Search Results (120784 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-49597 1 Dell 1 Wyse Management Suite 2025-02-04 7.6 High
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass.
CVE-2024-45760 1 Dell 1 Openmanage Server Administrator 2025-02-04 4.3 Medium
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges.
CVE-2024-45761 3 Dell, Linux, Microsoft 3 Openmanage Server Administrator, Linux Kernel, Windows 2025-02-04 5.4 Medium
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service.
CVE-2024-25944 1 Dell 1 Openmanage Enterprise 2025-02-04 5.7 Medium
Dell OpenManage Enterprise, v4.0 and prior, contain(s) a path traversal vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, to gain unauthorized access to the files stored on the server filesystem, with the privileges of the running web application.
CVE-2024-22459 1 Dell 1 Elastic Cloud Storage 2025-02-04 6.8 Medium
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace
CVE-2023-25131 1 Cyberpower 1 Powerpanel 2025-02-04 9.4 Critical
Use of default password vulnerability in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to log in to the server directly to perform administrative functions. Upon installation or upon first login, the application does not ask the user to change the 'admin' password.
CVE-2023-25132 1 Cyberpower 1 Powerpanel 2025-02-04 9.1 Critical
Unrestricted upload of file with dangerous type vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
CVE-2024-30473 1 Dell 1 Elastic Cloud Storage 2025-02-04 4.9 Medium
Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points.
CVE-2023-25133 1 Cyberpower 1 Powerpanel 2025-02-04 9.1 Critical
Improper privilege management vulnerability in default.cmd file in PowerPanel Business Local/Remote for Windows v4.8.6 and earlier, PowerPanel Business Management for Windows v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 32bit v4.8.6 and earlier, PowerPanel Business Local/Remote for Linux 64bit v4.8.6 and earlier, PowerPanel Business Management for Linux 32bit v4.8.6 and earlier, PowerPanel Business Management for Linux 64bit v4.8.6 and earlier, PowerPanel Business Local/Remote for MacOS v4.8.6 and earlier, and PowerPanel Business Management for MacOS v4.8.6 and earlier allows remote attackers to execute operation system commands via unspecified vectors.
CVE-2025-0844 1 Needyamin 1 Library Card System 2025-02-04 4.3 Medium
A vulnerability was found in needyamin Library Card System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file signup.php of the component Registration Page. The manipulation of the argument firstname/lastname/email/borrow/user_address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-28974 1 Dell 5 Data Protection Advisor, Dp4400, Dp4400 Firmware and 2 more 2025-02-04 7.6 High
Dell Data Protection Advisor, version(s) 19.9, contain(s) an Inadequate Encryption Strength vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service.
CVE-2024-24908 1 Dell 2 Dm5500, Dm5500 Firmware 2025-02-04 6.5 Medium
Dell PowerProtect DM5500 version 5.15.0.0 and prior contain an Arbitrary File Delete via Path Traversal vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability to deletion of arbitrary files stored on the server filesystem.
CVE-2024-22460 1 Dell 2 Dm5500, Dm5500 Firmware 2025-02-04 2.2 Low
Dell PowerProtect DM5500 version 5.15.0.0 and prior contains an insecure deserialization Vulnerability. A remote attacker with high privileges could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable application.
CVE-2023-2245 1 Hansuncms Project 1 Hansuncms 2025-02-04 6.3 Medium
A vulnerability was found in hansunCMS 1.4.3. It has been declared as critical. This vulnerability affects unknown code of the file /ueditor/net/controller.ashx?action=catchimage. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227230 is the identifier assigned to this vulnerability.
CVE-2023-29780 1 3reality 2 3rsb015bz, 3rsb015bz Firmware 2025-02-04 7.5 High
Third Reality Smart Blind 1.00.54 contains a denial-of-service vulnerability, which allows a remote attacker to send malicious Zigbee messages to a vulnerable device and cause crashes.
CVE-2023-29566 2 Dawnsparks-node-tesseract Project, Huedawn-tesseract Project 2 Dawnsparks-node-tesseract, Huedawn-tesseract 2025-02-04 9.8 Critical
huedawn-tesseract 0.3.3 and dawnsparks-node-tesseract 0.4.0 to 0.4.1 was discovered to contain a remote code execution (RCE) vulnerability via the child_process function.
CVE-2023-25347 1 Churchcrm 1 Churchcrm 2025-02-04 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in ChurchCRM 4.5.3, allows remote attackers to inject arbitrary web script or HTML via input fields. These input fields are located in the "Title" Input Field in EventEditor.php.
CVE-2025-0846 1 1000projects 1 Employee Task Management System 2025-02-04 7.3 High
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/AdminLogin.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2023-27991 1 Zyxel 38 Atp100, Atp100 Firmware, Atp100w and 35 more 2025-02-04 8.8 High
The post-authentication command injection vulnerability in the CLI command of Zyxel ATP series firmware versions 4.32 through 5.35, USG FLEX series firmware versions 4.50 through 5.35, USG FLEX 50(W) firmware versions 4.16 through 5.35, USG20(W)-VPN firmware versions 4.16 through 5.35, and VPN series firmware versions 4.30 through 5.35, which could allow an authenticated attacker to execute some OS commands remotely.
CVE-2025-0847 1 1000projects 1 Employee Task Management System 2025-02-04 7.3 High
A vulnerability was found in 1000 Projects Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.