Search
CVE Explorer
Search the full tracked CVE corpus across every vendor — by keyword, vendor, severity, CVSS band and publication date. Server-rendered; each filtered view has its own URL.
01
Filters
Submit to refine — state is held in the URL.
02
Results
34,799 matching · page 383/696Each CVE id links to its NVD record.
| CVE | Severity | CVSS | Summary | Published |
|---|---|---|---|---|
| CVE-2023-47710(opens NVD record) | Medium | 5.4 | IBM Security Guardium 11.4, 11.5, and 12.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 271525. | May 24, 2024 |
| CVE-2024-5143(opens NVD record) | Medium | 6.8 | A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed. | May 23, 2024 |
| CVE-2024-2301(opens NVD record) | High | 7.6 | Certain HP LaserJet Pro devices are potentially vulnerable to a Cross-Site Scripting (XSS) attack via the web management interface of the device. | May 23, 2024 |
| CVE-2024-30280(opens NVD record) | High | 7.8 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 23, 2024 |
| CVE-2024-30279(opens NVD record) | High | 7.8 | Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | May 23, 2024 |
| CVE-2024-22026(opens NVD record) | Medium | 6.7 | A local privilege escalation vulnerability in EPMM before 12.1.0.0 allows an authenticated local user to bypass shell restriction and execute arbitrary commands on the appliance. | May 22, 2024 |
| CVE-2023-46807(opens NVD record) | Medium | 6.7 | An SQL Injection vulnerability in web component of EPMM before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | May 22, 2024 |
| CVE-2023-46806(opens NVD record) | Medium | 6.7 | An SQL Injection vulnerability in a web component of EPMM versions before 12.1.0.0 allows an authenticated user with appropriate privilege to access or modify data in the underlying database. | May 22, 2024 |
| CVE-2024-4454(opens NVD record) | High | 7.8 | WithSecure Elements Endpoint Protection Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of WithSecure Elements Endpoint Protection. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23035. | May 22, 2024 |
| CVE-2024-31895(opens NVD record) | Medium | 4.3 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288176. | May 22, 2024 |
| CVE-2024-31894(opens NVD record) | Medium | 4.3 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive user information using an expired access token. IBM X-Force ID: 288175. | May 22, 2024 |
| CVE-2024-27264(opens NVD record) | High | 7.4 | IBM Performance Tools for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 284563. | May 22, 2024 |
| CVE-2024-31904(opens NVD record) | Medium | 6.5 | IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 integration nodes could allow an authenticated user to cause a denial of service due to an uncaught exception. IBM X-Force ID: 289647. | May 22, 2024 |
| CVE-2024-31893(opens NVD record) | Medium | 4.3 | IBM App Connect Enterprise 12.0.1.0 through 12.0.12.1 could allow an authenticated user to obtain sensitive calendar information using an expired access token. IBM X-Force ID: 288174. | May 22, 2024 |
| CVE-2024-21791(opens NVD record) | Medium | 4.7 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection in lockout history option. Note: Non-admin users cannot exploit this vulnerability. | May 22, 2024 |
| CVE-2024-20360(opens NVD record) | High | 8.8 | A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately validate user input. An attacker could exploit this vulnerability by authenticating to the application and sending crafted SQL queries to an affected system. A successful exploit could allow the attacker to obtain any data from the database, execute arbitrary commands on the underlying operating system, and elevate privileges to root. To exploit this vulnerability, an attacker would need at least Read Only user credentials. | May 22, 2024 |
| CVE-2024-4563(opens NVD record) | Medium | 6.1 | The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length. | May 22, 2024 |
| CVE-2024-20363(opens NVD record) | Medium | 5.8 | Multiple Cisco products are affected by a vulnerability in the Snort Intrusion Prevention System (IPS) rule engine that could allow an unauthenticated, remote attacker to bypass the configured rules on an affected system. This vulnerability is due to incorrect HTTP packet handling. An attacker could exploit this vulnerability by sending crafted HTTP packets through an affected device. A successful exploit could allow the attacker to bypass configured IPS rules and allow uninspected traffic onto the network. | May 22, 2024 |
| CVE-2024-20361(opens NVD record) | Medium | 5.8 | A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software. This vulnerability is due to the incorrect deployment of the Object Groups for ACLs feature from Cisco FMC Software to managed FTD devices in high-availability setups. After an affected device is rebooted following Object Groups for ACLs deployment, an attacker can exploit this vulnerability by sending traffic through the affected device. A successful exploit could allow the attacker to bypass configured access controls and successfully send traffic to devices that are expected to be protected by the affected device. | May 22, 2024 |
| CVE-2024-20355(opens NVD record) | Medium | 5.0 | A vulnerability in the implementation of SAML 2.0 single sign-on (SSO) for remote access VPN services in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, remote attacker to successfully establish a VPN session on an affected device. This vulnerability is due to improper separation of authorization domains when using SAML authentication. An attacker could exploit this vulnerability by using valid credentials to successfully authenticate using their designated connection profile (tunnel group), intercepting the SAML SSO token that is sent back from the Cisco ASA device, and then submitting the same SAML SSO token to a different tunnel group for authentication. A successful exploit could allow the attacker to establish a remote access VPN session using a connection profile that they are not authorized to use and connect to secured networks behind the affected device that they are not authorized to access. For successful exploitation, the attacker must have valid remote access VPN user credentials. | May 22, 2024 |
| CVE-2024-20293(opens NVD record) | Medium | 5.8 | A vulnerability in the activation of an access control list (ACL) on Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass the protection that is offered by a configured ACL on an affected device. This vulnerability is due to a logic error that occurs when an ACL changes from inactive to active in the running configuration of an affected device. An attacker could exploit this vulnerability by sending traffic through the affected device that should be denied by the configured ACL. The reverse condition is also true—traffic that should be permitted could be denied by the configured ACL. A successful exploit could allow the attacker to bypass configured ACL protections on the affected device, allowing the attacker to access trusted networks that the device might be protecting. Note: This vulnerability applies to both IPv4 and IPv6 traffic as well as dual-stack ACL configurations in which both IPv4 and IPv6 ACLs are configured on an interface. | May 22, 2024 |
| CVE-2024-20261(opens NVD record) | Medium | 5.8 | A vulnerability in the file policy feature that is used to inspect encrypted archive files of Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to bypass a configured file policy to block an encrypted archive file. This vulnerability exists because of a logic error when a specific class of encrypted archive files is inspected. An attacker could exploit this vulnerability by sending a crafted, encrypted archive file through the affected device. A successful exploit could allow the attacker to send an encrypted archive file, which could contain malware and should have been blocked and dropped at the Cisco FTD device. | May 22, 2024 |
| CVE-2024-5160(opens NVD record) | High | 8.8 | Heap buffer overflow in Dawn in Google Chrome prior to 125.0.6422.76 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | May 22, 2024 |
| CVE-2020-35165(opens NVD record) | Medium | 5.1 | Dell BSAFE Crypto-C Micro Edition, versions before 4.1.5, and Dell BSAFE Micro Edition Suite, versions before 4.6, contain an Observable Timing Discrepancy Vulnerability. | May 22, 2024 |
| CVE-2024-22275(opens NVD record) | Medium | 4.9 | The vCenter Server contains a partial file read vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to partially read arbitrary files containing sensitive data. | May 21, 2024 |
| CVE-2024-22274(opens NVD record) | High | 7.2 | The vCenter Server contains an authenticated remote code execution vulnerability. A malicious actor with administrative privileges on the vCenter appliance shell may exploit this issue to run arbitrary commands on the underlying operating system. | May 21, 2024 |
| CVE-2024-22273(opens NVD record) | High | 8.1 | The storage controllers on VMware ESXi, Workstation, and Fusion have out-of-bounds read/write vulnerability. A malicious actor with access to a virtual machine with storage controllers enabled may exploit this issue to create a denial of service condition or execute code on the hypervisor from a virtual machine in conjunction with other issues. | May 21, 2024 |
| CVE-2024-36052(opens NVD record) | High | 7.5 | RARLAB WinRAR before 7.00, on Windows, allows attackers to spoof the screen output via ANSI escape sequences, a different issue than CVE-2024-33899. | May 21, 2024 |
| CVE-2024-29000(opens NVD record) | High | 7.9 | The SolarWinds Platform was determined to be affected by a reflected cross-site scripting vulnerability affecting the web console. A high-privileged user and user interaction is required to exploit this vulnerability. | May 20, 2024 |
| CVE-2023-49335(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while getting file server details. | May 20, 2024 |
| CVE-2023-49334(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while exporting a full summary report. | May 20, 2024 |
| CVE-2023-49333(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the dashboard graph feature. | May 20, 2024 |
| CVE-2023-49332(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection while adding file shares. | May 20, 2024 |
| CVE-2023-49331(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL injection in the aggregate reports search option. | May 20, 2024 |
| CVE-2024-27312(opens NVD record) | High | 8.1 | Zohocorp ManageEngine PAM360 version 6601 is vulnerable to authorization vulnerability which allows a low-privileged user to perform admin actions. Note: This vulnerability affects only the PAM360 6600 version. No other versions are applicable to this vulnerability. | May 20, 2024 |
| CVE-2023-49330(opens NVD record) | High | 8.3 | Zoho ManageEngine ADAudit Plus versions below 7271 allows SQL Injection while getting aggregate report data. | May 20, 2024 |
| CVE-2024-31879(opens NVD record) | High | 7.5 | IBM i 7.2, 7.3, and 7.4 could allow a remote attacker to execute arbitrary code leading to a denial of service of network ports on the system, caused by the deserialization of untrusted data. IBM X-Force ID: 287539. | May 18, 2024 |
| CVE-2024-23583(opens NVD record) | Medium | 6.7 | An attacker could potentially intercept credentials via the task manager and perform unauthorized access to the Client Deploy Tool on Windows systems. | May 17, 2024 |
| CVE-2024-22429(opens NVD record) | High | 7.5 | Dell BIOS contains an Improper Input Validation vulnerability. A local authenticated malicious user with admin privileges could potentially exploit this vulnerability, leading to arbitrary code execution. | May 17, 2024 |
| CVE-2024-22120(opens NVD record) | Critical | 9.1 | Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection. | May 17, 2024 |
| CVE-2024-30060(opens NVD record) | High | 7.8 | Azure Monitor Agent Elevation of Privilege Vulnerability | May 16, 2024 |
| CVE-2023-47855(opens NVD record) | Medium | 6.0 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-46691(opens NVD record) | High | 7.9 | Use after free in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-45745(opens NVD record) | High | 7.9 | Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-45736(opens NVD record) | Medium | 6.7 | Insecure inherited permissions in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-45315(opens NVD record) | Medium | 5.5 | Improper initialization in some Intel(R) Power Gadget software for Windwos all versions may allow an authenticated user to potentially enable denial of service via local access. | May 16, 2024 |
| CVE-2023-45217(opens NVD record) | High | 8.8 | Improper access control in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-42773(opens NVD record) | High | 8.8 | Improper neutralization in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | May 16, 2024 |
| CVE-2023-41234(opens NVD record) | Medium | 5.0 | NULL pointer dereference in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable denial of service via local access. | May 16, 2024 |
| CVE-2023-38581(opens NVD record) | High | 8.8 | Buffer overflow in Intel(R) Power Gadget software for Windows all versions may allow an authenticated user to potentially enable escalation of privilege via local access. | May 16, 2024 |