Search Results (366588 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-2662 1 Xpdfreader 1 Xpdf 2025-01-24 2.9 Low
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
CVE-2023-29983 1 Companymaps Project 1 Companymaps 2025-01-24 5.4 Medium
Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.
CVE-2023-29820 1 Webroot 1 Secureanywhere 2025-01-24 5.5 Medium
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to access sensitive information via the EXE installer. NOTE: the vendor's perspective is that this is not a separate vulnerability relative to CVE-2023-29818 and CVE-2023-29819.
CVE-2023-29819 1 Webroot 1 Secureanywhere 2025-01-24 5.5 Medium
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via a crafted payload.
CVE-2023-29818 1 Webroot 1 Secureanywhere 2025-01-24 5.5 Medium
An issue found in Webroot SecureAnywhere Endpoint Protection CE 23.1 v.9.0.33.39 and before allows a local attacker to bypass protections via the default allowlist feature being stored as non-admin.
CVE-2023-29809 1 Companymaps Project 1 Companymaps 2025-01-24 9.8 Critical
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.
CVE-2023-29808 1 Companymaps Project 1 Companymaps 2025-01-24 6.1 Medium
Cross Site Scripting (XSS) vulnerability in vogtmh cmaps (companymaps) 8.0 allows attackers to execute arbitrary code.
CVE-2023-20719 2 Google, Mediatek 27 Android, Mt6580, Mt6739 and 24 more 2025-01-24 4.4 Medium
In pqframework, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629583; Issue ID: ALPS07629583.
CVE-2020-13378 1 Loadbalancer 1 Enterprise Va Max 2025-01-24 8.8 High
Loadbalancer.org Enterprise VA MAX through 8.3.8 has an OS Command Injection vulnerability that allows a remote authenticated attacker to execute arbitrary code.
CVE-2020-13377 1 Loadbalancer 1 Enterprise Va Max 2025-01-24 8.1 High
The web-services interface of Loadbalancer.org Enterprise VA MAX through 8.3.8 could allow an authenticated, remote, low-privileged attacker to conduct directory traversal attacks and obtain read and write access to sensitive files.
CVE-2023-2676 1 H3c 2 Magic R160, Magic R160 Firmware 2025-01-24 5.5 Medium
A vulnerability, which was classified as critical, has been found in H3C R160 V1004004. Affected by this issue is some unknown functionality of the file /goForm/aspForm. The manipulation of the argument go leads to stack-based buffer overflow. The exploit has been disclosed to the public and may be used. VDB-228890 is the identifier assigned to this vulnerability.
CVE-2024-7634 1 F5 2 Nginx Agent, Nginx Instance Manager 2025-01-24 4.9 Medium
NGINX Agent's "config_dirs" restriction feature allows a highly privileged attacker to gain the ability to write/overwrite files outside of the designated secure directory.
CVE-2023-28522 1 Ibm 1 Api Connect 2025-01-24 4.3 Medium
IBM API Connect V10 could allow an authenticated user to perform actions that they should not have access to. IBM X-Force ID: 250585.
CVE-2023-28520 1 Ibm 1 Planning Analytics Local 2025-01-24 6.4 Medium
IBM Planning Analytics Local 2.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 250454.
CVE-2023-39990 1 Strangerstudios 1 Paid Memberships Pro 2025-01-24 5.4 Medium
Missing Authorization vulnerability in Paid Memberships Pro.This issue affects Paid Memberships Pro: from n/a through 1.2.3.
CVE-2024-5919 1 Paloaltonetworks 1 Pan-os 2025-01-24 6.5 Medium
A blind XML External Entities (XXE) injection vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated attacker to exfiltrate arbitrary files from firewalls to an attacker controlled server. This attack requires network access to the firewall management interface.
CVE-2024-5917 1 Paloaltonetworks 2 Cloud Ngfw, Pan-os 2025-01-24 4.9 Medium
A server-side request forgery in PAN-OS software enables an authenticated attacker with administrative privileges to use the administrative web interface as a proxy, which enables the attacker to view internal network resources not otherwise accessible.
CVE-2024-2552 1 Paloaltonetworks 1 Pan-os 2025-01-24 6.0 Medium
A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions in the management plane and delete files on the firewall.
CVE-2024-23607 1 F5 2 F5os-a, F5os-c 2025-01-24 5.5 Medium
A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
CVE-2024-2551 1 Paloaltonetworks 1 Pan-os 2025-01-24 7.5 High
A null pointer dereference vulnerability in Palo Alto Networks PAN-OS software enables an unauthenticated attacker to stop a core system service on the firewall by sending a crafted packet through the data plane that causes a denial of service (DoS) condition. Repeated attempts to trigger this condition result in the firewall entering maintenance mode.