Export limit exceeded: 20087 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 12027 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (12027 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0089 | 2 Microsoft, Nvidia | 10 Windows, Cloud Gaming, Geforce and 7 more | 2024-11-21 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | ||||
| CVE-2023-7031 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.7 Medium |
| Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support. | ||||
| CVE-2023-6836 | 1 Wso2 | 7 Api Manager, Api Manager Analytics, Api Microgateway and 4 more | 2024-11-21 | 4.6 Medium |
| Multiple WSO2 products have been identified as vulnerable due to an XML External Entity (XXE) attack abuses a widely available but rarely used feature of XML parsers to access sensitive information. | ||||
| CVE-2023-6721 | 1 Europeana | 1 Repox | 2024-11-21 | 8.3 High |
| An XEE vulnerability has been found in Repox, which allows a remote attacker to interfere with the application's XML data processing in the fileupload function, resulting in interaction between the attacker and the server's file system. | ||||
| CVE-2023-6545 | 1 Beckhoff | 2 Authelia-bhf, Twincat\/bsd | 2024-11-21 | 4.7 Medium |
| The package authelia-bhf included in Beckhoffs TwinCAT/BSD is prone to an open redirect that allows a remote unprivileged attacker to redirect a user to another site. This may have limited impact to integrity and does solely affect anthelia-bhf the Beckhoff fork of authelia. | ||||
| CVE-2023-6380 | 1 Alkacon | 1 Opencms | 2024-11-21 | 6.1 Medium |
| Open redirect vulnerability has been found in the Open CMS product affecting versions 14 and 15 of the 'Mercury' template. An attacker could create a specially crafted URL and send it to a specific user to redirect them to a malicious site and compromise them. Exploitation of this vulnerability is possible due to the fact that there is no proper sanitization of the 'URI' parameter. | ||||
| CVE-2023-6341 | 1 Catalisgov | 1 Cms360 | 2024-11-21 | 5.3 Medium |
| Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation. | ||||
| CVE-2023-6280 | 1 52north | 1 Wps | 2024-11-21 | 7.2 High |
| An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of external entities in its WebProcessingService servlet for an attacker to retrieve files by making HTTP requests to the internal network. | ||||
| CVE-2023-6194 | 1 Eclipse | 1 Memory Analyzer | 2024-11-21 | 2.8 Low |
| In Eclipse Memory Analyzer versions 0.7 to 1.14.0, report definition XML files are not filtered to prohibit document type definition (DTD) references to external entities. This means that if a user chooses to use a malicious report definition XML file containing an external entity reference to generate a report then Eclipse Memory Analyzer may access external files or URLs defined via a DTD in the report definition. | ||||
| CVE-2023-6144 | 1 Armanidrisi | 1 Dev Blog | 2024-11-21 | 9.1 Critical |
| Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username. | ||||
| CVE-2023-5959 | 1 Byzoro | 2 Smart S85f, Smart S85f Firmware | 2024-11-21 | 4.3 Medium |
| A vulnerability, which was classified as problematic, was found in Byzoro Smart S85F Management Platform V31R02B10-01. Affected is an unknown function of the file /login.php. The manipulation of the argument txt_newpwd leads to weak password recovery. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-244992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-5889 | 1 Pkp | 1 Pkp Web Application Library | 2024-11-21 | 8.2 High |
| Insufficient Session Expiration in GitHub repository pkp/pkp-lib prior to 3.3.0-16. | ||||
| CVE-2023-5875 | 1 Mattermost | 1 Mattermost Desktop | 2024-11-21 | 3.7 Low |
| Mattermost Desktop fails to correctly handle permissions or prompt the user for consent on certain sensitive ones allowing media exploitation from a malicious mattermost server | ||||
| CVE-2023-5866 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 5.7 Medium |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.2.1. | ||||
| CVE-2023-5865 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. | ||||
| CVE-2023-5840 | 1 Linkstack | 1 Linkstack | 2024-11-21 | 8.8 High |
| Weak Password Recovery Mechanism for Forgotten Password in GitHub repository linkstackorg/linkstack prior to v4.2.9. | ||||
| CVE-2023-5838 | 1 Linkstack | 1 Linkstack | 2024-11-21 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository linkstackorg/linkstack prior to v4.2.9. | ||||
| CVE-2023-5629 | 1 Schneider-electric | 32 Eb450, Eb450 Firmware, Eb45e and 29 more | 2024-11-21 | 8.2 High |
| A CWE-601:URL Redirection to Untrusted Site (‘Open Redirect’) vulnerability exists that could cause disclosure of information through phishing attempts over HTTP. | ||||
| CVE-2023-5610 | 1 S-sols | 1 Seraphinite Accelerator | 2024-11-21 | 5.4 Medium |
| The Seraphinite Accelerator WordPress plugin before 2.2.29 does not validate the URL to redirect any authenticated user to, leading to an arbitrary redirect | ||||
| CVE-2023-5545 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 3.3 Low |
| H5P metadata automatically populated the author with the user's username, which could be sensitive information. | ||||