Export limit exceeded: 25183 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25183 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-34152 | 3 Fedoraproject, Imagemagick, Redhat | 4 Extra Packages For Enterprise Linux, Fedora, Imagemagick and 1 more | 2025-01-13 | 9.8 Critical |
| A vulnerability was found in ImageMagick. This security flaw cause a remote code execution vulnerability in OpenBlob with --enable-pipes configured. | ||||
| CVE-2023-33741 | 2 Google, Macro-video | 2 Android, V380 Pro | 2025-01-13 | 7.5 High |
| Macrovideo v380pro v1.4.97 shares the device id and password when sharing the device. | ||||
| CVE-2020-9089 | 1 Huawei | 2 P30 Pro, P30 Pro Firmware | 2025-01-13 | 3.3 Low |
| There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089. | ||||
| CVE-2022-38456 | 1 Ajax Search Project | 1 Ajax Search | 2025-01-13 | 4.3 Medium |
| Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ernest Marcinko Ajax Search Lite plugin <= 4.10.3 versions. | ||||
| CVE-2023-51931 | 1 Alanclarke | 1 Urlite | 2025-01-13 | 7.5 High |
| An issue in alanclarke URLite v.3.1.0 allows an attacker to cause a denial of service (DoS) via a crafted payload to the parsing function. | ||||
| CVE-2022-34159 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | 7.5 High |
| Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | ||||
| CVE-2022-32204 | 1 Huawei | 2 Cv81-wdm, Cv81-wdm Firmware | 2025-01-10 | 7.5 High |
| There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. | ||||
| CVE-2023-31186 | 1 Avaya | 1 Ix Workforce Engagement | 2025-01-10 | 5.3 Medium |
| Avaya IX Workforce Engagement v15.2.7.1195 - User Enumeration - Observable Response Discrepancy | ||||
| CVE-2023-31185 | 1 Rozcom | 1 Rozcom Client | 2025-01-10 | 7.5 High |
| ROZCOM server framework - Misconfiguration may allow information disclosure via an unspecified request. | ||||
| CVE-2024-13136 | 1 Wangl1989 | 1 Mysiteforme | 2025-01-10 | 6.3 Medium |
| A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2023-32691 | 1 Go Simple Tunnel Project | 1 Go Simple Tunnel | 2025-01-10 | 5.9 Medium |
| gost (GO Simple Tunnel) is a simple tunnel written in golang. Sensitive secrets such as passwords, token and API keys should be compared only using a constant-time comparison function. Untrusted input, sourced from a HTTP header, is compared directly with a secret. Since this comparison is not secure, an attacker can mount a side-channel timing attack to guess the password. As a workaround, this can be easily fixed using a constant time comparing function such as `crypto/subtle`'s `ConstantTimeCompare`. | ||||
| CVE-2024-39725 | 1 Ibm | 2 Engineering Insights, Engineering Lifecycle Optimization - Engineering Insights | 2025-01-10 | 5.3 Medium |
| IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | ||||
| CVE-2023-33182 | 1 Nextcloud | 1 Contacts | 2025-01-10 | 0 Low |
| Contacts app for Nextcloud easily syncs contacts from various devices with your Nextcloud and allows editing. The unsanitized SVG is converted to a JavaScript blob (in memory data) that the Avatar can't render. Due to this constellation the missing sanitization does not seem to be exploitable. It is recommended that the Contacts app is upgraded to 5.0.3 or 4.2.4 | ||||
| CVE-2022-24695 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-01-10 | 4.3 Medium |
| Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with device capabilities and identifiers, some of which may contain identifying information about the device owner. This additionally allows the attacker to establish a connection to the target device. | ||||
| CVE-2023-33955 | 1 Minio | 1 Console | 2025-01-10 | 4.3 Medium |
| Minio Console is the UI for MinIO Object Storage. Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. This issue has been patched in version 0.28.0. | ||||
| CVE-2022-4332 | 1 Sprecher-automation | 12 Sprecon-e-c, Sprecon-e-c Firmware, Sprecon-e-p Dl6-1 and 9 more | 2025-01-10 | 6.8 Medium |
| In Sprecher Automation SPRECON-E-C/P/T3 CPU in variant PU244x a vulnerable firmware verification has been identified. Through physical access and hardware manipulation, an attacker might be able to bypass hardware-based code verification and thus inject and execute arbitrary code and gain full access of the device. | ||||
| CVE-2023-25728 | 2 Mozilla, Redhat | 8 Firefox, Firefox Esr, Thunderbird and 5 more | 2025-01-10 | 6.5 Medium |
| The <code>Content-Security-Policy-Report-Only</code> header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox < 110, Thunderbird < 102.8, and Firefox ESR < 102.8. | ||||
| CVE-2023-33103 | 1 Qualcomm | 96 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 93 more | 2025-01-10 | 7.5 High |
| Transient DOS while processing CAG info IE received from NW. | ||||
| CVE-2024-23493 | 1 Mattermost | 1 Mattermost Server | 2025-01-10 | 4.3 Medium |
| Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. | ||||
| CVE-2023-23754 | 1 Joomla | 1 Joomla\! | 2025-01-10 | 6.1 Medium |
| An issue was discovered in Joomla! 4.2.0 through 4.3.1. Lack of input validation caused an open redirect and XSS issue within the new mfa selection screen. | ||||