Export limit exceeded: 342475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2943 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35389 | 1 Microsoft | 1 Dynamics 365 | 2025-02-27 | 6.5 Medium |
| Microsoft Dynamics 365 On-Premises Remote Code Execution Vulnerability | ||||
| CVE-2023-40732 | 1 Siemens | 1 Qms Automotive | 2025-02-27 | 3.9 Low |
| A vulnerability has been identified in QMS Automotive (All versions < V12.39). The QMS.Mobile module of the affected application does not invalidate the session token on logout. This could allow an attacker to perform session hijacking attacks. | ||||
| CVE-2023-4089 | 1 Wago | 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more | 2025-02-27 | 2.7 Low |
| On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected. | ||||
| CVE-2023-26461 | 1 Sap | 1 Netweaver Enterprise Portal | 2025-02-27 | 6.8 Medium |
| SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges. | ||||
| CVE-2023-27783 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | 7.5 High |
| An issue found in TCPreplay tcprewrite v.4.4.3 allows a remote attacker to cause a denial of service via the tcpedit_dlt_cleanup function at plugins/dlt_plugins.c. | ||||
| CVE-2023-22591 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation As A Service | 2025-02-26 | 3.9 Low |
| IBM Robotic Process Automation 21.0.1 through 21.0.7 and 23.0.0 through 23.0.1 could allow a user with physical access to the system due to session tokens for not being invalidated after a password reset. IBM X-Force ID: 243710. | ||||
| CVE-2023-1543 | 1 Answer | 1 Answer | 2025-02-26 | 8.8 High |
| Insufficient Session Expiration in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2023-28685 | 1 Jenkins | 1 Absint A3 | 2025-02-26 | 7.1 High |
| Jenkins AbsInt a³ Plugin 1.1.0 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-27789 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | 7.5 High |
| An issue found in TCPprep v.4.4.3 allows a remote attacker to cause a denial of service via the cidr2cidr function at the cidr.c:178 endpoint. | ||||
| CVE-2023-27788 | 1 Broadcom | 1 Tcpreplay | 2025-02-26 | 7.5 High |
| An issue found in TCPrewrite v.4.4.3 allows a remote attacker to cause a denial of service via the ports2PORT function at the portmap.c:69 endpoint. | ||||
| CVE-2023-27874 | 2 Ibm, Linux | 2 Aspera Faspex, Linux Kernel | 2025-02-26 | 9.9 Critical |
| IBM Aspera Faspex 4.4.2 is vulnerable to an XML external entity injection (XXE) attack when processing XML data. A remote authenticated attacker could exploit this vulnerability to execute arbitrary commands. IBM X-Force ID: 249845. | ||||
| CVE-2018-25082 | 1 Wechat Sdk Python Project | 1 Wechat Sdk Python | 2025-02-26 | 6.3 Medium |
| A vulnerability was found in zwczou WeChat SDK Python 0.3.0 and classified as critical. This issue affects the function validate/to_xml. The manipulation leads to xml external entity reference. The attack may be initiated remotely. Upgrading to version 0.5.5 is able to address this issue. The patch is named e54abadc777715b6dcb545c13214d1dea63df6c9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-223403. | ||||
| CVE-2024-34036 | 2025-02-25 | 4.3 Medium | ||
| An issue was discovered in O-RAN Near Realtime RIC I-Release. To exploit this vulnerability, an attacker can disrupt the initial connection between a gNB and the Near RT-RIC by inundating the system with a high volume of subscription requests via an xApp. | ||||
| CVE-2024-34035 | 2025-02-25 | 5.7 Medium | ||
| An issue was discovered in O-RAN Near Realtime RIC H-Release. To trigger the crashing of the e2mgr, an adversary must flood the system with a significant quantity of E2 Subscription Requests originating from an xApp. | ||||
| CVE-2024-34034 | 2025-02-25 | 5.7 Medium | ||
| An issue was discovered in FlexRIC 2.0.0. It crashes during a Subscription Request denial-of-service (DoS) attack, triggered by an assertion error. An attacker must send a high number of E42 Subscription Requests to the Near-RT RIC component. | ||||
| CVE-2023-28682 | 1 Jenkins | 1 Performance Publisher | 2025-02-25 | 8.2 High |
| Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28681 | 1 Jenkins | 1 Visual Studio Code Metrics | 2025-02-25 | 8.2 High |
| Jenkins Visual Studio Code Metrics Plugin 1.7 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-28680 | 1 Jenkins | 1 Crap4j | 2025-02-25 | 7.5 High |
| Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2023-20964 | 1 Google | 1 Android | 2025-02-25 | 7.8 High |
| In multiple functions of MediaSessionRecord.java, there is a possible Intent rebroadcast due to a confused deputy. This could lead to local denial of service or escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-238177121 | ||||
| CVE-2023-23929 | 1 Vantage6 | 1 Vantage6 | 2025-02-25 | 8.8 High |
| vantage6 is a privacy preserving federated learning infrastructure for secure insight exchange. Currently, the refresh token is valid indefinitely. The refresh token should get a validity of 24-48 hours. A fix was released in version 3.8.0. | ||||