Search Results (366890 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-24594 1 F5 20 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 17 more 2025-01-29 5.3 Medium
When an SSL profile is configured on a Virtual Server, undisclosed traffic can cause an increase in CPU or SSL accelerator resource utilization.   Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-27378 1 F5 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more 2025-01-29 7.5 High
Multiple reflected cross-site scripting (XSS) vulnerabilities exist in undisclosed pages of the BIG-IP Configuration utility which allow an attacker to run JavaScript in the context of the currently logged-in user.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2023-28406 1 F5 19 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 16 more 2025-01-29 4.3 Medium
A directory traversal vulnerability exists in an undisclosed page of the BIG-IP Configuration utility which may allow an authenticated attacker to read files with .xml extension. Access to restricted information is limited and the attacker does not control what information is obtained.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-47978 1 Dell 1 Nativeedge Orchestrator 2025-01-29 7.8 High
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges.
CVE-2024-52535 1 Dell 2 Supportassist For Business Pcs, Supportassist For Home Pcs 2025-01-29 7.1 High
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system.
CVE-2024-53291 1 Dell 1 Nativeedge Orchestrator 2025-01-29 7.5 High
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-52543 1 Dell 1 Nativeedge Orchestrator 2025-01-29 6.5 Medium
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-37204 1 Wp-property-hive 1 Propertyhive 2025-01-29 4.3 Medium
Missing Authorization vulnerability in PropertyHive PropertyHive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PropertyHive: from n/a through 2.0.9.
CVE-2023-31803 1 Chamilo 1 Chamilo Lms 2025-01-29 4.8 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the resource sequencing parameters.
CVE-2023-31802 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skype and linedin_url parameters.
CVE-2023-31801 1 Chamilo 1 Chamilo Lms 2025-01-29 6.1 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the skills wheel parameter.
CVE-2023-31800 1 Chamilo 1 Chamilo Lms 2025-01-29 5.4 Medium
Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter.
CVE-2023-31284 1 Illumos 1 Illumos-gate 2025-01-29 7.8 High
illumos illumos-gate before 676abcb has a stack buffer overflow in /dev/net, leading to privilege escalation via a stat on a long file name in /dev/net.
CVE-2023-31099 1 Zohocorp 1 Manageengine Opmanager 2025-01-29 8.8 High
Zoho ManageEngine OPManager through 126323 allows an authenticated user to achieve remote code execution via probe servers.
CVE-2023-30399 1 Garo 6 Wallbox Glb, Wallbox Glb Firmware, Wallbox Gtb and 3 more 2025-01-29 8.1 High
Insecure permissions in the settings page of GARO Wallbox GLB/GTB/GTC before v189 allows attackers to redirect users to a crafted update package link via a man-in-the-middle attack.
CVE-2023-30331 1 Beetl Project 1 Beetl 2025-01-29 9.8 Critical
An issue in the render function of beetl v3.15.0 allows attackers to execute server-side template injection (SSTI) via a crafted payload.
CVE-2023-30328 1 Mailbutler 1 Shimo 2025-01-29 9.8 Critical
An issue in the helper tool of Mailbutler GmbH Shimo VPN Client for macOS v5.0.4 allows attackers to bypass authentication via PID re-use.
CVE-2023-30282 1 Prestashop 1 Scexportcustomers 2025-01-29 7.5 High
PrestaShop scexportcustomers <= 3.6.1 is vulnerable to Incorrect Access Control. Due to a lack of permissions' control, a guest can access exports from the module which can lead to leak of personal information from customer table.
CVE-2023-30268 2 Cltphp, Microsoft 2 Cltphp, Windows 2025-01-29 9.8 Critical
CLTPHP <=6.0 is vulnerable to Improper Input Validation.
CVE-2023-30264 1 Cltphp 1 Cltphp 2025-01-29 9.8 Critical
CLTPHP <=6.0 is vulnerable to Unrestricted Upload of File with Dangerous Type via application/admin/controller/Template.php:update.