and access the solely connected device behind the MGUARD which can be used for flooding attacks.
CVE-2023-28829 1 Siemens 4 Simatic Net Pc Software, Simatic Pcs 7, Simatic Wincc and 1 more 2025-01-03 3.9 Low
A vulnerability has been identified in SIMATIC NET PC Software V14 (All versions), SIMATIC NET PC Software V15 (All versions), SIMATIC PCS 7 V8.2 (All versions), SIMATIC PCS 7 V9.0 (All versions), SIMATIC PCS 7 V9.1 (All versions), SIMATIC WinCC (All versions < V8.0), SINAUT Software ST7sc (All versions). Before SIMATIC WinCC V8, legacy OPC services (OPC DA (Data Access), OPC HDA (Historical Data Access), and OPC AE (Alarms & Events)) were used per default. These services were designed on top of the Windows ActiveX and DCOM mechanisms and do not implement state-of-the-art security mechanisms for authentication and encryption of contents.
CVE-2024-34082 1 Getgrav 1 Grav 2025-01-02 8.5 High
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - `/grav/user/accounts/*.yaml`. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise any registered account and read any file in the web server by resetting a password for a user to get access to the password reset token from the file or by cracking the hashed password. A low privileged user may also perform a full account takeover of other registered users including Administrators. Version 1.7.46 contains a patch.
CVE-2024-32645 1 Vyperlang 1 Vyper 2025-01-02 5.3 Medium
Vyper is a pythonic Smart Contract Language for the Ethereum virtual machine. In versions 0.3.10 and prior, incorrect values can be logged when `raw_log` builtin is called with memory or storage arguments to be used as topics. A contract search was performed and no vulnerable contracts were found in production. The `build_IR` function of the `RawLog` class fails to properly unwrap the variables provided as topics. Consequently, incorrect values are logged as topics. As of time of publication, no fixed version is available.
CVE-2022-41083 1 Microsoft 1 Jupyter 2025-01-02 7.8 High
Visual Studio Code Elevation of Privilege Vulnerability
CVE-2022-41081 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2025-01-02 8.1 High
Windows Point-to-Point Tunneling Protocol Remote Code Execution Vulnerability
CVE-2022-41064 1 Microsoft 13 .net, .net Framework, Nuget and 10 more 2025-01-02 5.8 Medium
.NET Framework Information Disclosure Vulnerability
CVE-2022-41043 1 Microsoft 2 Office, Office Long Term Servicing Channel 2025-01-02 3.3 Low
Microsoft Office Information Disclosure Vulnerability
CVE-2022-41042 1 Microsoft 1 Visual Studio Code 2025-01-02 7.4 High
Visual Studio Code Information Disclosure Vulnerability
CVE-2022-41038 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41037 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41036 1 Microsoft 2 Sharepoint Foundation, Sharepoint Server 2025-01-02 8.8 High
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVE-2022-41034 1 Microsoft 1 Visual Studio Code 2025-01-02 7.8 High
Visual Studio Code Remote Code Execution Vulnerability