Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,609 matching · page 317/1633Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2025-20168(opens NVD record) | Medium | 5.4 | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | Jan 8, 2025 |
| CVE-2025-20167(opens NVD record) | Medium | 5.4 | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | Jan 8, 2025 |
| CVE-2025-20166(opens NVD record) | Medium | 5.4 | A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | Jan 8, 2025 |
| CVE-2025-20126(opens NVD record) | Medium | 4.8 | A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | Jan 8, 2025 |
| CVE-2025-20123(opens NVD record) | Medium | 4.8 | Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | Jan 8, 2025 |
| CVE-2025-21102(opens NVD record) | High | 7.5 | Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | Jan 8, 2025 |
| CVE-2024-56456(opens NVD record) | Medium | 6.8 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56455(opens NVD record) | Medium | 5.5 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56454(opens NVD record) | Medium | 5.5 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56453(opens NVD record) | Medium | 6.8 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56452(opens NVD record) | Medium | 5.5 | Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56451(opens NVD record) | High | 7.3 | Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56450(opens NVD record) | Medium | 6.3 | Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56449(opens NVD record) | Medium | 6.6 | Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56448(opens NVD record) | Medium | 6.7 | Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-54121(opens NVD record) | Medium | 6.2 | Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2024-56447(opens NVD record) | High | 7.8 | Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56446(opens NVD record) | Medium | 4.0 | Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56445(opens NVD record) | Medium | 4.3 | Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2024-56444(opens NVD record) | High | 7.5 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56443(opens NVD record) | Medium | 6.2 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56442(opens NVD record) | Medium | 5.5 | Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2024-56441(opens NVD record) | Medium | 4.1 | Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56440(opens NVD record) | Medium | 6.2 | Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2024-56439(opens NVD record) | High | 7.5 | Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56438(opens NVD record) | Medium | 6.0 | Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-56437(opens NVD record) | Medium | 5.7 | Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2024-54120(opens NVD record) | Medium | 4.1 | Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2024-47239(opens NVD record) | Medium | 6.5 | Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | Jan 8, 2025 |
| CVE-2023-52955(opens NVD record) | Medium | 6.5 | Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | Jan 8, 2025 |
| CVE-2023-52954(opens NVD record) | Medium | 4.4 | Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | Jan 8, 2025 |
| CVE-2023-52953(opens NVD record) | Medium | 6.2 | Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | Jan 8, 2025 |
| CVE-2024-56436(opens NVD record) | Medium | 5.5 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56435(opens NVD record) | Medium | 6.2 | Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jan 8, 2025 |
| CVE-2024-56434(opens NVD record) | Medium | 4.4 | UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. | Jan 8, 2025 |
| CVE-2024-40679(opens NVD record) | Medium | 5.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | Jan 8, 2025 |
| CVE-2024-53522(opens NVD record) | High | 7.5 | Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information. | Jan 7, 2025 |
| CVE-2024-50660(opens NVD record) | Critical | 9.8 | File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality | Jan 7, 2025 |
| CVE-2024-50659(opens NVD record) | Medium | 6.1 | Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. | Jan 7, 2025 |
| CVE-2024-50658(opens NVD record) | Critical | 9.8 | Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | Jan 7, 2025 |
| CVE-2024-55008(opens NVD record) | High | 7.5 | JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges. | Jan 7, 2025 |
| CVE-2024-53345(opens NVD record) | High | 8.8 | An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | Jan 7, 2025 |
| CVE-2024-48245(opens NVD record) | High | 7.2 | Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php. | Jan 7, 2025 |
| CVE-2024-46242(opens NVD record) | High | 7.5 | An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration. | Jan 7, 2025 |
| CVE-2024-40702(opens NVD record) | High | 8.2 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | Jan 7, 2025 |
| CVE-2024-28778(opens NVD record) | Medium | 6.5 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | Jan 7, 2025 |
| CVE-2024-25037(opens NVD record) | Medium | 4.3 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | Jan 7, 2025 |
| CVE-2022-22363(opens NVD record) | Medium | 4.3 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Jan 7, 2025 |
| CVE-2021-20455(opens NVD record) | Low | 3.7 | IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | Jan 7, 2025 |
| CVE-2024-45640(opens NVD record) | Medium | 5.3 | IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | Jan 7, 2025 |