Search Results (366908 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-1204 1 Gitlab 1 Gitlab 2025-01-30 4.3 Medium
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings.
CVE-2022-4568 1 Lenovo 1 System Update 2025-01-30 7 High
A directory permissions management vulnerability in Lenovo System Update may allow elevation of privileges.
CVE-2022-48482 2 3cx, Microsoft 2 3cx, Windows 2025-01-30 7.5 High
3CX before 18 Update 2 Security Hotfix build 18.0.2.315 on Windows allows unauthenticated remote attackers to read certain files via /Electron/download directory traversal. Files may have credentials, full backups, call recordings, and chat logs.
CVE-2022-48186 1 Lenovo 1 Baiying 2025-01-30 6.2 Medium
A certificate validation vulnerability exists in the Baiying Android application which could lead to information disclosure.
CVE-2022-47877 1 Jedox 1 Jedox 2025-01-30 9.6 Critical
A Stored cross-site scripting vulnerability in Jedox 2020.2.5 allows remote, authenticated users to inject arbitrary web script or HTML in the Logs page via the log module 'log'.
CVE-2022-47876 1 Jedox 1 Jedox 2025-01-30 9.1 Critical
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts.
CVE-2022-47874 1 Jedox 2 Cloud, Jedox 2025-01-30 6.5 Medium
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.
CVE-2022-30759 1 Nokia 1 One-nds 2025-01-30 8.8 High
In Nokia One-NDS (aka Network Directory Server) through 20.9, some Sudo permissions can be exploited by some users to escalate to root privileges and execute arbitrary commands.
CVE-2023-30859 1 Triton Project 1 Triton 2025-01-30 7.2 High
Triton is a Minecraft plugin for Spigot and BungeeCord that helps you translate your Minecraft server. The CustomPayload packet allows you to execute commands on the spigot/bukkit console. When you enable bungee mode in the config it will enable the bungee bridge and the server will begin to broadcast the 'triton:main' plugin channel. Using this plugin channel you are able to send a payload packet containing a byte (2) and a string (any spigot command). This could be used to make yourself a server operator and be used to extract other user information through phishing (pretending to be an admin), many servers use essentials so the /geoip command could be available to them, etc. This could also be modified to allow you to set the servers language, set another players language, etc. This issue affects those who have bungee enabled in config. This issue has been fixed in version 3.8.4.
CVE-2023-28092 1 Hp 4 Integrated Lights-out, Integrated Lights-out Firmware, Proliant Rl300 and 1 more 2025-01-30 6.1 Medium
A potential security vulnerability has been identified in HPE ProLiant RL300 Gen11 Server. The vulnerability could result in the system being vulnerable to exploits by attackers with physical access inside the server chassis.
CVE-2023-0896 1 Lenovo 2 Smart Clock Essential With Alexa Built In, Smart Clock Essential With Alexa Built In Firmware 2025-01-30 8.8 High
A default password was reported in Lenovo Smart Clock Essential with Alexa Built In that could allow unauthorized device access to an attacker with local network access.
CVE-2023-25492 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 6.3 Medium
A valid, authenticated user may be able to trigger a denial of service of the XCC web user interface or other undefined behavior through a format string injection vulnerability in a web interface API.
CVE-2023-0683 1 Lenovo 218 Thinkagile Hx1021, Thinkagile Hx1021 Firmware, Thinkagile Hx1320 and 215 more 2025-01-30 8.3 High
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call.
CVE-2024-4609 1 Rockwellautomation 1 Factorytalk View 2025-01-30 9.8 Critical
A vulnerability exists in the Rockwell Automation FactoryTalk® View SE Datalog function that could allow a threat actor to inject a malicious SQL statement if the SQL database has no authentication in place or if legitimate credentials were stolen. If exploited, the attack could result in information exposure, revealing sensitive information. Additionally, a threat actor could potentially modify and delete the data in a remote database. An attack would only affect the HMI design time, not runtime.
CVE-2024-22429 1 Dell 100 Edge Gateway 3000, Edge Gateway 3000 Firmware, Edge Gateway 5000 and 97 more 2025-01-30 7.5 High
Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution.
CVE-2024-2645 1 Netentsec 1 Application Security Gateway 2025-01-30 4.3 Medium
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2646 1 Netentsec 1 Application Security Gateway 2025-01-30 6.3 Medium
A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2022-30995 3 Acronis, Linux, Microsoft 4 Cyber Backup, Cyber Protect, Linux Kernel and 1 more 2025-01-30 7.5 High
Sensitive information disclosure due to improper authentication. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 29486, Acronis Cyber Backup 12.5 (Windows, Linux) before build 16545.
CVE-2024-13348 2025-01-30 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2025-22506 Reason: This candidate is a reservation duplicate of CVE-2025-22506. Notes: All CVE users should reference CVE-2025-22506 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-31435 1 Evasys 1 Evasys 2025-01-30 8.1 High
Multiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys before 8.2 Build 2286 and 9.x before 9.0 Build 2401 allow authenticated attackers to read and write to unauthorized data by accessing functions directly.