Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 378/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-38082(opens NVD record) | Medium | 4.7 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Jun 20, 2024 |
| CVE-2024-37674(opens NVD record) | Medium | 5.5 | Cross Site Scripting vulnerability in Moodle CMS v3.10 allows a remote attacker to execute arbitrary code via the Field Name (name parameter) of a new activity. | Jun 20, 2024 |
| CVE-2024-37626(opens NVD record) | High | 8.8 | A command injection issue in TOTOLINK A6000R V1.0.1-B20201211.2000 firmware allows a remote attacker to execute arbitrary code via the iface parameter in the vif_enable function. | Jun 20, 2024 |
| CVE-2024-37676(opens NVD record) | High | 8.4 | An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the Header_populateFromSettings function. | Jun 20, 2024 |
| CVE-2024-37532(opens NVD record) | High | 8.8 | IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to identity spoofing by an authenticated user due to improper signature validation. IBM X-Force ID: 294721. | Jun 20, 2024 |
| CVE-2024-29013(opens NVD record) | Medium | 6.5 | Heap-based buffer overflow vulnerability in the SonicOS SSL-VPN allows an authenticated remote attacker to cause Denial of Service (DoS) via memcpy function. | Jun 20, 2024 |
| CVE-2024-29012(opens NVD record) | High | 7.5 | Stack-based buffer overflow vulnerability in the SonicOS HTTP server allows an authenticated remote attacker to cause Denial of Service (DoS) via sscanf function. | Jun 20, 2024 |
| CVE-2024-38329(opens NVD record) | High | 7.7 | IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this vulnerability to change its settings, trigger backups, restore backups, and also delete all previous backups via log rotation. IBM X-Force ID: 294994. | Jun 19, 2024 |
| CVE-2024-37821(opens NVD record) | High | 8.8 | An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL file. | Jun 18, 2024 |
| CVE-2023-47726(opens NVD record) | High | 7.1 | IBM QRadar Suite Software 1.10.12.0 through 1.10.21.0 and IBM Cloud Pak for Security 1.10.12.0 through 1.10.21.0 could allow an authenticated user to execute certain arbitrary commands due to improper input validation. IBM X-Force ID: 272087. | Jun 18, 2024 |
| CVE-2024-37081(opens NVD record) | High | 7.8 | The vCenter Server contains multiple local privilege escalation vulnerabilities due to misconfiguration of sudo. An authenticated local user with non-administrative privileges may exploit these issues to elevate privileges to root on vCenter Server Appliance. | Jun 18, 2024 |
| CVE-2024-37080(opens NVD record) | Critical | 9.8 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | Jun 18, 2024 |
| CVE-2024-37079(opens NVD record) | Critical | 9.8 | vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a specially crafted network packet potentially leading to remote code execution. | Jun 18, 2024 |
| CVE-2023-37058(opens NVD record) | Critical | 9.8 | Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted command. | Jun 17, 2024 |
| CVE-2023-37057(opens NVD record) | Critical | 9.8 | An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication mechanism. | Jun 17, 2024 |
| CVE-2024-37891(opens NVD record) | Medium | 4.4 | urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with `ProxyManager`, the `Proxy-Authorization` header is only sent to the configured proxy, as expected. However, when sending HTTP requests *without* using urllib3's proxy support, it's possible to accidentally configure the `Proxy-Authorization` header even though it won't have any effect as the request is not using a forwarding proxy or a tunneling proxy. In those cases, urllib3 doesn't treat the `Proxy-Authorization` HTTP header as one carrying authentication material and thus doesn't strip the header on cross-origin redirects. Because this is a highly unlikely scenario, we believe the severity of this vulnerability is low for almost all users. Out of an abundance of caution urllib3 will automatically strip the `Proxy-Authorization` header during cross-origin redirects to avoid the small chance that users are doing this on accident. Users should use urllib3's proxy support or disable automatic redirects to achieve safe processing of the `Proxy-Authorization` header, but we still decided to strip the header by default in order to further protect users who aren't using the correct approach. We believe the number of usages affected by this advisory is low. It requires all of the following to be true to be exploited: 1. Setting the `Proxy-Authorization` header without using urllib3's built-in proxy support. 2. Not disabling HTTP redirects. 3. Either not using an HTTPS origin server or for the proxy or target origin to redirect to a malicious origin. Users are advised to update to either version 1.26.19 or version 2.2.2. Users unable to upgrade may use the `Proxy-Authorization` header with urllib3's `ProxyManager`, disable HTTP redirects using `redirects=False` when sending requests, or not user the `Proxy-Authorization` header as mitigations. | Jun 17, 2024 |
| CVE-2024-36543(opens NVD record) | Critical | 9.8 | Incorrect access control in the Kafka Connect REST API in the STRIMZI Project 0.41.0 and earlier allows an attacker to deny the service for Kafka Mirroring, potentially mirror the topics' content to his Kafka cluster via a malicious connector (bypassing Kafka ACL if it exists), and potentially steal Kafka SASL credentials, by querying the MirrorMaker Kafka REST API. | Jun 17, 2024 |
| CVE-2023-27636(opens NVD record) | Medium | 5.4 | Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor. | Jun 16, 2024 |
| CVE-2024-31870(opens NVD record) | Low | 3.3 | IBM Db2 for i 7.2, 7.3, 7.4, and 7.5 supplies user defined table function is vulnerable to user enumeration by a local authenticated attacker, without having authority to the related *USRPRF objects. This can be used by a malicious actor to gather information about users that can be targeted in further attacks. IBM X-Force ID: 287174. | Jun 15, 2024 |
| CVE-2024-27275(opens NVD record) | High | 7.4 | IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability caused by an insufficient authority requirement. A local user without administrator privilege can configure a physical file trigger to execute with the privileges of a user socially engineered to access the target file. The correction is to require administrator privilege to configure trigger support. | Jun 15, 2024 |
| CVE-2024-21988(opens NVD record) | Medium | 5.3 | StorageGRID (formerly StorageGRID Webscale) versions prior to 11.7.0.9 and 11.8.0.5 are susceptible to disclosure of sensitive information via complex MiTM attacks due to a vulnerability in the SSH cryptographic implementation. | Jun 14, 2024 |
| CVE-2024-5465(opens NVD record) | Medium | 5.9 | Function vulnerabilities in the Calendar module Impact: Successful exploitation of this vulnerability will affect availability. | Jun 14, 2024 |
| CVE-2024-5464(opens NVD record) | Medium | 4.0 | Vulnerability of insufficient permission verification in the NearLink module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jun 14, 2024 |
| CVE-2024-36503(opens NVD record) | High | 7.3 | Memory management vulnerability in the Gralloc module Impact: Successful exploitation of this vulnerability will affect availability. | Jun 14, 2024 |
| CVE-2024-36502(opens NVD record) | High | 7.9 | Out-of-bounds read vulnerability in the audio module Impact: Successful exploitation of this vulnerability will affect availability. | Jun 14, 2024 |
| CVE-2024-36501(opens NVD record) | Medium | 5.6 | Memory management vulnerability in the boottime module Impact: Successful exploitation of this vulnerability can affect integrity. | Jun 14, 2024 |
| CVE-2024-36500(opens NVD record) | High | 7.8 | Privilege escalation vulnerability in the AMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jun 14, 2024 |
| CVE-2024-36499(opens NVD record) | Medium | 6.8 | Vulnerability of unauthorized screenshot capturing in the WMS module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | Jun 14, 2024 |
| CVE-2024-0103(opens NVD record) | Medium | 5.4 | NVIDIA Triton Inference Server for Linux contains a vulnerability where a user may cause an incorrect Initialization of resource by network issue. A successful exploit of this vulnerability may lead to information disclosure. | Jun 13, 2024 |
| CVE-2024-0095(opens NVD record) | Critical | 9.0 | NVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where a user can inject forged logs and executable commands by injecting arbitrary data as a new log entry. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | Jun 13, 2024 |
| CVE-2024-0093(opens NVD record) | Medium | 6.5 | NVIDIA GPU software for Linux contains a vulnerability where it can expose sensitive information to an actor that is not explicitly authorized to have access to that information. A successful exploit of this vulnerability might lead to information disclosure. | Jun 13, 2024 |
| CVE-2024-0092(opens NVD record) | Medium | 5.5 | NVIDIA GPU Driver for Windows and Linux contains a vulnerability where an improper check or improper handling of exception conditions might lead to denial of service. | Jun 13, 2024 |
| CVE-2024-0091(opens NVD record) | High | 7.8 | NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability where a user can cause an untrusted pointer dereference by executing a driver API. A successful exploit of this vulnerability might lead to denial of service, information disclosure, and data tampering. | Jun 13, 2024 |
| CVE-2024-0090(opens NVD record) | High | 7.8 | NVIDIA GPU driver for Windows and Linux contains a vulnerability where a user can cause an out-of-bounds write. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | Jun 13, 2024 |
| CVE-2024-0089(opens NVD record) | High | 7.8 | NVIDIA GPU Display Driver for Windows contains a vulnerability where the information from a previous client or another process could be disclosed. A successful exploit of this vulnerability might lead to code execution, information disclosure, or data tampering. | Jun 13, 2024 |
| CVE-2024-0086(opens NVD record) | Medium | 5.5 | NVIDIA vGPU software for Linux contains a vulnerability where the software can dereference a NULL pointer. A successful exploit of this vulnerability might lead to denial of service and undefined behavior in the vGPU plugin. | Jun 13, 2024 |
| CVE-2024-0085(opens NVD record) | Medium | 6.3 | NVIDIA vGPU software for Windows and Linux contains a vulnerability where unprivileged users could execute privileged operations on the host. A successful exploit of this vulnerability might lead to data tampering, escalation of privileges, and denial of service. | Jun 13, 2024 |
| CVE-2024-0084(opens NVD record) | High | 7.8 | NVIDIA vGPU software for Linux contains a vulnerability in the Virtual GPU Manager, where the guest OS could execute privileged operations. A successful exploit of this vulnerability might lead to information disclosure, data tampering, escalation of privileges, and denial of service. | Jun 13, 2024 |
| CVE-2024-38083(opens NVD record) | Medium | 4.3 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Jun 13, 2024 |
| CVE-2024-30058(opens NVD record) | Medium | 5.4 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | Jun 13, 2024 |
| CVE-2024-30057(opens NVD record) | Medium | 5.4 | Microsoft Edge for iOS Spoofing Vulnerability | Jun 13, 2024 |
| CVE-2024-29169(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal audit REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | Jun 13, 2024 |
| CVE-2024-37131(opens NVD record) | High | 7.5 | SCG Policy Manager, all versions, contains an overly permissive Cross-Origin Resource Policy (CORP) vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to the execution of malicious actions on the application in the context of the authenticated user. | Jun 13, 2024 |
| CVE-2024-29168(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.22.00.00, contain a SQL Injection Vulnerability in the SCG UI for an internal assets REST API. A remote authenticated attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing potential unauthorized access and modification of application data. | Jun 13, 2024 |
| CVE-2024-28969(opens NVD record) | Medium | 4.3 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources. | Jun 13, 2024 |
| CVE-2024-28968(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | Jun 13, 2024 |
| CVE-2024-28967(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | Jun 13, 2024 |
| CVE-2024-28966(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | Jun 13, 2024 |
| CVE-2024-28965(opens NVD record) | Medium | 5.4 | Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal enable REST API (if enabled by Admin user from UI). A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain Internal APIs applicable only for Admin Users on the application's backend database that could potentially allow an unauthorized user access to restricted resources and change of state. | Jun 13, 2024 |
| CVE-2024-25052(opens NVD record) | Medium | 4.4 | IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363. | Jun 13, 2024 |