Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 367/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-38489(opens NVD record) | Low | 3.1 | Dell iDRAC Service Module version 5.3.0.0 and prior contains Out of bound write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service (partial) event. | Aug 1, 2024 |
| CVE-2024-38481(opens NVD record) | Medium | 4.8 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | Aug 1, 2024 |
| CVE-2024-28972(opens NVD record) | Medium | 5.9 | Dell InsightIQ, Verion 5.0.0, contains a use of a broken or risky cryptographic algorithm vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to information disclosure. | Aug 1, 2024 |
| CVE-2024-25948(opens NVD record) | Medium | 4.8 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain a Out of bound Write Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | Aug 1, 2024 |
| CVE-2024-5678(opens NVD record) | Medium | 4.7 | Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. | Aug 1, 2024 |
| CVE-2024-25947(opens NVD record) | Medium | 4.8 | Dell iDRAC Service Module version 5.3.0.0 and prior, contain an Out of bound Read Vulnerability. A privileged local attacker could execute arbitrary code potentially resulting in a denial of service event. | Aug 1, 2024 |
| CVE-2024-38182(opens NVD record) | Critical | 9.0 | Weak authentication in Microsoft Dynamics 365 allows an unauthenticated attacker to elevate privileges over a network. | Jul 31, 2024 |
| CVE-2024-37135(opens NVD record) | Low | 3.3 | DM5500 5.16.0.0, contains an information disclosure vulnerability. A local attacker with high privileges could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application with privileges of the compromised account. | Jul 31, 2024 |
| CVE-2024-37142(opens NVD record) | High | 7.3 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | Jul 31, 2024 |
| CVE-2024-37129(opens NVD record) | Medium | 6.7 | Dell Inventory Collector, versions prior to 12.3.0.6 contains a Path Traversal vulnerability. A local authenticated malicious user could potentially exploit this vulnerability, leading to arbitrary code execution on the system. | Jul 31, 2024 |
| CVE-2024-37127(opens NVD record) | High | 7.8 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | Jul 31, 2024 |
| CVE-2024-32857(opens NVD record) | High | 7.3 | Dell Peripheral Manager, versions prior to 1.7.6, contain an uncontrolled search path element vulnerability. An attacker could potentially exploit this vulnerability through preloading malicious DLL or symbolic link exploitation, leading to arbitrary code execution and escalation of privilege | Jul 31, 2024 |
| CVE-2023-28074(opens NVD record) | Medium | 6.2 | Dell BSAFE Crypto-C Micro Edition, version 4.1.5, and Dell BSAFE Micro Edition Suite, versions 4.0 through 4.6.1 and version 5.0, contains an Out-of-bounds Read vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | Jul 31, 2024 |
| CVE-2024-5486(opens NVD record) | Medium | 5.8 | A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager | Jul 30, 2024 |
| CVE-2024-41916(opens NVD record) | Medium | 6.8 | A vulnerability exists in ClearPass Policy Manager that allows for an attacker with administrative privileges to access sensitive information in a cleartext format. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. | Jul 30, 2024 |
| CVE-2024-41915(opens NVD record) | High | 7.2 | A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster. | Jul 30, 2024 |
| CVE-2023-38001(opens NVD record) | Medium | 6.5 | IBM Aspera Orchestrator 4.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 260206. | Jul 30, 2024 |
| CVE-2023-26289(opens NVD record) | Medium | 5.4 | IBM Aspera Orchestrator 4.0.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 248478. | Jul 30, 2024 |
| CVE-2023-26288(opens NVD record) | Medium | 5.5 | IBM Aspera Orchestrator 4.0.1 does not invalidate session after a password change which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 248477. | Jul 30, 2024 |
| CVE-2022-33167(opens NVD record) | Low | 3.7 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerability to obtain sensitive information from the cookie. IBM X-Force ID: 228587. | Jul 30, 2024 |
| CVE-2024-38909(opens NVD record) | Critical | 9.8 | Studio 42 elFinder 2.1.64 is vulnerable to Incorrect Access Control. Copying files with an unauthorized extension between server directories allows an arbitrary attacker to expose secrets, perform RCE, etc. | Jul 30, 2024 |
| CVE-2024-37859(opens NVD record) | Medium | 6.1 | Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the page parameter to php-lfis/admin/index.php. | Jul 29, 2024 |
| CVE-2024-37858(opens NVD record) | Critical | 9.8 | SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the id parameter to php-lfis/admin/categories/manage_category.php. | Jul 29, 2024 |
| CVE-2024-37857(opens NVD record) | High | 8.8 | SQL Injection vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via id parameter to php-lfis/admin/categories/view_category.php. | Jul 29, 2024 |
| CVE-2024-37856(opens NVD record) | Medium | 5.4 | Cross Site Scripting vulnerability in Lost and Found Information System 1.0 allows a remote attacker to escalate privileges via the first, last, middle name fields in the User Profile page. | Jul 29, 2024 |
| CVE-2024-42079(opens NVD record) | Medium | 5.5 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix NULL pointer dereference in gfs2_log_flush In gfs2_jindex_free(), set sdp->sd_jdesc to NULL under the log flush lock to provide exclusion against gfs2_log_flush(). In gfs2_log_flush(), check if sdp->sd_jdesc is non-NULL before dereferencing it. Otherwise, we could run into a NULL pointer dereference when outstanding glock work races with an unmount (glock_work_func -> run_queue -> do_xmote -> inode_go_sync -> gfs2_log_flush). | Jul 29, 2024 |
| CVE-2024-41624(opens NVD record) | Medium | 6.3 | Incorrect access control in Himalaya Xiaoya nano smart speaker rom_version 1.6.96 allows a remote attacker to have an unspecified impact. | Jul 29, 2024 |
| CVE-2024-6576(opens NVD record) | High | 7.3 | Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Privilege Escalation.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.12, from 2023.1.0 before 2023.1.7, from 2024.0.0 before 2024.0.3. | Jul 29, 2024 |
| CVE-2024-37381(opens NVD record) | High | 8.0 | An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2024 flat allows an authenticated attacker within the same network to execute arbitrary code. | Jul 29, 2024 |
| CVE-2024-41628(opens NVD record) | High | 7.5 | Directory Traversal vulnerability in Severalnines Cluster Control 1.9.8 before 1.9.8-9778, 2.0.0 before 2.0.0-9779, and 2.1.0 before 2.1.0-9780 allows a remote attacker to include and display file content in an HTTP request via the CMON API. | Jul 26, 2024 |
| CVE-2024-38872(opens NVD record) | High | 8.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the monitoring module. | Jul 26, 2024 |
| CVE-2024-38871(opens NVD record) | High | 8.3 | Zohocorp ManageEngine Exchange Reporter Plus versions 5717 and below are vulnerable to the authenticated SQL injection in the reports module. | Jul 26, 2024 |
| CVE-2024-40689(opens NVD record) | Medium | 6.0 | IBM InfoSphere Information Server 11.7 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. IBM X-Force ID: 297719. | Jul 26, 2024 |
| CVE-2024-38103(opens NVD record) | Medium | 5.9 | Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | Jul 25, 2024 |
| CVE-2024-28772(opens NVD record) | Medium | 6.8 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 285645. | Jul 25, 2024 |
| CVE-2022-32759(opens NVD record) | Medium | 5.3 | IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565. | Jul 25, 2024 |
| CVE-2024-39674(opens NVD record) | Medium | 6.2 | Plaintext vulnerability in the Gallery search module. Impact: Successful exploitation of this vulnerability will affect availability. | Jul 25, 2024 |
| CVE-2024-39673(opens NVD record) | Medium | 6.8 | Vulnerability of serialisation/deserialisation mismatch in the iAware module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jul 25, 2024 |
| CVE-2024-39672(opens NVD record) | High | 8.4 | Memory request logic vulnerability in the memory module. Impact: Successful exploitation of this vulnerability will affect integrity and availability. | Jul 25, 2024 |
| CVE-2024-39671(opens NVD record) | Critical | 9.3 | Access control vulnerability in the security verification module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jul 25, 2024 |
| CVE-2024-39670(opens NVD record) | Medium | 6.2 | Privilege escalation vulnerability in the account synchronisation module. Impact: Successful exploitation of this vulnerability will affect availability. | Jul 25, 2024 |
| CVE-2023-7271(opens NVD record) | Medium | 5.5 | Privilege escalation vulnerability in the NMS module Impact: Successful exploitation of this vulnerability will affect availability. | Jul 25, 2024 |
| CVE-2024-37084(opens NVD record) | Critical | 9.8 | In Spring Cloud Data Flow versions prior to 2.11.4, a malicious user who has access to the Skipper server api can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server | Jul 25, 2024 |
| CVE-2024-6972(opens NVD record) | Medium | 6.5 | In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text. | Jul 25, 2024 |
| CVE-2024-4811(opens NVD record) | Low | 2.2 | In affected versions of Octopus Server under certain conditions, a user with specific role assignments can access restricted project artifacts. | Jul 25, 2024 |
| CVE-2024-41136(opens NVD record) | Medium | 6.8 | An authenticated command injection vulnerability exists in the HPE Aruba Networking EdgeConnect SD-WAN gateways Command Line Interface. Successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. | Jul 24, 2024 |
| CVE-2024-40495(opens NVD record) | High | 8.0 | A vulnerability was discovered in Linksys Router E2500 with firmware 2.0.00, allows authenticated attackers to execute arbitrary code via the hnd_parentalctrl_unblock function. | Jul 24, 2024 |
| CVE-2024-37533(opens NVD record) | Low | 2.4 | IBM InfoSphere Information Server 11.7 could disclose sensitive user information to another user with physical access to the machine. IBM X-Force ID: 294727. | Jul 24, 2024 |
| CVE-2024-7079(opens NVD record) | Medium | 6.5 | A flaw was found in the Openshift console. The /API/helm/verify endpoint is tasked to fetch and verify the installation of a Helm chart from a URI that is remote HTTP/HTTPS or local. Access to this endpoint is gated by the authHandlerWithUser() middleware function. Contrary to its name, this middleware function does not verify the validity of the user's credentials. As a result, unauthenticated users can access this endpoint. | Jul 24, 2024 |
| CVE-2024-40575(opens NVD record) | Medium | 5.5 | An issue in Huawei Technologies opengauss (openGauss 5.0.0 build) v.7.3.0 allows a local attacker to cause a denial of service via the modification of table attributes | Jul 24, 2024 |