Search Results (367104 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-20872 2 Apple, Vmware 3 Mac Os X, Fusion, Workstation 2025-02-04 8.8 High
VMware Workstation and Fusion contain an out-of-bounds read/write vulnerability in SCSI CD/DVD device emulation.
CVE-2023-20871 2 Apple, Vmware 2 Mac Os X, Fusion 2025-02-04 7.8 High
VMware Fusion contains a local privilege escalation vulnerability. A malicious actor with read/write access to the host operating system can elevate privileges to gain root access to the host operating system.
CVE-2023-1623 1 Webdevstudios 1 Custom Post Type Ui 2025-02-04 6.5 Medium
The Custom Post Type UI WordPress plugin before 1.13.5 does not properly check for CSRF when sending the debug information to a user supplied email, which could allow attackers to make a logged in admin send such information to an arbitrary email address via a CSRF attack.
CVE-2023-0424 1 Ms-reviews Project 1 Ms-reviews 2025-02-04 5.4 Medium
The MS-Reviews WordPress plugin through 1.5 does not sanitise and escape reviews, which could allow users any authenticated users, such as Subscribers to perform Stored Cross-Site Scripting attacks
CVE-2023-0418 1 Video Central Project 1 Video Central 2025-02-04 5.4 Medium
The Video Central for WordPress plugin through 1.3.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks
CVE-2022-28354 1 Mybb 1 Active Threads 2025-02-04 6.1 Medium
In the Active Threads Plugin 1.3.0 for MyBB, the activethreads.php date parameter is vulnerable to XSS when setting a time period.
CVE-2023-51543 1 Metagauss 1 Registrationmagic 2025-02-04 5.3 Medium
Authentication Bypass by Spoofing vulnerability in Metagauss RegistrationMagic allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects RegistrationMagic: from n/a through 5.2.5.0.
CVE-2023-2251 1 Yaml Project 1 Yaml 2025-02-04 7.5 High
Uncaught Exception in GitHub repository eemeli/yaml prior to 2.0.0-5.
CVE-2023-2258 1 Alf 1 Alf 2025-02-04 8.8 High
Improper Neutralization of Formula Elements in a CSV File in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
CVE-2024-28963 1 Dell 2 Telemetry Dashboard, Thinos 2025-02-04 6.2 Medium
Telemetry Dashboard v1.0.0.7 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability to read sensitive proxy settings information.
CVE-2024-0157 1 Dell 2 Storage Monitoring And Reporting, Storage Resource Manager 2025-02-04 5.9 Medium
Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.
CVE-2024-49388 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-04 9.1 Critical
Sensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49384 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-04 4.3 Medium
Excessive attack surface in acep-collector service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49382 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-04 4.3 Medium
Excessive attack surface in archive-server service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49387 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-04 7.5 High
Cleartext transmission of sensitive information in acep-collector service. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2024-49383 3 Acronis, Linux, Microsoft 3 Cyber Protect, Linux Kernel, Windows 2025-02-04 4.3 Medium
Excessive attack surface in acep-importer service due to binding to an unrestricted IP address. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 38690.
CVE-2023-2259 1 Alf 1 Alf 2025-02-04 7.2 High
Improper Neutralization of Special Elements Used in a Template Engine in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
CVE-2025-0846 1 1000projects 1 Employee Task Management System 2025-02-04 7.3 High
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-27991 1 Zyxel 38 Atp100, Atp100 Firmware, Atp100w and 35 more 2025-02-04 8.8 High
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
CVE-2025-0847 1 1000projects 1 Employee Task Management System 2025-02-04 7.3 High
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.