Export limit exceeded: 10625 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10625 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2017-20164 | 1 Symbiote | 1 Seed | 2025-04-08 | 6.3 Medium |
| A vulnerability was found in Symbiote Seed up to 6.0.2. It has been classified as critical. Affected is the function onBeforeSecurityLogin of the file code/extensions/SecurityLoginExtension.php of the component Login. The manipulation of the argument URL leads to open redirect. It is possible to launch the attack remotely. Upgrading to version 6.0.3 is able to address this issue. The patch is identified as b065ebd82da53009d273aa7e989191f701485244. It is recommended to upgrade the affected component. VDB-217626 is the identifier assigned to this vulnerability. | ||||
| CVE-2025-32406 | 2025-04-08 | 8.6 High | ||
| An XXE issue in the Director NBR component in NAKIVO Backup & Replication 10.3.x through 11.0.1 before 11.0.2 allows remote attackers fetch and parse the XML response. | ||||
| CVE-2022-24913 | 1 Java-merge-sort Project | 1 Java-merge-sort | 2025-04-08 | 5.5 Medium |
| Versions of the package com.fasterxml.util:java-merge-sort before 1.1.0 are vulnerable to Insecure Temporary File in the StdTempFileProvider() function in StdTempFileProvider.java, which uses the permissive File.createTempFile() function, exposing temporary file contents. | ||||
| CVE-2024-58131 | 1 Fisco-bcos | 1 Fisco-bcos | 2025-04-08 | 4 Medium |
| FISCO BCOS 3.11.0 has an issue with synchronization of the transaction pool that can, for example, be observed when a malicious node (that has modified the codebase to allow a large min_seal_time value) joins a blockchain network. | ||||
| CVE-2024-31253 | 1 Wp-oauth | 1 Wp Oauth Server | 2025-04-08 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in WP OAuth Server OAuth Server.This issue affects OAuth Server: from n/a through 4.3.3. | ||||
| CVE-2022-3592 | 2 Fedoraproject, Samba | 2 Fedora, Samba | 2025-04-08 | 6.5 Medium |
| A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem. | ||||
| CVE-2022-25027 | 1 Rocketsoftware | 1 Trufusion Enterprise | 2025-04-08 | 7.5 High |
| The Forgotten Password functionality of Rocket TRUfusion Portal v7.9.2.1 allows remote attackers to bypass authentication and access restricted pages by validating the user's session token when the "Password forgotten?" button is clicked. | ||||
| CVE-2024-31282 | 1 Appcheap | 1 App Builder | 2025-04-08 | 4.7 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Appcheap.Io App Builder.This issue affects App Builder: from n/a through 3.8.7. | ||||
| CVE-2024-22543 | 1 Linksys | 2 E1700, E1700 Firmware | 2025-04-08 | 6.1 Medium |
| An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. | ||||
| CVE-2023-32019 | 1 Microsoft | 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more | 2025-04-08 | 4.7 Medium |
| Windows Kernel Information Disclosure Vulnerability | ||||
| CVE-2023-0042 | 1 Gitlab | 1 Gitlab | 2025-04-08 | 6.1 Medium |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.4 prior to 15.5.7, 15.6 prior to 15.6.4, and 15.7 prior to 15.7.2. GitLab Pages allows redirection to arbitrary protocols. | ||||
| CVE-2022-3145 | 1 Okta | 1 Oidc Middleware | 2025-04-08 | 4.7 Medium |
| An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | ||||
| CVE-2023-29346 | 1 Microsoft | 19 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 16 more | 2025-04-08 | 7.8 High |
| NTFS Elevation of Privilege Vulnerability | ||||
| CVE-2022-39183 | 1 Moodle | 1 Saml Authentication | 2025-04-08 | 6.5 Medium |
| Moodle Plugin - SAML Auth may allow Open Redirect through unspecified vectors. | ||||
| CVE-2023-0227 | 1 Pyload | 1 Pyload | 2025-04-08 | 6.5 Medium |
| Insufficient Session Expiration in GitHub repository pyload/pyload prior to 0.5.0b3.dev36. | ||||
| CVE-2023-23589 | 3 Debian, Fedoraproject, Torproject | 3 Debian Linux, Fedora, Tor | 2025-04-07 | 6.5 Medium |
| The SafeSocks option in Tor before 0.4.7.13 has a logic error in which the unsafe SOCKS4 protocol can be used but not the safe SOCKS4a protocol, aka TROVE-2022-002. | ||||
| CVE-2023-22958 | 1 Syracom | 1 Secure Login | 2025-04-07 | 6.1 Medium |
| The Syracom Secure Login plugin before 3.1.1.0 for Jira may allow spoofing of 2FA PIN validation via the plugins/servlet/twofactor/public/pinvalidation target parameter. | ||||
| CVE-2024-50685 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation, is vulnerable to insecure direct object references (IDOR) via the powerStationService API model. | ||||
| CVE-2024-50686 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the commonService API model. | ||||
| CVE-2024-50687 | 1 Sungrowpower | 1 Isolarcloud | 2025-04-07 | 9.1 Critical |
| SunGrow iSolarCloud before the October 31, 2024 remediation is vulnerable to insecure direct object references (IDOR) via the devService API model. | ||||