Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,503 matching · page 333/691Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-38264(opens NVD record) | Medium | 5.9 | Microsoft Virtual Hard Disk (VHDX) Denial of Service Vulnerability | Nov 12, 2024 |
| CVE-2024-38255(opens NVD record) | High | 8.8 | SQL Server Native Client Remote Code Execution Vulnerability | Nov 12, 2024 |
| CVE-2024-38203(opens NVD record) | Medium | 6.2 | Windows Package Library Manager Information Disclosure Vulnerability | Nov 12, 2024 |
| CVE-2024-9843(opens NVD record) | Medium | 5.0 | A buffer over-read in Ivanti Secure Access Client before 22.7R4 allows a local unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-9842(opens NVD record) | High | 7.3 | Incorrect permissions in Ivanti Secure Access Client before version 22.7R4 allows a local authenticated attacker to create arbitrary folders. | Nov 12, 2024 |
| CVE-2024-8539(opens NVD record) | High | 7.1 | Improper authorization in Ivanti Secure Access Client before version 22.7R3 allows a local authenticated attacker to modify sensitive configuration files. | Nov 12, 2024 |
| CVE-2024-7571(opens NVD record) | High | 7.8 | Incorrect permissions in Ivanti Secure Access Client before 22.7R4 allows a local authenticated attacker to escalate their privileges. | Nov 12, 2024 |
| CVE-2024-49528(opens NVD record) | High | 7.8 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 12, 2024 |
| CVE-2024-49527(opens NVD record) | Medium | 5.5 | Animate versions 23.0.7, 24.0.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 12, 2024 |
| CVE-2024-49526(opens NVD record) | High | 7.8 | Animate versions 23.0.7, 24.0.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 12, 2024 |
| CVE-2024-49514(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.3, 25.11 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Nov 12, 2024 |
| CVE-2024-11006(opens NVD record) | Critical | 9.1 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-11005(opens NVD record) | Critical | 9.1 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-11004(opens NVD record) | Medium | 6.1 | Reflected XSS in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to obtain admin privileges. User interaction is required. | Nov 12, 2024 |
| CVE-2024-9420(opens NVD record) | High | 8.8 | A use-after-free in Ivanti Connect Secure before version 22.7R2.3 and 9.1R18.9 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker to achieve remote code execution | Nov 12, 2024 |
| CVE-2024-8495(opens NVD record) | High | 7.5 | A null pointer dereference in Ivanti Connect Secure before version 22.7R2.1 and Ivanti Policy Secure before version 22.7R1.1 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-50331(opens NVD record) | High | 7.5 | An out-of-bounds read vulnerability in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to leak sensitive information in memory. | Nov 12, 2024 |
| CVE-2024-50330(opens NVD record) | Critical | 9.8 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-50329(opens NVD record) | High | 8.8 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote unauthenticated attacker to achieve remote code execution. User interaction is required. | Nov 12, 2024 |
| CVE-2024-50328(opens NVD record) | High | 7.2 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-50327(opens NVD record) | High | 7.2 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-50326(opens NVD record) | High | 7.2 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-50324(opens NVD record) | High | 7.2 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-50323(opens NVD record) | High | 7.8 | SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | Nov 12, 2024 |
| CVE-2024-50322(opens NVD record) | High | 7.8 | Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required. | Nov 12, 2024 |
| CVE-2024-50321(opens NVD record) | High | 7.5 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-50320(opens NVD record) | High | 7.5 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-50319(opens NVD record) | High | 7.5 | An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-50318(opens NVD record) | High | 7.5 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-50317(opens NVD record) | High | 7.5 | A null pointer dereference in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-47909(opens NVD record) | Medium | 4.9 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-47907(opens NVD record) | High | 7.5 | A stack-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-47906(opens NVD record) | High | 7.8 | Excessive binary privileges in Ivanti Connect Secure before version 22.7R2.3 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.2 (Not Applicable to 9.1Rx) allows a local authenticated attacker to escalate privileges. | Nov 12, 2024 |
| CVE-2024-47905(opens NVD record) | Medium | 4.9 | A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to cause a denial of service. | Nov 12, 2024 |
| CVE-2024-47535(opens NVD record) | Medium | 5.5 | Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. An unsafe reading of environment file could potentially cause a denial of service in Netty. When loaded on an Windows application, Netty attempts to load a file that does not exist. If an attacker creates such a large file, the Netty application crashes. This vulnerability is fixed in 4.1.115. | Nov 12, 2024 |
| CVE-2024-11007(opens NVD record) | Critical | 9.1 | Command injection in Ivanti Connect Secure before version 22.7R2.1 (Not Applicable to 9.1Rx) and Ivanti Policy Secure before version 22.7R1.1 (Not Applicable to 9.1Rx) allows a remote authenticated attacker with admin privileges to achieve remote code execution. | Nov 12, 2024 |
| CVE-2024-49560(opens NVD record) | High | 7.8 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a command injection vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution. | Nov 12, 2024 |
| CVE-2024-49558(opens NVD record) | High | 7.8 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Privilege Management vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | Nov 12, 2024 |
| CVE-2024-49557(opens NVD record) | High | 7.8 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Nov 12, 2024 |
| CVE-2024-48838(opens NVD record) | Low | 3.3 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) a Files or Directories Accessible to External Parties vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Filesystem access for attacker. | Nov 12, 2024 |
| CVE-2024-48837(opens NVD record) | High | 7.8 | Dell SmartFabric OS10 Software, version(s) 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command execution | Nov 12, 2024 |
| CVE-2024-49395(opens NVD record) | Medium | 5.3 | In mutt and neomutt, PGP encryption does not use the --hidden-recipient mode which may leak the Bcc email header field by inferring from the recipients info. | Nov 12, 2024 |
| CVE-2024-49394(opens NVD record) | Medium | 5.3 | In mutt and neomutt the In-Reply-To email header field is not protected by cryptographic signing which allows an attacker to reuse an unencrypted but signed email message to impersonate the original sender. | Nov 12, 2024 |
| CVE-2024-49393(opens NVD record) | Medium | 6.5 | In neomutt and mutt, the To and Cc email headers are not validated by cryptographic signing which allows an attacker that intercepts a message to change their value and include himself as a one of the recipients to compromise message confidentiality. | Nov 12, 2024 |
| CVE-2024-52533(opens NVD record) | Critical | 9.8 | gio/gsocks4aproxy.c in GNOME GLib before 2.82.1 has an off-by-one error and resultant buffer overflow because SOCKS4_CONN_MSG_LEN is not sufficient for a trailing '\0' character. | Nov 11, 2024 |
| CVE-2024-25254(opens NVD record) | Critical | 9.8 | SuperScan v4.1 was discovered to contain a buffer overflow via the Hostname/IP parameter. | Nov 11, 2024 |
| CVE-2024-45087(opens NVD record) | Medium | 4.8 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Nov 11, 2024 |
| CVE-2024-45088(opens NVD record) | Medium | 6.4 | IBM Maximo Asset Management 7.6.1.3 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | Nov 11, 2024 |
| CVE-2024-50808(opens NVD record) | High | 8.8 | SeaCms 13.1 is vulnerable to code injection in the notification module of the member message notification module in the backend user module, due to unsafe handling of the "notify" variable in admin_notify.php. | Nov 8, 2024 |
| CVE-2024-21994(opens NVD record) | Medium | 4.3 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.9 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to a service crash. | Nov 8, 2024 |