Export limit exceeded: 10616 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10616 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-47543 | 1 Fortinet | 1 Fortiportal | 2025-01-02 | 5.1 Medium |
| An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other organizations via HTTP or HTTPS requests. | ||||
| CVE-2022-21964 | 1 Microsoft | 2 Windows 10, Windows 10 1607 | 2025-01-02 | 5.5 Medium |
| Remote Desktop Licensing Diagnoser Information Disclosure Vulnerability | ||||
| CVE-2024-56413 | 2025-01-02 | N/A | ||
| Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | ||||
| CVE-2023-35642 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 6.5 Medium |
| Internet Connection Sharing (ICS) Denial of Service Vulnerability | ||||
| CVE-2023-35641 | 1 Microsoft | 22 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 19 more | 2025-01-01 | 8.8 High |
| Internet Connection Sharing (ICS) Remote Code Execution Vulnerability | ||||
| CVE-2023-35352 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-01-01 | 7.5 High |
| Windows Remote Desktop Security Feature Bypass Vulnerability | ||||
| CVE-2023-29355 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2025-01-01 | 5.3 Medium |
| DHCP Server Service Information Disclosure Vulnerability | ||||
| CVE-2023-23409 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-23401 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2025-01-01 | 7.8 High |
| Windows Media Remote Code Execution Vulnerability | ||||
| CVE-2023-24922 | 1 Microsoft | 1 Dynamics 365 | 2025-01-01 | 6.5 Medium |
| Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | ||||
| CVE-2023-23394 | 1 Microsoft | 21 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 18 more | 2025-01-01 | 5.5 Medium |
| Client Server Run-Time Subsystem (CSRSS) Information Disclosure Vulnerability | ||||
| CVE-2023-23388 | 1 Microsoft | 16 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 13 more | 2025-01-01 | 8.8 High |
| Windows Bluetooth Driver Elevation of Privilege Vulnerability | ||||
| CVE-2023-21714 | 1 Microsoft | 2 365 Apps, Office Long Term Servicing Channel | 2025-01-01 | 5.5 Medium |
| Microsoft Office Information Disclosure Vulnerability | ||||
| CVE-2023-21687 | 1 Microsoft | 5 Windows 11 21h2, Windows 11 21h2, Windows 11 22h2 and 2 more | 2025-01-01 | 5.5 Medium |
| HTTP.sys Information Disclosure Vulnerability | ||||
| CVE-2023-21536 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 4.7 Medium |
| Event Tracing for Windows Information Disclosure Vulnerability | ||||
| CVE-2023-21736 | 1 Microsoft | 4 365 Apps, Office, Office Long Term Servicing Channel and 1 more | 2025-01-01 | 7.8 High |
| Microsoft Office Visio Remote Code Execution Vulnerability | ||||
| CVE-2024-43487 | 1 Microsoft | 11 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 8 more | 2024-12-31 | 6.5 Medium |
| Windows Mark of the Web Security Feature Bypass Vulnerability | ||||
| CVE-2024-13040 | 2024-12-31 | 8.8 High | ||
| The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation. | ||||
| CVE-2024-52294 | 2024-12-30 | 4.3 Medium | ||
| Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated. | ||||
| CVE-2023-32465 | 1 Dell | 1 Powerprotect Cyber Recovery | 2024-12-30 | 8.8 High |
| Dell Power Protect Cyber Recovery, contains an Authentication Bypass vulnerability. An attacker could potentially exploit this vulnerability, leading to unauthorized admin access to the Cyber Recovery application. Exploitation may lead to complete system takeover by an attacker. | ||||