Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
81,908 matching · page 354/1639Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-38221(opens NVD record) | Medium | 4.3 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Sep 19, 2024 |
| CVE-2024-33109(opens NVD record) | Critical | 9.9 | Directory Traversal in the web interface of the Tiptel IP 286 with firmware version 2.61.13.10 allows attackers to overwrite arbitrary files on the phone via the Ringtone upload function. | Sep 19, 2024 |
| CVE-2024-8963(opens NVD record) | Critical | 9.4 | Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality. | Sep 19, 2024 |
| CVE-2024-38016(opens NVD record) | High | 7.8 | Microsoft Office Visio Remote Code Execution Vulnerability | Sep 19, 2024 |
| CVE-2024-8883(opens NVD record) | Medium | 6.1 | A misconfiguration flaw was found in Keycloak. This issue can allow an attacker to redirect users to an arbitrary URL if a 'Valid Redirect URI' is set to http://localhost or http://127.0.0.1, enabling sensitive information such as authorization codes to be exposed to the attacker, potentially leading to session hijacking. | Sep 19, 2024 |
| CVE-2024-8354(opens NVD record) | Medium | 5.5 | A flaw was found in QEMU. An assertion failure was present in the usb_ep_get() function in hw/net/core.c when trying to get the USB endpoint from a USB device. This flaw may allow a malicious unprivileged guest user to crash the QEMU process on the host and cause a denial of service condition. | Sep 19, 2024 |
| CVE-2024-7254(opens NVD record) | High | 7.5 | Any project that parses untrusted Protocol Buffers data containing an arbitrary number of nested groups / series of SGROUP tags can corrupted by exceeding the stack limit i.e. StackOverflow. Parsing nested groups as unknown fields with DiscardUnknownFieldsParser or Java Protobuf Lite parser, or against Protobuf map fields, creates unbounded recursions that can be abused by an attacker. | Sep 19, 2024 |
| CVE-2024-43188(opens NVD record) | Medium | 4.9 | IBM Business Automation Workflow 22.0.2, 23.0.1, 23.0.2, and 24.0.0 could allow a privileged user to perform unauthorized activities due to improper client side validation. | Sep 18, 2024 |
| CVE-2024-46786(opens NVD record) | High | 7.8 | In the Linux kernel, the following vulnerability has been resolved: fscache: delete fscache_cookie_lru_timer when fscache exits to avoid UAF The fscache_cookie_lru_timer is initialized when the fscache module is inserted, but is not deleted when the fscache module is removed. If timer_reduce() is called before removing the fscache module, the fscache_cookie_lru_timer will be added to the timer list of the current cpu. Afterwards, a use-after-free will be triggered in the softIRQ after removing the fscache module, as follows: ================================================================== BUG: unable to handle page fault for address: fffffbfff803c9e9 PF: supervisor read access in kernel mode PF: error_code(0x0000) - not-present page PGD 21ffea067 P4D 21ffea067 PUD 21ffe6067 PMD 110a7c067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G W 6.11.0-rc3 #855 Tainted: [W]=WARN RIP: 0010:__run_timer_base.part.0+0x254/0x8a0 Call Trace: <IRQ> tmigr_handle_remote_up+0x627/0x810 __walk_groups.isra.0+0x47/0x140 tmigr_handle_remote+0x1fa/0x2f0 handle_softirqs+0x180/0x590 irq_exit_rcu+0x84/0xb0 sysvec_apic_timer_interrupt+0x6e/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 default_idle_call+0x38/0x60 do_idle+0x2b5/0x300 cpu_startup_entry+0x54/0x60 start_secondary+0x20d/0x280 common_startup_64+0x13e/0x148 </TASK> Modules linked in: [last unloaded: netfs] ================================================================== Therefore delete fscache_cookie_lru_timer when removing the fscahe module. | Sep 18, 2024 |
| CVE-2024-37985(opens NVD record) | Medium | 5.9 | Windows Kernel Information Disclosure Vulnerability | Sep 17, 2024 |
| CVE-2024-43460(opens NVD record) | High | 8.1 | Improper authorization in Dynamics 365 Business Central resulted in a vulnerability that allows an authenticated attacker to elevate privileges over a network. | Sep 17, 2024 |
| CVE-2024-38183(opens NVD record) | Critical | 9.8 | An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network. | Sep 17, 2024 |
| CVE-2024-38813(opens NVD record) | High | 7.5 | The vCenter Server contains a privilege escalation vulnerability. A malicious actor with network access to vCenter Server may trigger this vulnerability to escalate privileges to root by sending a specially crafted network packet. | Sep 17, 2024 |
| CVE-2024-38812(opens NVD record) | Critical | 9.8 | The vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | Sep 17, 2024 |
| CVE-2024-8752(opens NVD record) | High | 7.5 | The Windows version of WebIQ 2.15.9 is affected by a directory traversal vulnerability that allows remote attackers to read any file on the system. | Sep 16, 2024 |
| CVE-2024-38315(opens NVD record) | Medium | 6.3 | IBM Aspera Shares 1.0 through 1.10.0 PL3 does not invalidate session after a password reset which could allow an authenticated user to impersonate another user on the system. | Sep 16, 2024 |
| CVE-2024-42025(opens NVD record) | High | 7.8 | A Command Injection vulnerability found in a Self-Hosted UniFi Network Servers (Linux) with UniFi Network Application (Version 8.3.32 and earlier) allows a malicious actor with unifi user shell access to escalate privileges to root on the host device. | Sep 13, 2024 |
| CVE-2024-45109(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-45108(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-43760(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-43756(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.4, 25.11 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-45112(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Type Confusion vulnerability that could result in arbitrary code execution in the context of the current user. This issue occurs when a resource is accessed using a type that is not compatible with the actual object type, leading to a logic error that an attacker could exploit. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-45111(opens NVD record) | Medium | 5.5 | Illustrator versions 28.6, 27.9.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-43759(opens NVD record) | Medium | 5.5 | Illustrator versions 28.6, 27.9.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS). An attacker could exploit this vulnerability to crash the application, resulting in a DoS condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-43758(opens NVD record) | High | 7.8 | Illustrator versions 28.6, 27.9.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41869(opens NVD record) | High | 7.8 | Acrobat Reader versions 24.002.21005, 24.001.30159, 20.005.30655, 24.003.20054 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41867(opens NVD record) | Medium | 5.5 | After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41859(opens NVD record) | High | 7.8 | After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41857(opens NVD record) | High | 7.8 | Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39385(opens NVD record) | Medium | 5.5 | Premiere Pro versions 24.5, 23.6.8 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39384(opens NVD record) | High | 7.8 | Premiere Pro versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39382(opens NVD record) | Medium | 5.5 | After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39381(opens NVD record) | High | 7.8 | After Effects versions 23.6.6, 24.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39380(opens NVD record) | High | 7.8 | After Effects versions 23.6.6, 24.5 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-34121(opens NVD record) | High | 7.8 | Illustrator versions 28.6, 27.9.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41873(opens NVD record) | Medium | 5.5 | Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41872(opens NVD record) | Medium | 5.5 | Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41871(opens NVD record) | Medium | 5.5 | Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-41870(opens NVD record) | Medium | 5.5 | Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-39377(opens NVD record) | High | 7.8 | Media Encoder versions 24.5, 23.6.8 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Sep 13, 2024 |
| CVE-2024-43180(opens NVD record) | Medium | 4.3 | IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | Sep 13, 2024 |
| CVE-2024-8751(opens NVD record) | High | 7.5 | A vulnerability allows a remote unauthenticated attacker to modify the prod uct’s IP address over the Sopas ET interface. This can lead to a Denial of Service attack. | Sep 12, 2024 |
| CVE-2024-20430(opens NVD record) | High | 7.3 | A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. This vulnerability is due to incorrect handling of directory search paths at runtime. A low-privileged attacker could exploit this vulnerability by placing both malicious configuration files and malicious DLL files on an affected system, which would read and execute the files when Cisco Meraki SM launches on startup. A successful exploit could allow the attacker to execute arbitrary code on the affected system with SYSTEM privileges. | Sep 12, 2024 |
| CVE-2024-45383(opens NVD record) | Medium | 5.0 | A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to a local denial-of-service. An attacker can execute malicious script/application to trigger this vulnerability. | Sep 12, 2024 |
| CVE-2024-45182(opens NVD record) | Medium | 5.5 | An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service. | Sep 12, 2024 |
| CVE-2024-45181(opens NVD record) | High | 7.8 | An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption. | Sep 12, 2024 |
| CVE-2024-34336(opens NVD record) | Medium | 5.3 | User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality. | Sep 12, 2024 |
| CVE-2024-34335(opens NVD record) | Medium | 6.1 | ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page. | Sep 12, 2024 |
| CVE-2024-34334(opens NVD record) | High | 7.5 | ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function. | Sep 12, 2024 |
| CVE-2024-6658(opens NVD record) | High | 8.4 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) From 7.2.49.0 to 7.2.54.11 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.11 and all prior versions ECS All prior versions to 7.2.60.0 (inclusive) | Sep 12, 2024 |