Export limit exceeded: 11606 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11606 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-22455 | 1 Dell | 1 E-lab Navigator | 2024-11-21 | 4.4 Medium |
| Dell Mobility - E-Lab Navigator, version(s) 3.1.9, 3.2.0, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Launch of phishing attacks. | ||||
| CVE-2024-22354 | 1 Ibm | 1 Websphere Application Server | 2024-11-21 | 7 High |
| IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack. IBM X-Force ID: 280401. | ||||
| CVE-2024-22333 | 1 Ibm | 2 Maximo Application Suite, Maximo Asset Management | 2024-11-21 | 3.3 Low |
| IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | ||||
| CVE-2024-22281 | 2024-11-21 | 7.5 High | ||
| ** UNSUPPORTED WHEN ASSIGNED ** The Apache Helix Front (UI) component contained a hard-coded secret, allowing an attacker to spoof sessions by generating their own fake cookies. This issue affects Apache Helix Front (UI): all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-22206 | 1 Clerk | 1 Javascript | 2024-11-21 | 9.1 Critical |
| Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. | ||||
| CVE-2024-21796 | 1 Dfeg | 1 Electronic Deliverables Creation Support Tool | 2024-11-21 | 5.5 Medium |
| Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. | ||||
| CVE-2024-21759 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 3.9 Low |
| An authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker to view unauthorized resources via HTTP or HTTPS requests. | ||||
| CVE-2024-21734 | 1 Sap | 1 Marketing | 2024-11-21 | 3.7 Low |
| SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. | ||||
| CVE-2024-1604 | 1 Bmc | 1 Control-m | 2024-11-21 | 6.4 Medium |
| Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. | ||||
| CVE-2024-1329 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.7 High |
| HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. This vulnerability, CVE-2024-1329, is fixed in Nomad 1.7.4, 1.6.7, and 1.5.14. | ||||
| CVE-2024-1064 | 1 Craftycontrol | 1 Crafty Controller | 2024-11-21 | 7.5 High |
| A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header | ||||
| CVE-2024-0953 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. This vulnerability affects Firefox for iOS < 129. | ||||
| CVE-2024-0943 | 1 Totolink | 2 N350rt, N350rt Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0942 | 1 Totolink | 2 N200re-v5, N200re-v5 Firmware | 2024-11-21 | 3.7 Low |
| A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-0491 | 1 Huaxiaerp | 1 Huaxia Erp | 2024-11-21 | 5.3 Medium |
| A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596. | ||||
| CVE-2024-0319 | 1 Fireeye | 1 Hxtool | 2024-11-21 | 5.4 Medium |
| Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. | ||||
| CVE-2024-0089 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | ||||
| CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.7 Medium |
| Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | ||||
| CVE-2023-6836 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2024-11-21 | 4.6 Medium |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | ||||
| CVE-2023-6721 | 1 Europeana | 1 Repox | 2024-11-21 | 8.3 High |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | ||||