Export limit exceeded: 357113 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35476 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35476 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30757 | 1 Siemens | 1 Totally Integrated Automation Portal | 2024-12-10 | 6.2 Medium |
| A vulnerability has been identified in Totally Integrated Automation Portal (TIA Portal) V14 (All versions), Totally Integrated Automation Portal (TIA Portal) V15 (All versions), Totally Integrated Automation Portal (TIA Portal) V15.1 (All versions), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions), Totally Integrated Automation Portal (TIA Portal) V20 (All versions). The know-how protection feature in affected products does not properly update the encryption of existing program blocks when a project file is updated. This could allow attackers with access to the project file to recover previous - yet unprotected - versions of the project without the knowledge of the know-how protection password. | ||||
| CVE-2023-34541 | 1 Langchain | 1 Langchain | 2024-12-09 | 9.8 Critical |
| Langchain 0.0.171 is vulnerable to Arbitrary code execution in load_prompt. | ||||
| CVE-2023-42918 | 1 Apple | 1 Macos | 2024-12-09 | 8.6 High |
| A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14. A sandboxed process may be able to circumvent sandbox restrictions. | ||||
| CVE-2023-34596 | 1 Aeotech | 2 Zw130-a, Zw130-a Firmware | 2024-12-09 | 6.5 Medium |
| A vulnerability in Aeotec WallMote Switch firmware v2.3 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | ||||
| CVE-2024-8785 | 1 Progress | 1 Whatsup Gold | 2024-12-09 | 9.8 Critical |
| In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | ||||
| CVE-2023-34597 | 1 Fibaro | 2 Fgms-001, Fgms-001 Firmware | 2024-12-09 | 6.5 Medium |
| A vulnerability in Fibaro Motion Sensor firmware v3.4 allows attackers to cause a Denial of Service (DoS) via a crafted Z-Wave message. | ||||
| CVE-2024-27790 | 1 Claris | 1 Filemaker Server | 2024-12-09 | 7.5 High |
| Claris International has resolved an issue of potentially allowing unauthorized access to records stored in databases hosted on FileMaker Server. This issue has been fixed in FileMaker Server 20.3.2 by validating transactions before replying to client requests. | ||||
| CVE-2024-4046 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 6.4 Medium |
| Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32996 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 6.2 Medium |
| Privilege escalation vulnerability in the account module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2024-32999 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 6.8 Medium |
| Cracking vulnerability in the OS security module Impact: Successful exploitation of this vulnerability will affect availability. | ||||
| CVE-2023-1862 | 1 Cloudflare | 1 Warp | 2024-12-09 | 7.3 High |
| Cloudflare WARP client for Windows (up to v2023.3.381.0) allowed a malicious actor to remotely access the warp-svc.exe binary due to an insufficient access control policy on an IPC Named Pipe. This would have enabled an attacker to trigger WARP connect and disconnect commands, as well as obtaining network diagnostics and application configuration from the target's device. It is important to note that in order to exploit this, a set of requirements would need to be met, such as the target's device must've been reachable on port 445, allowed authentication with NULL sessions or otherwise having knowledge of the target's credentials. | ||||
| CVE-2023-52719 | 1 Huawei | 2 Emui, Harmonyos | 2024-12-09 | 7.1 High |
| Privilege escalation vulnerability in the PMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2023-52721 | 1 Huawei | 1 Harmonyos | 2024-12-09 | 6.2 Medium |
| The WindowManager module has a vulnerability in permission control. Impact: Successful exploitation of this vulnerability may affect confidentiality. | ||||
| CVE-2023-42954 | 1 Claris | 2 Claris Pro, Filemaker Server | 2024-12-09 | 4.9 Medium |
| A privilege escalation issue existed in FileMaker Server, potentially exposing sensitive information to front-end websites when signed in to the Admin Console with an administrator role. This issue has been fixed in FileMaker Server 20.3.1 by reducing the information sent in requests. | ||||
| CVE-2023-52361 | 1 Huawei | 1 Harmonyos | 2024-12-09 | 7.5 High |
| The VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect integrity. | ||||
| CVE-2023-5288 | 1 Sick | 3 Sim1012, Sim1012-0p0g200, Sim1012-0p0g200 Firmware | 2024-12-09 | 9.8 Critical |
| A remote unauthorized attacker may connect to the SIM1012, interact with the device and change configuration settings. The adversary may also reset the SIM and in the worst case upload a new firmware version to the device. | ||||
| CVE-2024-1823 | 1 Codeastro | 1 Simple Voting System | 2024-12-07 | 5.3 Medium |
| A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611. | ||||
| CVE-2022-1548 | 1 Mattermost | 1 Playbooks | 2024-12-06 | 3.7 Low |
| Mattermost Playbooks plugin 1.25 and earlier fails to properly restrict user-level permissions, which allows playbook members to escalate their membership privileges and perform actions restricted to playbook admins. | ||||
| CVE-2023-2281 | 1 Mattermost | 1 Mattermost Server | 2024-12-06 | 3.1 Low |
| When archiving a team, Mattermost fails to sanitize the related Websocket event sent to currently connected clients. This allows the clients to see the name, display name, description, and other data about the archived team. | ||||
| CVE-2023-2808 | 1 Mattermost | 1 Mattermost | 2024-12-06 | 4.3 Medium |
| Mattermost fails to normalize UTF confusable characters when determining if a preview should be generated for a hyperlink, allowing an attacker to trigger link preview on a disallowed domain using a specially crafted link. | ||||