Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 327/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-53597(opens NVD record) | Medium | 6.3 | masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. | Nov 25, 2024 |
| CVE-2023-45181(opens NVD record) | Medium | 6.1 | IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Nov 25, 2024 |
| CVE-2023-26280(opens NVD record) | Medium | 5.3 | IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | Nov 25, 2024 |
| CVE-2024-35160(opens NVD record) | Medium | 4.3 | IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | Nov 23, 2024 |
| CVE-2024-41761(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Nov 23, 2024 |
| CVE-2024-6233(opens NVD record) | High | 7.8 | Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677. | Nov 22, 2024 |
| CVE-2024-52998(opens NVD record) | Medium | 5.5 | Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 22, 2024 |
| CVE-2024-52723(opens NVD record) | Critical | 9.8 | In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | Nov 22, 2024 |
| CVE-2023-24467(opens NVD record) | High | 8.8 | Possible Command Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0000. | Nov 22, 2024 |
| CVE-2023-24466(opens NVD record) | High | 7.5 | Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenText™ iManager 3.2.6.0200. | Nov 22, 2024 |
| CVE-2022-26324(opens NVD record) | High | 7.6 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.6.0000. | Nov 22, 2024 |
| CVE-2021-38135(opens NVD record) | High | 8.6 | Possible External Service Interaction attack in iManager has been discovered in OpenText™ iManager 3.2.6.0000. | Nov 22, 2024 |
| CVE-2021-38134(opens NVD record) | Medium | 6.1 | Possible XSS in iManager URL for access Component has been discovered in OpenText™ iManager 3.2.5.0000. | Nov 22, 2024 |
| CVE-2021-38119(opens NVD record) | Medium | 6.1 | Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | Nov 22, 2024 |
| CVE-2021-38118(opens NVD record) | Medium | 5.5 | Possible improper input validation Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | Nov 22, 2024 |
| CVE-2021-38117(opens NVD record) | High | 8.8 | Possible Command injection Vulnerability in iManager has been discovered in OpenText™ iManager 3.2.4.0000. | Nov 22, 2024 |
| CVE-2021-38116(opens NVD record) | High | 8.8 | Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenText™ iManager. This impacts all versions before 3.2.5 | Nov 22, 2024 |
| CVE-2024-49054(opens NVD record) | Medium | 4.3 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Nov 22, 2024 |
| CVE-2024-41781(opens NVD record) | Medium | 5.1 | IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60, FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. | Nov 22, 2024 |
| CVE-2024-41779(opens NVD record) | Critical | 9.8 | IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | Nov 22, 2024 |
| CVE-2024-8932(opens NVD record) | Critical | 9.8 | In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | Nov 22, 2024 |
| CVE-2024-38296(opens NVD record) | Medium | 6.7 | Dell Edge Gateway 3200, versions prior to 15.40.30.2879, and Edge Gateway 5200, versions prior to 12.0.94.2380, contain an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | Nov 22, 2024 |
| CVE-2024-52056(opens NVD record) | Medium | 6.5 | Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file. | Nov 21, 2024 |
| CVE-2024-52055(opens NVD record) | Medium | 4.9 | Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. | Nov 21, 2024 |
| CVE-2024-52054(opens NVD record) | Low | 2.7 | Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. | Nov 21, 2024 |
| CVE-2024-52053(opens NVD record) | Critical | 9.6 | Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts. | Nov 21, 2024 |
| CVE-2024-52052(opens NVD record) | High | 7.2 | Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. | Nov 21, 2024 |
| CVE-2024-51367(opens NVD record) | Critical | 9.8 | An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. | Nov 21, 2024 |
| CVE-2024-51366(opens NVD record) | Critical | 9.8 | An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. | Nov 21, 2024 |
| CVE-2024-51364(opens NVD record) | High | 8.8 | An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. | Nov 21, 2024 |
| CVE-2024-49529(opens NVD record) | Medium | 5.5 | InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 21, 2024 |
| CVE-2024-7517(opens NVD record) | High | 7.8 | A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | Nov 21, 2024 |
| CVE-2024-45663(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1, 11.5, and 12.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | Nov 21, 2024 |
| CVE-2024-10403(opens NVD record) | High | 7.5 | Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | Nov 21, 2024 |
| CVE-2022-43937(opens NVD record) | Medium | 5.7 | Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | Nov 21, 2024 |
| CVE-2022-43936(opens NVD record) | Medium | 6.8 | Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | Nov 21, 2024 |
| CVE-2022-43935(opens NVD record) | Medium | 5.3 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | Nov 21, 2024 |
| CVE-2022-43934(opens NVD record) | Medium | 6.5 | Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | Nov 21, 2024 |
| CVE-2022-43933(opens NVD record) | Medium | 4.4 | An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | Nov 21, 2024 |
| CVE-2024-52725(opens NVD record) | Medium | 4.9 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | Nov 20, 2024 |
| CVE-2024-9653(opens NVD record) | Medium | 6.1 | The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | Nov 20, 2024 |
| CVE-2024-52360(opens NVD record) | High | 7.6 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | Nov 19, 2024 |
| CVE-2024-52359(opens NVD record) | Medium | 4.3 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | Nov 19, 2024 |
| CVE-2024-37070(opens NVD record) | Medium | 4.3 | IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | Nov 19, 2024 |
| CVE-2024-11395(opens NVD record) | High | 8.8 | Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | Nov 19, 2024 |
| CVE-2024-52714(opens NVD record) | Critical | 9.8 | Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. | Nov 19, 2024 |
| CVE-2024-51503(opens NVD record) | High | 8.0 | A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | Nov 19, 2024 |
| CVE-2024-50803(opens NVD record) | Medium | 5.4 | The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges | Nov 19, 2024 |
| CVE-2024-50298(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VF is enabled. However, net_device_ops::ndo_set_vf_mac() may be called before VF is enabled to configure the MAC address of VF. If this is the case, enetc_pf_set_vf_mac() will access vf_state, resulting in access to a null pointer. The simplified error log is as follows. root@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89 [ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 [ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy [ 173.641973] lr : do_setlink+0x4a8/0xec8 [ 173.732292] Call trace: [ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80 [ 173.738847] __rtnl_newlink+0x530/0x89c [ 173.742692] rtnl_newlink+0x50/0x7c [ 173.746189] rtnetlink_rcv_msg+0x128/0x390 [ 173.750298] netlink_rcv_skb+0x60/0x130 [ 173.754145] rtnetlink_rcv+0x18/0x24 [ 173.757731] netlink_unicast+0x318/0x380 [ 173.761665] netlink_sendmsg+0x17c/0x3c8 | Nov 19, 2024 |
| CVE-2024-21287(opens NVD record) | High | 7.5 | Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | Nov 18, 2024 |