Export limit exceeded: 10620 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10620 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-38558 | 1 Siemens | 1 Simatic Pcs Neo | 2025-02-27 | 5.5 Medium |
| A vulnerability has been identified in SIMATIC PCS neo (Administration Console) V4.0 (All versions), SIMATIC PCS neo (Administration Console) V4.0 Update 1 (All versions). The affected application leaks Windows admin credentials. An attacker with local access to the Administration Console could get the credentials, and impersonate the admin user, thereby gaining admin access to other Windows systems. | ||||
| CVE-2023-2163 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2025-02-27 | 10 Critical |
| Incorrect verifier pruning in BPF in Linux Kernel >=5.4 leads to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. | ||||
| CVE-2023-5158 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-02-27 | 6.5 Medium |
| A flaw was found in vringh_kiov_advance in drivers/vhost/vringh.c in the host side of a virtio ring in the Linux Kernel. This issue may result in a denial of service from guest to host via zero length descriptor. | ||||
| CVE-2023-4089 | 1 Wago | 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more | 2025-02-27 | 2.7 Low |
| On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. | ||||
| CVE-2023-2622 | 1 Hitachienergy | 1 Modular Advanced Control For Hvdc | 2025-02-27 | 2.7 Low |
| Authenticated clients can read arbitrary files on the MAIN Computer system using the remote procedure call (RPC) of the InspectSetup service endpoint. The low privilege client is then allowed to read arbitrary files that they do not have authorization to read. | ||||
| CVE-2023-1370 | 2 Json-smart Project, Redhat | 9 Json-smart, Amq Clients, Amq Streams and 6 more | 2025-02-27 | 7.5 High |
| [Json-smart](https://netplex.github.io/json-smart/) is a performance focused, JSON processor lib. When reaching a ‘[‘ or ‘{‘ character in the JSON input, the code parses an array or an object respectively. It was discovered that the code does not have any limit to the nesting of such arrays or objects. Since the parsing of nested arrays and objects is done recursively, nesting too many of them can cause a stack exhaustion (stack overflow) and crash the software. | ||||
| CVE-2023-1296 | 1 Hashicorp | 1 Nomad | 2025-02-27 | 2.7 Low |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.5.0 did not correctly enforce deny policies applied to a workload’s variables. Fixed in 1.4.6 and 1.5.1. | ||||
| CVE-2023-26461 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-02-27 | 6.8 Medium |
| SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges. | ||||
| CVE-2022-37940 | 1 Hpe | 4 Flexfabric 5700 40xg 2qsfp\+, Flexfabric 5700 40xg 2qsfp\+ Firmware, Flexfabric 5700 48g 4xg 2qsfp\+ and 1 more | 2025-02-27 | 5.3 Medium |
| Potential security vulnerabilities have been identified in the HPE FlexFabric 5700 Switch Series. These vulnerabilities could be remotely exploited to allow host header injection and URL redirection. HPE has made the following software to resolve the vulnerability in HPE FlexFabric 5700 Switch Series version R2432P61 or later. | ||||
| CVE-2023-5352 | 1 Getawesomesupport | 1 Awesome Support | 2025-02-26 | 4.3 Medium |
| The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. | ||||
| CVE-2023-27783 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | 7.5 High |
| An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | ||||
| CVE-2023-21000 | 1 Google | 1 Android | 2025-02-26 | 7.8 High |
| In MediaCodec.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID: A-194783918 | ||||
| CVE-2020-22647 | 1 Smartconrtactgames Project | 1 Smartconrtactgames | 2025-02-26 | 9.1 Critical |
| An issue found in DepositGame v.1.0 allows an attacker to gain sensitive information via the GetBonusWithdraw and withdraw functions. | ||||
| CVE-2024-22244 | 1 Linuxfoundation | 1 Harbor | 2025-02-26 | 4.3 Medium |
| Open Redirect in Harbor <=v2.8.4, <=v2.9.2, and <=v2.10.0 may redirect a user to a malicious site. | ||||
| CVE-2023-22591 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2025-02-26 | 3.9 Low |
| IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. | ||||
| CVE-2022-45637 | 1 Megafeis | 1 Bofei Dbd\+ | 2025-02-26 | 9.8 Critical |
| An insecure password reset issue discovered in MEGAFEIS, BOFEI DBD+ Application for IOS & Android v1.4.4 service via insecure expiry mechanism. | ||||
| CVE-2024-3376 | 2 Oretnom23, Sourcecodester | 2 Computer Laboratory Management System, Computer Laboratory Management System | 2025-02-26 | 7.3 High |
| A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-259497 was assigned to this vulnerability. | ||||
| CVE-2023-0681 | 1 Rapid7 | 1 Insightvm | 2025-02-26 | 4.3 Medium |
| Rapid7 InsightVM versions 6.6.178 and lower suffers from an open redirect vulnerability, whereby an attacker has the ability to redirect the user to a site of the attacker’s choice using the ‘page’ parameter of the ‘data/console/redirect’ component of the application. This issue was resolved in the February, 2023 release of version 6.6.179. | ||||
| CVE-2023-1543 | 1 Answer | 1 Answer | 2025-02-26 | 8.8 High |
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-28685 | 1 Jenkins | 1 Absint A3 | 2025-02-26 | 7.1 High |
| Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||