Export limit exceeded: 349366 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (471 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2012-5686 | 1 Zpanelcp | 1 Zpanel | 2024-11-21 | 9.8 Critical |
| ZPanel 10.0.1 has insufficient entropy for its password reset process. | ||||
| CVE-2012-5618 | 1 Ushahidi | 1 Ushahidi | 2024-11-21 | 9.8 Critical |
| Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens. | ||||
| CVE-2010-3300 | 1 Owasp | 1 Enterprise Security Api For Java | 2024-11-21 | 5.9 Medium |
| It was found that all OWASP ESAPI for Java up to version 2.0 RC2 are vulnerable to padding oracle attacks. | ||||
| CVE-2009-5025 | 1 Pyforum Project | 1 Pyforum | 2024-11-21 | 7.5 High |
| A backdoor (aka BMSA-2009-07) was found in PyForum v1.0.3 where an attacker who knows a valid user email could force a password reset on behalf of that user. | ||||
| CVE-2024-45670 | 1 Ibm | 1 Soar | 2024-11-16 | 5.6 Medium |
| IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism. | ||||
| CVE-2024-47549 | 2 Sharp, Toshibatec | 640 Bp-30c25, Bp-30c25 Firmware, Bp-30c25t and 637 more | 2024-11-05 | 7.4 High |
| Sharp and Toshiba Tec MFPs improperly process query parameters in HTTP requests, which may allow contamination of unintended data to HTTP response headers. Accessing a crafted URL which points to an affected product may cause malicious script executed on the web browser. | ||||
| CVE-2024-8692 | 1 Tduckcloud | 1 Tduckpro | 2024-10-03 | 5.3 Medium |
| A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45312 | 1 Overleaf | 1 Overleaf | 2024-09-25 | 5.3 Medium |
| Overleaf is a web-based collaborative LaTeX editor. Overleaf Community Edition and Server Pro prior to version 5.0.7 (or 4.2.7 for the 4.x series) contain a vulnerability that allows an arbitrary language parameter in client spelling requests to be passed to the `aspell` executable running on the server. This causes `aspell` to attempt to load a dictionary file with an arbitrary filename. File access is limited to the scope of the overleaf server. The problem is patched in versions 5.0.7 and 4.2.7. Previous versions can be upgraded using the Overleaf toolkit `bin/upgrade` command. Users unable to upgrade may block POST requests to `/spelling/check` via a Web Application Firewall will prevent access to the vulnerable spell check feature. However, upgrading is advised. | ||||
| CVE-2024-8754 | 1 Gitlab | 1 Gitlab | 2024-09-17 | 6.4 Medium |
| An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provider identities when JWT authentication is configured. | ||||
| CVE-2024-6203 | 1 Haloservicesolutions | 1 Haloitsm | 2024-08-29 | 8.3 High |
| HaloITSM versions up to 2.146.1 are affected by a Password Reset Poisoning vulnerability. Poisoned password reset links can be sent to existing HaloITSM users (given their email address is known). When these poisoned links get accessed (e.g. manually by the victim or automatically by an email client software), the password reset token is leaked to the malicious actor, allowing them to set a new password for the victim's account.This potentially leads to account takeover attacks.HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | ||||
| CVE-2024-37028 | 1 F5 | 1 Big-ip Next Central Manager | 2024-08-20 | 5.3 Medium |
| BIG-IP Next Central Manager may allow an attacker to lock out an account that has never been logged in. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | ||||