Search Results (367103 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2260 1 Alf 1 Alf 2025-02-04 8.8 High
Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.
CVE-2022-48476 1 Jetbrains 1 Ktor 2025-02-04 7.5 High
In JetBrains Ktor before 2.3.0 path traversal in the `resolveResource` method was possible
CVE-2022-48477 1 Jetbrains 1 Hub 2025-02-04 4.1 Medium
In JetBrains Hub before 2023.1.15725 SSRF protection in Auth Module integration was missing
CVE-2024-53292 1 Dell 1 Vxrail Hyperconverged Infrastructure 2025-02-04 7.2 High
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account.
CVE-2023-2257 3 Apple, Devolutions, Microsoft 3 Macos, Workspace, Windows 2025-02-04 6.1 Medium
Authentication Bypass in Hub Business integration in Devolutions Workspace Desktop 2023.1.1.3 and earlier on Windows and macOS allows an attacker with access to the user interface to unlock a Hub Business space without being prompted to enter the password via an unimplemented "Force Login" security feature. This vulnerability occurs only if "Force Login" feature is enabled on the Hub Business instance and that an attacker has access to a locked Workspace desktop application configured with a Hub Business space.
CVE-2023-29849 1 Hockeycomputindo 1 Bang Resto 2025-02-04 8.8 High
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
CVE-2023-26735 1 Prometheus 1 Blackbox Exporter 2025-02-04 7.5 High
blackbox_exporter v0.23.0 was discovered to contain an access control issue in its probe interface. This vulnerability allows attackers to detect intranet ports and services, as well as download resources. NOTE: this is disputed by third parties because authentication can be configured.
CVE-2023-26560 1 Northern.tech 1 Cfengine 2025-02-04 6.5 Medium
Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.
CVE-2023-26058 1 Nokia 1 Netact 2025-02-04 6.5 Medium
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to a Performance Manager page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
CVE-2023-26057 1 Nokia 1 Netact 2025-02-04 6.5 Medium
An XXE issue was discovered in Nokia NetAct before 22 FP2211 via an XML document to the Configuration Dashboard page. Input validation and a proper XML parser configuration are missing. For an external attacker, it is very difficult to exploit this, because a few dynamically created parameters such as Jsession-id, a CSRF token, and an Nxsrf token would be needed. The attack can realistically only be performed by an internal user.
CVE-2023-25348 1 Churchcrm 1 Churchcrm 2025-02-04 7.8 High
ChurchCRM 4.5.3 was discovered to contain a CSV injection vulnerability via the Last Name and First Name input fields when creating a new person. These vulnerabilities allow attackers to execute arbitrary code via a crafted excel file.
CVE-2023-1414 1 Rextheme 1 Wp Vr 2025-02-04 4.3 Medium
The WP VR WordPress plugin before 8.3.0 does not have authorisation and CSRF checks in various AJAX actions, one in particular could allow any authenticated users, such as subscriber to update arbitrary tours
CVE-2024-53290 1 Dell 1 Thinos 2025-02-04 8.4 High
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution
CVE-2024-53289 1 Dell 1 Thinos 2025-02-04 7.8 High
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2024-52537 3 Dell, Linux, Microsoft 5 Dock Hd22q Firmware Update Utility, Dock Wd19 Firmware Update Utility, Dock Wd22tb4 Firmware Update Utility and 2 more 2025-02-04 6.3 Medium
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges.
CVE-2024-49600 1 Dell 1 Power Manager 2025-02-04 7.8 High
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges.
CVE-2024-38485 1 Dell 1 Elastic Cloud Storage 2025-02-04 4.3 Medium
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage.
CVE-2024-38296 1 Dell 4 Edge Gateway 3200, Edge Gateway 5200, Edge Gateway 5200 Firmware and 1 more 2025-02-04 6.7 Medium
Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure.
CVE-2024-29955 1 Broadcom 1 Brocade Sannav 2025-02-04 5 Medium
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.
CVE-2024-29952 1 Broadcom 1 Brocade Sannav 2025-02-04 5.5 Medium
A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables.