Export limit exceeded: 333883 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-20825 | 1 Samsung | 1 Galaxy Store | 2025-05-15 | 5.5 Medium |
| Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-43516 | 1 Qualcomm | 16 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 13 more | 2025-05-15 | 7.8 High |
| Memory corruption when malformed message payload is received from firmware. | ||||
| CVE-2023-43517 | 1 Qualcomm | 38 Qam8255p, Qam8255p Firmware, Qam8295p and 35 more | 2025-05-15 | 8.4 High |
| Memory corruption in Automotive Multimedia due to improper access control in HAB. | ||||
| CVE-2024-24591 | 1 Clear | 1 Clearml | 2025-05-15 | 8 High |
| A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with. | ||||
| CVE-2023-35188 | 1 Solarwinds | 1 Solarwinds Platform | 2025-05-15 | 8 High |
| SQL Injection Remote Code Execution Vulnerability was found using a create statement in the SolarWinds Platform. This vulnerability requires user authentication to be exploited. | ||||
| CVE-2023-47618 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-05-15 | 7.2 High |
| A post authentication command execution vulnerability exists in the web filtering functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2023-42664 | 1 Tp-link | 2 Er7206, Er7206 Firmware | 2025-05-15 | 7.2 High |
| A post authentication command injection vulnerability exists when setting up the PPTP global configuration of Tp-Link ER7206 Omada Gigabit VPN Router 1.3.0 build 20230322 Rel.70591. A specially crafted HTTP request can lead to arbitrary command injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. | ||||
| CVE-2024-24577 | 1 Libgit2 | 1 Libgit2 | 2025-05-15 | 8.6 High |
| libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. | ||||
| CVE-2023-45213 | 1 Westermo | 2 L206-f2g, L206-f2g Firmware | 2025-05-15 | 6.6 Medium |
| A potential attacker with access to the Westermo Lynx device would be able to execute malicious code that could affect the correct functioning of the device. | ||||
| CVE-2024-23769 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-05-15 | 7.3 High |
| Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. | ||||
| CVE-2024-24811 | 1 Zope | 1 Sqlalchemyda | 2025-05-15 | 9.8 Critical |
| SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. | ||||
| CVE-2023-43017 | 1 Ibm | 1 Security Verify Access | 2025-05-15 | 8.2 High |
| IBM Security Verify Access 10.0.0.0 through 10.0.6.1 could allow a privileged user to install a configuration file that could allow remote access. IBM X-Force ID: 266155. | ||||
| CVE-2023-38369 | 1 Ibm | 1 Security Access Manager Container | 2025-05-15 | 6.2 Medium |
| IBM Security Access Manager Container 10.0.0.0 through 10.0.6.1 does not require that docker images should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 261196. | ||||
| CVE-2023-47798 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-05-15 | 5.4 Medium |
| Account lockout in Liferay Portal 7.2.0 through 7.3.0, and older unsupported versions, and Liferay DXP 7.2 before fix pack 5, and older unsupported versions does not invalidate existing user sessions, which allows remote authenticated users to remain authenticated after an account has been locked. | ||||
| CVE-2024-25146 | 1 Liferay | 3 Digital Experience Platform, Dxp, Liferay Portal | 2025-05-15 | 5.3 Medium |
| Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used. | ||||
| CVE-2023-6518 | 1 Miateknoloji | 1 Mia-med | 2025-05-15 | 7.5 High |
| Plaintext Storage of a Password vulnerability in Mia Technology Inc. MİA-MED allows Read Sensitive Strings Within an Executable.This issue affects MİA-MED: before 1.0.7. | ||||
| CVE-2024-1149 | 4 Apple, Linux, Microsoft and 1 more | 4 Macos, Linux Kernel, Windows and 1 more | 2025-05-15 | 7.8 High |
| Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. | ||||
| CVE-2024-24819 | 1 Icinga | 1 Icingaweb2-module-incubator | 2025-05-15 | 5.3 Medium |
| icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-6724 | 1 Simgesel | 1 Hearing Tracking System | 2025-05-15 | 8.8 High |
| Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse.This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release 1.0. | ||||
| CVE-2024-1404 | 1 Linksys | 2 Wrt54gl, Wrt54gl Firmware | 2025-05-15 | 4.3 Medium |
| A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||