Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 368/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-22444(opens NVD record) | Medium | 6.1 | A vulnerability within the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victims browser in the context of the affected interface. | Jul 24, 2024 |
| CVE-2024-41914(opens NVD record) | High | 8.1 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. | Jul 24, 2024 |
| CVE-2024-22443(opens NVD record) | High | 7.2 | A vulnerability in the web-based management interface of EdgeConnect SD-WAN Orchestrator could allow an authenticated remote attacker to conduct a server-side prototype pollution attack. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands on the underlying operating system leading to complete system compromise. | Jul 24, 2024 |
| CVE-2024-6327(opens NVD record) | Critical | 9.9 | In Progress® Telerik® Report Server versions prior to 2024 Q2 (10.1.24.709), a remote code execution attack is possible through an insecure deserialization vulnerability. | Jul 24, 2024 |
| CVE-2024-6096(opens NVD record) | High | 8.8 | In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | Jul 24, 2024 |
| CVE-2023-32471(opens NVD record) | Medium | 6.0 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds read vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability to read contents of stack memory and use this information for further exploits. | Jul 24, 2024 |
| CVE-2023-32466(opens NVD record) | Medium | 5.7 | Dell Edge Gateway BIOS, versions 3200 and 5200, contains an out-of-bounds write vulnerability. A local authenticated malicious user with high privileges could potentially exploit this vulnerability leading to exposure of some UEFI code, leading to arbitrary code execution or escalation of privilege. | Jul 24, 2024 |
| CVE-2024-38176(opens NVD record) | High | 8.1 | An improper restriction of excessive authentication attempts in GroupMe allows a unauthenticated attacker to elevate privileges over a network. | Jul 23, 2024 |
| CVE-2024-38164(opens NVD record) | Critical | 9.6 | An improper access control vulnerability in GroupMe allows an a unauthenticated attacker to elevate privileges over a network by convincing a user to click on a malicious link. | Jul 23, 2024 |
| CVE-2024-41836(opens NVD record) | Medium | 5.5 | InDesign Desktop versions ID18.5.2, ID19.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could lead to an application denial-of-service (DoS) condition. An attacker could exploit this vulnerability to crash the application, resulting in a DoS. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jul 23, 2024 |
| CVE-2024-6913(opens NVD record) | High | 8.8 | Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0. | Jul 22, 2024 |
| CVE-2024-6912(opens NVD record) | Critical | 9.8 | Use of hard-coded MSSQL credentials in PerkinElmer ProcessPlus on Windows allows an attacker to login remove on all prone installations.This issue affects ProcessPlus: through 1.11.6507.0. | Jul 22, 2024 |
| CVE-2024-32152(opens NVD record) | Low | 3.1 | A blocklist bypass vulnerability exists in the LaTeX functionality of Ankitects Anki 24.04. A specially crafted malicious flashcard can lead to an arbitrary file creation at a fixed path. An attacker can share a malicious flashcard to trigger this vulnerability. | Jul 22, 2024 |
| CVE-2024-37391(opens NVD record) | High | 7.8 | ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant('{autopf}\Proton\Drive') + '"' in Setup/setup.iss. | Jul 22, 2024 |
| CVE-2024-41597(opens NVD record) | Medium | 4.2 | Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to insert a comment. NOTE: this is disputed by the Supplier because the product intentionally accepts anonymous, unauthenticated comments and thus there are fewer situations in which CSRF would be a useful attack technique. Also, the submitted comments are, by default, held for moderator review. | Jul 19, 2024 |
| CVE-2024-38156(opens NVD record) | Medium | 6.1 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Jul 19, 2024 |
| CVE-2024-38302(opens NVD record) | Medium | 6.8 | Dell Data Lakehouse, version(s) 1.0.0.0, contain(s) a Missing Encryption of Sensitive Data vulnerability in the DDAE (Starburst). A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Information disclosure. | Jul 18, 2024 |
| CVE-2024-30473(opens NVD record) | Medium | 4.9 | Dell ECS, versions prior to 3.8.1, contain a privilege elevation vulnerability in user management. A remote high privileged attacker could potentially exploit this vulnerability, gaining access to unauthorized end points. | Jul 18, 2024 |
| CVE-2023-50304(opens NVD record) | High | 7.1 | IBM Engineering Requirements Management DOORS Web Access 9.7.2.8 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 273335. | Jul 18, 2024 |
| CVE-2024-40898(opens NVD record) | High | 7.5 | SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue. | Jul 18, 2024 |
| CVE-2024-40764(opens NVD record) | High | 7.5 | Heap-based buffer overflow vulnerability in the SonicOS IPSec VPN allows an unauthenticated remote attacker to cause Denial of Service (DoS). | Jul 18, 2024 |
| CVE-2024-29014(opens NVD record) | High | 8.8 | Vulnerability in SonicWall SMA100 NetExtender Windows (32 and 64-bit) client 10.2.339 and earlier versions allows an attacker to arbitrary code execution when processing an EPC Client update. | Jul 18, 2024 |
| CVE-2024-28796(opens NVD record) | Medium | 6.4 | IBM ClearQuest (CQ) 9.1 through 9.1.0.6 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 286833. | Jul 17, 2024 |
| CVE-2023-42010(opens NVD record) | Low | 3.1 | IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 could disclose sensitive information in the HTTP response using man in the middle techniques. IBM X-Force ID: 265507. | Jul 17, 2024 |
| CVE-2024-20435(opens NVD record) | High | 8.8 | A vulnerability in the CLI of Cisco AsyncOS for Secure Web Appliance could allow an authenticated, local attacker to execute arbitrary commands and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the CLI. An attacker could exploit this vulnerability by authenticating to the system and executing a crafted command on the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system and elevate privileges to root. To successfully exploit this vulnerability, an attacker would need at least guest credentials. | Jul 17, 2024 |
| CVE-2024-20429(opens NVD record) | Medium | 6.5 | A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to the affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with root privileges. To successfully exploit this vulnerability, an attacker would need at least valid Operator credentials. | Jul 17, 2024 |
| CVE-2024-20419(opens NVD record) | Critical | 10.0 | A vulnerability in the authentication system of Cisco Smart Software Manager On-Prem (SSM On-Prem) could allow an unauthenticated, remote attacker to change the password of any user, including administrative users. This vulnerability is due to improper implementation of the password-change process. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow an attacker to access the web UI or API with the privileges of the compromised user. | Jul 17, 2024 |
| CVE-2024-20401(opens NVD record) | Critical | 9.8 | A vulnerability in the content scanning and message filtering features of Cisco Secure Email Gateway could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying operating system. This vulnerability is due to improper handling of email attachments when file analysis and content filters are enabled. An attacker could exploit this vulnerability by sending an email that contains a crafted attachment through an affected device. A successful exploit could allow the attacker to replace any file on the underlying file system. The attacker could then perform any of the following actions: add users with root privileges, modify the device configuration, execute arbitrary code, or cause a permanent denial of service (DoS) condition on the affected device. Note: Manual intervention is required to recover from the DoS condition. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition. | Jul 17, 2024 |
| CVE-2024-20400(opens NVD record) | Medium | 4.7 | A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this vulnerability by intercepting and modifying an HTTP request from a user. A successful exploit could allow the attacker to redirect the user to a malicious web page. Note: Cisco Expressway Series refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. | Jul 17, 2024 |
| CVE-2024-20396(opens NVD record) | Medium | 5.3 | A vulnerability in the protocol handlers of Cisco Webex App could allow an unauthenticated, remote attacker to gain access to sensitive information. This vulnerability exists because the affected application does not safely handle file protocol handlers. An attacker could exploit this vulnerability by persuading a user to follow a link that is designed to cause the application to send requests. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture sensitive information, including credential information, from the requests. | Jul 17, 2024 |
| CVE-2024-20395(opens NVD record) | Medium | 6.4 | A vulnerability in the media retrieval functionality of Cisco Webex App could allow an unauthenticated, adjacent attacker to gain access to sensitive session information. This vulnerability is due to insecure transmission of requests to backend services when the app accesses embedded media, such as images. An attacker could exploit this vulnerability by sending a message with embedded media that is stored on a messaging server to a targeted user. If the attacker can observe transmitted traffic in a privileged network position, a successful exploit could allow the attacker to capture session token information from insecurely transmitted requests and possibly reuse the captured session information to take further actions as the targeted user. | Jul 17, 2024 |
| CVE-2024-20323(opens NVD record) | High | 7.5 | A vulnerability in Cisco Intelligent Node (iNode) Software could allow an unauthenticated, remote attacker to hijack the TLS connection between Cisco iNode Manager and associated intelligent nodes and send arbitrary traffic to an affected device. This vulnerability is due to the presence of hard-coded cryptographic material. An attacker in a man-in-the-middle position between Cisco iNode Manager and associated deployed nodes could exploit this vulnerability by using the static cryptographic key to generate a trusted certificate and impersonate an affected device. A successful exploit could allow the attacker to read data that is meant for a legitimate device, modify the startup configuration of an associated node, and, consequently, cause a denial of service (DoS) condition for downstream devices that are connected to the affected node. | Jul 17, 2024 |
| CVE-2024-20296(opens NVD record) | Medium | 4.7 | A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected device. This vulnerability is due to improper validation of files that are uploaded to the web-based management interface. An attacker could exploit this vulnerability by uploading arbitrary files to an affected device. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. | Jul 17, 2024 |
| CVE-2024-28993(opens NVD record) | High | 7.6 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | Jul 17, 2024 |
| CVE-2024-28992(opens NVD record) | High | 7.6 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | Jul 17, 2024 |
| CVE-2024-28074(opens NVD record) | Critical | 9.6 | It was discovered that a previous vulnerability was not completely fixed with SolarWinds Access Rights Manager. While some controls were implemented the researcher was able to bypass these and use a different method to exploit the vulnerability. | Jul 17, 2024 |
| CVE-2024-23475(opens NVD record) | Critical | 9.6 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | Jul 17, 2024 |
| CVE-2024-23474(opens NVD record) | High | 7.6 | The SolarWinds Access Rights Manager was found to be susceptible to an Arbitrary File Deletion and Information Disclosure vulnerability. | Jul 17, 2024 |
| CVE-2024-23472(opens NVD record) | Critical | 9.6 | SolarWinds Access Rights Manager (ARM) is susceptible to Directory Traversal vulnerability. This vulnerability allows an authenticated user to arbitrary read and delete files in ARM. | Jul 17, 2024 |
| CVE-2024-23471(opens NVD record) | Critical | 9.6 | The SolarWinds Access Rights Manager was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service resulting in remote code execution. | Jul 17, 2024 |
| CVE-2024-23470(opens NVD record) | Critical | 9.6 | The SolarWinds Access Rights Manager was found to be susceptible to a pre-authentication remote code execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to run commands and executables. | Jul 17, 2024 |
| CVE-2024-23469(opens NVD record) | Critical | 9.6 | SolarWinds Access Rights Manager (ARM) is susceptible to a Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | Jul 17, 2024 |
| CVE-2024-23468(opens NVD record) | High | 7.6 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform arbitrary file deletion and leak sensitive information. | Jul 17, 2024 |
| CVE-2024-23467(opens NVD record) | Critical | 9.6 | The SolarWinds Access Rights Manager was susceptible to a Directory Traversal and Information Disclosure Vulnerability. This vulnerability allows an unauthenticated user to perform remote code execution. | Jul 17, 2024 |
| CVE-2024-23466(opens NVD record) | Critical | 9.6 | SolarWinds Access Rights Manager (ARM) is susceptible to a Directory Traversal Remote Code Execution vulnerability. If exploited, this vulnerability allows an unauthenticated user to perform the actions with SYSTEM privileges. | Jul 17, 2024 |
| CVE-2024-23465(opens NVD record) | High | 8.3 | The SolarWinds Access Rights Manager was found to be susceptible to an authentication bypass vulnerability. This vulnerability allows an unauthenticated user to gain domain admin access within the Active Directory environment. | Jul 17, 2024 |
| CVE-2024-5471(opens NVD record) | High | 8.8 | Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to agent takeover vulnerability due to the hard-coded sensitive keys. | Jul 17, 2024 |
| CVE-2024-27311(opens NVD record) | Medium | 5.5 | Zohocorp ManageEngine DDI Central versions 4001 and prior were vulnerable to directory traversal vulnerability which allows the user to upload new files to the server folder. | Jul 17, 2024 |
| CVE-2024-6535(opens NVD record) | Medium | 5.3 | A flaw was found in Skupper. When Skupper is initialized with the console-enabled and with console-auth set to Openshift, it configures the openshift oauth-proxy with a static cookie-secret. In certain circumstances, this may allow an attacker to bypass authentication to the Skupper console via a specially-crafted cookie. | Jul 17, 2024 |
| CVE-2024-21188(opens NVD record) | Medium | 6.1 | Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Supported versions that are affected are 6.0.0.0.0 and 6.1.0.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Revenue Management and Billing. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financial Services Revenue Management and Billing, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Revenue Management and Billing accessible data as well as unauthorized read access to a subset of Oracle Financial Services Revenue Management and Billing accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). | Jul 16, 2024 |