Export limit exceeded: 360632 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-45348 | 1 Apache | 1 Airflow | 2025-02-13 | 4.3 Medium |
| Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "expose_config" option is set to "non-sensitive-only". The `expose_config` option is False by default. It is recommended to upgrade to a version that is not affected. | ||||
| CVE-2024-6913 | 3 Microsoft, Perkin Elmer, Perkinelmer | 3 Windows, Process Plus, Processplus | 2025-02-13 | 8.8 High |
| Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0. | ||||
| CVE-2024-6101 | 1 Google | 1 Chrome | 2025-02-13 | 8.8 High |
| Inappropriate implementation in V8 in Google Chrome prior to 126.0.6478.114 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2024-5839 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 6.5 Medium |
| Inappropriate Implementation in Memory Allocator in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-5834 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Inappropriate implementation in Dawn in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-5010 | 1 Progress | 1 Whatsup Gold | 2025-02-13 | 7.5 High |
| In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | ||||
| CVE-2024-3846 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 5.4 Medium |
| Inappropriate implementation in Prompts in Google Chrome prior to 124.0.6367.60 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-3845 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 9.8 Critical |
| Inappropriate implementation in Networks in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass mixed content policy via a crafted HTML page. (Chromium security severity: Low) | ||||
| CVE-2024-3844 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Extensions in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | ||||
| CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 4.6 Medium |
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-3840 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 6.5 Medium |
| Insufficient policy enforcement in Site Isolation in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) | ||||
| CVE-2024-3838 | 1 Google | 1 Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Autofill in Google Chrome prior to 124.0.6367.60 allowed an attacker who convinced a user to install a malicious app to perform UI spoofing via a crafted app. (Chromium security severity: Medium) | ||||
| CVE-2024-3833 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 8.8 High |
| Object corruption in WebAssembly in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2024-27254 | 5 Hp, Ibm, Linux and 2 more | 7 Hp-ux, Aix, Db2 and 4 more | 2025-02-13 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813. | ||||
| CVE-2024-2628 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 4.3 Medium |
| Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) | ||||
| CVE-2024-25046 | 1 Ibm | 1 Db2 | 2025-02-13 | 5.3 Medium |
| IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service by an authenticated user using a specially crafted query. IBM X-Force ID: 282953. | ||||
| CVE-2024-24790 | 2 Golang, Redhat | 20 Go, Advanced Cluster Security, Ansible Automation Platform and 17 more | 2025-02-13 | 9.8 Critical |
| The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms. | ||||
| CVE-2024-24789 | 2 Golang, Redhat | 11 Go, Advanced Cluster Security, Ceph Storage and 8 more | 2025-02-13 | 5.3 Medium |
| The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects files containing these errors. | ||||
| CVE-2024-24758 | 1 Nodejs | 1 Undici | 2025-02-13 | 3.9 Low |
| Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||