Search Results (120766 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-26005 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 4.8 Medium
An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. 
CVE-2024-26004 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.5 High
An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality.
CVE-2024-26003 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 7.5 High
An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. 
CVE-2024-25997 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 5.3 Medium
An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected.
CVE-2024-25996 1 Phoenixcontact 8 Charx Sec-3000, Charx Sec-3000 Firmware, Charx Sec-3050 and 5 more 2025-01-23 5.3 Medium
An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user.
CVE-2024-26264 1 Ebmtech 1 Risweb 2025-01-23 9.8 Critical
EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records.
CVE-2023-28078 1 Dell 1 Smartfabric Os10 2025-01-23 9.1 Critical
Dell OS10 Networking Switches running 10.5.2.x and above contain a vulnerability with zeroMQ when VLT is configured. A remote unauthenticated attacker could potentially exploit this vulnerability leading to information disclosure and a possible Denial of Service when a huge number of requests are sent to the switch. This is a high severity vulnerability as it allows an attacker to view sensitive data. Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-32484 1 Dell 1 Enterprise Sonic Distribution 2025-01-23 9.8 Critical
Dell Networking Switches running Enterprise SONiC versions 4.1.0, 4.0.5, 3.5.4 and below contains an improper input validation vulnerability. A remote unauthenticated malicious user may exploit this vulnerability and escalate privileges up to the highest administrative level. This is a Critical vulnerability affecting certain protocols, Dell recommends customers to upgrade at the earliest opportunity.
CVE-2023-39244 1 Dell 1 Enterprise Storage Integrator For Sap Landscape Management 2025-01-23 7.3 High
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
CVE-2023-39245 1 Dell 1 Enterprise Storage Integrator For Sap Landscape Management 2025-01-23 9.8 Critical
DELL ESI (Enterprise Storage Integrator) for SAP LAMA, version 10.0, contains an information disclosure vulnerability in EHAC component. An remote unauthenticated attacker could potentially exploit this vulnerability by eavesdropping the network traffic to gain admin level credentials.
CVE-2024-22425 1 Dell 1 Recoverpoint For Virtual Machines 2025-01-23 6.5 Medium
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner.
CVE-2024-22426 1 Dell 1 Recoverpoint For Virtual Machines 2025-01-23 7.2 High
Dell RecoverPoint for Virtual Machines 5.3.x, 6.0.SP1 contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise.
CVE-2023-31857 1 Oretnom23 1 Online Computer And Laptop Store 2025-01-23 9.8 Critical
Sourcecodester Online Computer and Laptop Store 1.0 allows unrestricted file upload and can lead to remote code execution. The vulnerability path is /classes/Users.php?f=save.
CVE-2023-28308 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28307 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28306 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28296 1 Microsoft 3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022 2025-01-23 7.8 High
Visual Studio Remote Code Execution Vulnerability
CVE-2023-28256 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28278 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability
CVE-2023-28255 1 Microsoft 5 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 2 more 2025-01-23 6.6 Medium
Windows DNS Server Remote Code Execution Vulnerability