Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-28086 | 1 Hp | 1 Oneview | 2025-02-03 | 5.5 Medium |
| An HPE OneView appliance dump may expose proxy credential settings | ||||
| CVE-2022-25091 | 1 Infopop | 1 Ultimate Bulletin Board | 2025-02-03 | 5.3 Medium |
| Infopop Ultimate Bulletin Board up to v5.47a was discovered to allow all messages posted inside private forums to be disclosed by unauthenticated users via the quote reply feature. | ||||
| CVE-2021-44465 | 1 Odoo | 1 Odoo | 2025-02-03 | 4.3 Medium |
| Improper access control in Odoo Community 13.0 and earlier and Odoo Enterprise 13.0 and earlier allows authenticated attackers to subscribe to receive future notifications and comments related to arbitrary business records in the system, via crafted RPC requests. | ||||
| CVE-2021-23166 | 1 Odoo | 1 Odoo | 2025-02-03 | 8.7 High |
| A sandboxing issue in Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier allows authenticated administrators to read and write local files on the server. | ||||
| CVE-2024-4263 | 1 Lfprojects | 1 Mlflow | 2025-02-03 | 5.4 Medium |
| A broken access control vulnerability exists in mlflow/mlflow versions before 2.10.1, where low privilege users with only EDIT permissions on an experiment can delete any artifacts. This issue arises due to the lack of proper validation for DELETE requests by users with EDIT permissions, allowing them to perform unauthorized deletions of artifacts. The vulnerability specifically affects the handling of artifact deletions within the application, as demonstrated by the ability of a low privilege user to delete a directory inside an artifact using a DELETE request, despite the official documentation stating that users with EDIT permission can only read and update artifacts, not delete them. | ||||
| CVE-2024-25943 | 1 Dell | 1 Idrac9 | 2025-02-03 | 7.6 High |
| iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application. | ||||
| CVE-2022-37326 | 1 Docker | 1 Desktop | 2025-01-31 | 7.8 High |
| Docker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start API by controlling the pidfile field inside the DaemonJSON field in the WindowsContainerStartRequest class. This can indirectly lead to privilege escalation. | ||||
| CVE-2023-30349 | 1 Jflyfox | 1 Jfinal Cms | 2025-01-31 | 9.8 Critical |
| JFinal CMS v5.1.0 was discovered to contain a remote code execution (RCE) vulnerability via the ActionEnter function. | ||||
| CVE-2023-28770 | 1 Zyxel | 2 Dx5401-b0, Dx5401-b0 Firmware | 2025-01-31 | 7.5 High |
| The sensitive information exposure vulnerability in the CGI “Export_Log” and the binary “zcmd” in Zyxel DX5401-B0 firmware versions prior to V5.17(ABYO.1)C0 could allow a remote unauthenticated attacker to read the system files and to retrieve the password of the supervisor from the encrypted file. | ||||
| CVE-2022-1658 | 1 Artbees | 1 Jupiter | 2025-01-31 | 5.4 Medium |
| Vulnerable versions of the Jupiter Theme (<= 6.10.1) allow arbitrary plugin deletion by any authenticated user, including users with the subscriber role, via the abb_remove_plugin AJAX action registered in the framework/admin/control-panel/logic/plugin-management.php file. Using this functionality, any logged-in user can delete any installed plugin on the site. | ||||
| CVE-2022-1654 | 1 Artbees | 2 Jupiter, Jupiterx | 2025-01-31 | 8.8 High |
| Jupiter Theme <= 6.10.1 and JupiterX Core Plugin <= 2.0.7 allow any authenticated attacker, including a subscriber or customer-level attacker, to gain administrative privileges via the "abb_uninstall_template" (both) and "jupiterx_core_cp_uninstall_template" (JupiterX Core Only) AJAX actions | ||||
| CVE-2022-1659 | 1 Artbees | 1 Jupiterx | 2025-01-31 | 5.4 Medium |
| Vulnerable versions of the JupiterX Core (<= 2.0.6) plugin register an AJAX action jupiterx_conditional_manager which can be used to call any function in the includes/condition/class-condition-manager.php file by sending the desired function to call in the sub_action parameter. This can be used to view site configuration and logged-in users, modify post conditions, or perform a denial of service attack. | ||||
| CVE-2023-35685 | 1 Google | 1 Android | 2025-01-31 | 7.8 High |
| In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-33244 | 1 Obsidian | 1 Obsidian | 2025-01-31 | 8.2 High |
| Obsidian before 1.2.2 allows calls to unintended APIs (for microphone access, camera access, and desktop notification) via an embedded web page. | ||||
| CVE-2023-22787 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-31 | 7.5 High |
| An unauthenticated Denial of Service (DoS) vulnerability exists in a service accessed via the PAPI protocol provided by Aruba InstantOS and ArubaOS 10. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected access point. | ||||
| CVE-2023-22791 | 2 Arubanetworks, Hp | 2 Arubaos, Instantos | 2025-01-31 | 5.4 Medium |
| A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in which this disclosure of potentially sensitive information can occur are complex and depend on factors that are beyond the control of the attacker. | ||||
| CVE-2023-31444 | 1 Talend | 1 Studio | 2025-01-31 | 7.5 High |
| In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge. | ||||
| CVE-2022-41739 | 1 Ibm | 1 Spectrum Scale Container Native Storage Access | 2025-01-31 | 7.9 High |
| IBM Spectrum Scale (IBM Spectrum Scale Container Native Storage Access 5.1.2.1 through 5.1.6.0) could allow programs running inside the container to overcome isolation mechanism and gain additional capabilities or access sensitive information on the host. IBM X-Force ID: 237815. | ||||
| CVE-2024-46665 | 1 Fortinet | 1 Fortios | 2025-01-31 | 3.5 Low |
| An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. | ||||
| CVE-2023-38729 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, Db2 and 5 more | 2025-01-31 | 6.8 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to sensitive information disclosure when using ADMIN_CMD with IMPORT or EXPORT. | ||||