Search Results (367197 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-0436 2025-01-18 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2020-0040 2025-01-18 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2021-0937 2025-01-17 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-20128 2025-01-17 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-0303 2025-01-17 N/A
Further investigation determines issue is not a vulnerability
CVE-2021-21158 2025-01-17 N/A
Further investigation determines issue is not within scope of this CNA
CVE-2021-0447 2025-01-17 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2021-0323 2025-01-17 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2020-0402 2025-01-17 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-8291 1 Concretecms 1 Concrete Cms 2025-01-17 4.8 Medium
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color.  A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete CMS Security Team gave this a CVSS v4 score of 5.1 with vector https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N. Thanks,  Alexey Solovyev for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
CVE-2024-4353 1 Concretecms 1 Concrete Cms 2025-01-17 4.8 Medium
Concrete CMS versions 9.0.0 through 9.3.2 are affected by a stored XSS vulnerability in the generate dashboard board instance functionality. The Name input field does not check the input sufficiently letting a rogue administrator have the capability to inject malicious JavaScript code. The Concrete CMS security team gave this vulnerability a CVSS v4 score of 4.6 with a vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N. Concrete versions below 9 are not affected by this vulnerability.Thanks fhAnso for reporting. (CNA updated this risk rank on 17 Jan 2025 by lowering the AC based on CVSS 4.0 documentation that access privileges should not be considered for AC).
CVE-2023-25953 1 Worksmobile 1 Drive Explorer 2025-01-17 9 Critical
Code injection vulnerability in Drive Explorer for macOS versions 3.5.4 and earlier allows an attacker who can login to the client where the affected product is installed to inject arbitrary code while processing the product execution. Since a full disk access privilege is required to execute LINE WORKS Drive Explorer, the attacker may be able to read and/or write to arbitrary files without the access privileges.
CVE-2023-0623 1 Hornerautomation 1 Cscape Envision Rv 2025-01-17 7.8 High
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2023-0622 1 Hornerautomation 1 Cscape Envision Rv 2025-01-17 7.8 High
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds write vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in writes past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2023-0621 1 Hornerautomation 1 Cscape Envision Rv 2025-01-17 7.8 High
Cscape Envision RV version 4.60 is vulnerable to an out-of-bounds read vulnerability when parsing project (i.e. HMI) files. The product lacks proper validation of user-supplied data, which could result in reads past the end of allocated data structures. An attacker could leverage these vulnerabilities to execute arbitrary code in the context of the current process.
CVE-2022-46732 1 Ge 1 Proficy Historian 2025-01-17 9.8 Critical
Even if the authentication fails for local service authentication, the requested command could still execute regardless of authentication status.
CVE-2022-46300 1 Visam 1 Vbase Automation Base 2025-01-17 5.5 Medium
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVE-2022-45468 1 Visam 1 Vbase Automation Base 2025-01-17 5.5 Medium
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVE-2022-45121 1 Visam 1 Vbase Automation Base 2025-01-17 5.5 Medium
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.
CVE-2022-43512 1 Visam 1 Vbase Automation Base 2025-01-17 5.5 Medium
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file.