Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 379/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2024-22333(opens NVD record) | Low | 3.3 | IBM Maximo Asset Management 7.6.1.3 and IBM Maximo Application Suite 8.10 and 8.11 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 279973. | Jun 13, 2024 |
| CVE-2024-32860(opens NVD record) | High | 7.5 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Jun 13, 2024 |
| CVE-2024-32859(opens NVD record) | High | 7.5 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Jun 13, 2024 |
| CVE-2024-32858(opens NVD record) | High | 7.5 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution. | Jun 13, 2024 |
| CVE-2024-32856(opens NVD record) | Medium | 5.1 | Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | Jun 13, 2024 |
| CVE-2024-30472(opens NVD record) | High | 7.5 | Telemetry Dashboard v1.0.0.8 for Dell ThinOS 2402 contains a sensitive information disclosure vulnerability. An unauthenticated user with local access to the device could exploit this vulnerability leading to information disclosure. | Jun 13, 2024 |
| CVE-2024-20753(opens NVD record) | High | 7.8 | Photoshop Desktop versions 24.7.3, 25.7 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | Jun 13, 2024 |
| CVE-2024-4176(opens NVD record) | Medium | 4.1 | An Cross site scripting vulnerability in the EDR XConsole before this release allowed an attacker to potentially leverage an XSS/HTML-Injection using command line variables. A malicious threat actor could execute commands on the victim's browser for sending carefully crafted malicious links to the EDR XConsole end user. | Jun 13, 2024 |
| CVE-2024-5661(opens NVD record) | Medium | 6.0 | An issue has been identified in both XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR which may allow a malicious administrator of a guest VM to cause the host to become slow and/or unresponsive. | Jun 13, 2024 |
| CVE-2024-31881(opens NVD record) | Medium | 6.5 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash when using a specially crafted query on certain columnar tables by an authenticated user. IBM X-Force ID: 287613. | Jun 12, 2024 |
| CVE-2023-29267(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5is vulnerable to a denial of service, under specific configurations, as the server may crash when using a specially crafted SQL statement by an authenticated user. IBM X-Force ID: 287612. | Jun 12, 2024 |
| CVE-2024-28762(opens NVD record) | Medium | 5.3 | IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 285246. | Jun 12, 2024 |
| CVE-2024-5909(opens NVD record) | Medium | 5.5 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a low privileged local Windows user to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then to perform malicious activity. | Jun 12, 2024 |
| CVE-2024-5908(opens NVD record) | High | 7.5 | A problem with the Palo Alto Networks GlobalProtect app can result in exposure of encrypted user credentials, used for connecting to GlobalProtect, in application logs. Normally, these application logs are only viewable by local users and are included when generating logs for troubleshooting purposes. This means that these encrypted credentials are exposed to recipients of the application logs. | Jun 12, 2024 |
| CVE-2024-5907(opens NVD record) | High | 7.0 | A privilege escalation (PE) vulnerability in the Palo Alto Networks Cortex XDR agent on Windows devices enables a local user to execute programs with elevated privileges. However, execution does require the local user to successfully exploit a race condition, which makes this vulnerability difficult to exploit. | Jun 12, 2024 |
| CVE-2024-5906(opens NVD record) | Medium | 4.8 | A cross-site scripting (XSS) vulnerability in Palo Alto Networks Prisma Cloud Compute software enables a malicious administrator with add/edit permissions for identity providers to store a JavaScript payload using the web interface on Prisma Cloud Compute. This enables a malicious administrator to perform actions in the context of another user's browser when accessed by that other user. | Jun 12, 2024 |
| CVE-2024-5905(opens NVD record) | Medium | 4.4 | A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local low privileged Windows user to disrupt some functionality of the agent. However, they are not able to disrupt Cortex XDR agent protection mechanisms using this vulnerability. | Jun 12, 2024 |
| CVE-2024-37304(opens NVD record) | Medium | 6.1 | NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. When a user inputs a Markdown autolink such as `<javascript:alert(1)>`, the link is rendered without proper sanitization. This means that the JavaScript code within the autolink can be executed by the browser, leading to an XSS attack. Version 2024.05.28 contains a patch for this issue. | Jun 12, 2024 |
| CVE-2024-36265(opens NVD record) | Critical | 9.8 | ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. An attacker can bypass authentication by sending specially crafted REST requests. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | Jun 12, 2024 |
| CVE-2024-28964(opens NVD record) | High | 7.8 | Dell Common Event Enabler, version 8.9.10.0 and prior, contain an insecure deserialization vulnerability in CAVATools. A local unauthenticated attacker could potentially exploit this vulnerability, leading to arbitrary code execution in the context of the logged in user. Exploitation of this issue requires a victim to open a malicious file. | Jun 12, 2024 |
| CVE-2024-5891(opens NVD record) | Medium | 4.2 | A vulnerability was found in Quay. If an attacker can obtain the client ID for an application, they can use an OAuth token to authenticate despite not having access to the organization from which the application was created. This issue is limited to authentication and not authorization. However, in configurations where endpoints rely only on authentication, a user may authenticate to applications they otherwise have no access to. | Jun 12, 2024 |
| CVE-2024-25949(opens NVD record) | High | 8.8 | Dell OS10 Networking Switches, versions10.5.6.x, 10.5.5.x, 10.5.4.x and 10.5.3.x ,contain an improper authorization vulnerability. A remote authenticated attacker could potentially exploit this vulnerability leading to escalation of privileges. | Jun 12, 2024 |
| CVE-2024-5742(opens NVD record) | Medium | 6.7 | A vulnerability was found in GNU Nano that allows a possible privilege escalation through an insecure temporary file. If Nano is killed while editing, a file it saves to an emergency file with the permissions of the running user provides a window of opportunity for attackers to escalate privileges through a malicious symlink. | Jun 12, 2024 |
| CVE-2024-5154(opens NVD record) | High | 8.1 | A flaw was found in cri-o. A malicious container can create a symbolic link to arbitrary files on the host via directory traversal (“../“). This flaw allows the container to read and write to arbitrary files on the host system. | Jun 12, 2024 |
| CVE-2024-3183(opens NVD record) | High | 8.1 | A vulnerability was found in FreeIPA in a way when a Kerberos TGS-REQ is encrypted using the client’s session key. This key is different for each new session, which protects it from brute force attacks. However, the ticket it contains is encrypted using the target principal key directly. For user principals, this key is a hash of a public per-principal randomly-generated salt and the user’s password. If a principal is compromised it means the attacker would be able to retrieve tickets encrypted to any principal, all of them being encrypted by their own key directly. By taking these tickets and salts offline, the attacker could run brute force attacks to find character strings able to decrypt tickets when combined to a principal salt (i.e. find the principal’s password). | Jun 12, 2024 |
| CVE-2024-2698(opens NVD record) | High | 8.8 | A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule. | Jun 12, 2024 |
| CVE-2024-28970(opens NVD record) | Medium | 4.7 | Dell Client BIOS contains an Out-of-bounds Write vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to platform denial of service. | Jun 12, 2024 |
| CVE-2024-0160(opens NVD record) | Medium | 6.8 | Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS. | Jun 12, 2024 |
| CVE-2024-36702(opens NVD record) | High | 7.4 | libiec61850 v1.5 was discovered to contain a heap overflow via the BerEncoder_encodeLength function at /asn1/ber_encoder.c. | Jun 11, 2024 |
| CVE-2024-37325(opens NVD record) | High | 8.1 | Azure Science Virtual Machine (DSVM) Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35265(opens NVD record) | High | 7.0 | Windows Perception Service Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35263(opens NVD record) | Medium | 5.7 | Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability | Jun 11, 2024 |
| CVE-2024-35255(opens NVD record) | Medium | 5.5 | Azure Identity Libraries and Microsoft Authentication Library Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35254(opens NVD record) | High | 7.1 | Azure Monitor Agent Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35253(opens NVD record) | Medium | 4.4 | Microsoft Azure File Sync Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35252(opens NVD record) | High | 7.5 | Azure Storage Movement Client Library Denial of Service Vulnerability | Jun 11, 2024 |
| CVE-2024-35250(opens NVD record) | High | 7.8 | Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-35249(opens NVD record) | High | 8.8 | Microsoft Dynamics 365 Business Central Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-35248(opens NVD record) | High | 7.3 | Microsoft Dynamics 365 Business Central Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-30104(opens NVD record) | High | 7.8 | Microsoft Office Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30103(opens NVD record) | High | 8.8 | Microsoft Outlook Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30102(opens NVD record) | High | 7.3 | Microsoft Office Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30101(opens NVD record) | High | 7.5 | Microsoft Office Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30100(opens NVD record) | High | 7.8 | Microsoft SharePoint Server Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30099(opens NVD record) | High | 7.0 | Windows Kernel Elevation of Privilege Vulnerability | Jun 11, 2024 |
| CVE-2024-30097(opens NVD record) | High | 8.8 | Microsoft Speech Application Programming Interface (SAPI) Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30096(opens NVD record) | Medium | 5.5 | Windows Cryptographic Services Information Disclosure Vulnerability | Jun 11, 2024 |
| CVE-2024-30095(opens NVD record) | High | 7.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30094(opens NVD record) | High | 7.8 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | Jun 11, 2024 |
| CVE-2024-30093(opens NVD record) | High | 7.3 | Windows Storage Elevation of Privilege Vulnerability | Jun 11, 2024 |