Export limit exceeded: 11257 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (11257 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-31152 | 1 Selinc | 20 Sel-2241 Rtac Module, Sel-2241 Rtac Module Firmware, Sel-3350 and 17 more | 2025-01-24 | 4 Medium |
| An Authentication Bypass Using an Alternate Path or Channel vulnerability in the Schweitzer Engineering Laboratories Real-Time Automation Controller (SEL RTAC) Web Interface allows Authentication Bypass. See SEL Service Bulletin dated 2022-11-15 for more details. | ||||
| CVE-2022-41985 | 1 Weston-embedded | 1 Uc-ftps | 2025-01-24 | 8.6 High |
| An authentication bypass vulnerability exists in the Authentication functionality of Weston Embedded uC-FTPs v 1.98.00. A specially crafted set of network packets can lead to authentication bypass and denial of service. An attacker can send a sequence of unauthenticated packets to trigger this vulnerability. | ||||
| CVE-2023-23573 | 1 Intel | 1 Unite | 2025-01-24 | 4.4 Medium |
| Improper access control in the Intel(R) Unite(R) android application before Release 17 may allow a privileged user to potentially enable information disclosure via local access. | ||||
| CVE-2022-41769 | 1 Intel | 1 Connect M | 2025-01-24 | 4.8 Medium |
| Improper access control in the Intel(R) Connect M Android application before version 1.82 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-41621 | 1 Intel | 1 Quickassist Technology | 2025-01-24 | 3.3 Low |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable information disclosure via local access. | ||||
| CVE-2022-40972 | 1 Intel | 1 Quickassist Technology | 2025-01-24 | 6.7 Medium |
| Improper access control in some Intel(R) QAT drivers for Windows before version 1.9.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-44610 | 1 Intel | 1 Data Center Manager | 2025-01-24 | 5.4 Medium |
| Improper authentication in the Intel(R) DCM software before version 5.1 may allow an authenticated user to potentially enable escalation of privilege via network access. | ||||
| CVE-2023-29242 | 1 Intel | 6 Oneapi Ai Analytics Toolkit, Oneapi Base Toolkit, Oneapi Dl Framework Developer Toolkit and 3 more | 2025-01-24 | 6.7 Medium |
| Improper access control for Intel(R) oneAPI Toolkits before version 2021.1 Beta 10 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-31199 | 1 Intel | 1 Solid State Drive Toolbox | 2025-01-24 | 7.1 High |
| Improper access control in the Intel(R) Solid State Drive Toolbox(TM) before version 3.4.5 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2023-30768 | 1 Intel | 128 Server Board S1200btl, Server Board S1200btl Firmware, Server Board S1200btlr and 125 more | 2025-01-24 | 7.1 High |
| Improper access control in the Intel(R) Server Board S2600WTT belonging to the Intel(R) Server Board S2600WT Family with the BIOS version 0016 may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-3139 | 1 Oretnom23 | 1 Computer Laboratory Management System | 2025-01-24 | 5.4 Medium |
| A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. Affected by this issue is the function save_users of the file /classes/Users.php?f=save. The manipulation of the argument id leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-258914 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-2674 | 1 Open-emr | 1 Openemr | 2025-01-24 | 4.3 Medium |
| Improper Access Control in GitHub repository openemr/openemr prior to 7.0.1. | ||||
| CVE-2024-3383 | 1 Paloaltonetworks | 1 Pan-os | 2025-01-24 | 7.4 High |
| A vulnerability in how Palo Alto Networks PAN-OS software processes data received from Cloud Identity Engine (CIE) agents enables modification of User-ID groups. This impacts user access to network resources where users may be inappropriately denied or allowed access to resources based on your existing Security Policy rules. | ||||
| CVE-2023-32081 | 1 Eclipse | 1 Vert.x Stomp | 2025-01-23 | 6.5 Medium |
| Vert.x STOMP is a vert.x implementation of the STOMP specification that provides a STOMP server and client. From versions 3.1.0 until 3.9.16 and 4.0.0 until 4.4.2, a Vert.x STOMP server processes client STOMP frames without checking that the client send an initial CONNECT frame replied with a successful CONNECTED frame. The client can subscribe to a destination or publish message without prior authentication. Any Vert.x STOMP server configured with an authentication handler is impacted. The issue is patched in Vert.x 3.9.16 and 4.4.2. There are no trivial workarounds. | ||||
| CVE-2024-47761 | 1 Glpi-project | 1 Glpi | 2025-01-23 | 7.2 High |
| GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2024-47760 | 1 Glpi-project | 1 Glpi | 2025-01-23 | 8.8 High |
| GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2024-2481 | 1 Surya2developer | 1 Hostel Management System | 2025-01-23 | 6.5 Medium |
| A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-23445 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to gain unauthorized access to data fields by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-23446 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 7.5 High |
| Improper Access Control in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to download files by using a therefore unpriviledged account via the REST interface. | ||||
| CVE-2023-23450 | 1 Sick | 14 Ftmg-esd15axx, Ftmg-esd15axx Firmware, Ftmg-esd20axx and 11 more | 2025-01-23 | 6.2 Medium |
| Use of Password Hash Instead of Password for Authentication in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows an unprivileged remote attacker to use a password hash instead of an actual password to login to a valid user account via the REST interface. | ||||