Export limit exceeded: 342715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 74972 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (74972 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-51996 | 1 Symphony Php Framework | 1 Symphony Process | 2024-11-15 | 7.5 High |
| Symphony process is a module for the Symphony PHP framework which executes commands in sub-processes. When consuming a persisted remember-me cookie, Symfony does not check if the username persisted in the database matches the username attached with the cookie, leading to authentication bypass. This vulnerability is fixed in 5.4.47, 6.4.15, and 7.1.8. | ||||
| CVE-2024-31158 | 1 Intel | 1 Server Board S2600bp Firmware | 2024-11-15 | 7.5 High |
| Improper input validation in UEFI firmware in some Intel(R) Server Board S2600BP Family may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-38665 | 2024-11-15 | 8.4 High | ||
| Out-of-bounds write in some Intel(R) Graphics Drivers may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-45594 | 1 Decidim | 1 Decidim | 2024-11-15 | 7.7 High |
| Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0. | ||||
| CVE-2024-36282 | 1 Intel | 1 Server Board S2600st Firmware | 2024-11-15 | 8.2 High |
| Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-39368 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 8 High |
| Improper neutralization of special elements used in an SQL command ('SQL Injection') in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via adjacent access. | ||||
| CVE-2024-39766 | 1 Intel | 1 Neural Compressor Software | 2024-11-15 | 7 High |
| Improper neutralization of special elements used in SQL command in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2024-21799 | 2024-11-15 | 7.1 High | ||
| Path traversal for some Intel(R) Extension for Transformers software before version 1.5 may allow an authenticated user to potentially enable escalation of privilege via local access. | ||||
| CVE-2022-2232 | 1 Redhat | 1 Red Hat Single Sign On | 2024-11-15 | 7.5 High |
| A flaw was found in the Keycloak package. This flaw allows an attacker to utilize an LDAP injection to bypass the username lookup or potentially perform other malicious actions. | ||||
| CVE-2024-45254 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2024-11-15 | 7.5 High |
| VaeMendis - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2024-47915 | 1 Vaemendis | 1 Vaemendis Ubooquity | 2024-11-15 | 7.5 High |
| VaeMendis - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-6068 | 1 Rcokwellautomation | 1 Arena Input Analyzer | 2024-11-15 | 7.3 High |
| A memory corruption vulnerability exists in the affected products when parsing DFT files. Local threat actors can exploit this issue to disclose information and to execute arbitrary code. To exploit this vulnerability a legitimate user must open a malicious DFT file. | ||||
| CVE-2024-45253 | 1 Avigilon | 1 Videolq Icvr Hd Camera | 2024-11-15 | 7.5 High |
| Avigilon – CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-47916 | 2024-11-15 | 7.5 High | ||
| Boa web server - CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | ||||
| CVE-2024-10962 | 1 Wpvividplugins | 1 Migration Backup Staging Wpvivd Backup And Migration | 2024-11-15 | 8.8 High |
| The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site to trigger the exploit. | ||||
| CVE-2024-51377 | 1 Ladybirdweb | 1 Faveo Helpdesk | 2024-11-14 | 8.8 High |
| An issue in Ladybird Web Solution Faveo Helpdesk & Servicedesk (On-Premise and Cloud) 9.2.0 allows a remote attacker to execute arbitrary code via the Subject and Identifier fields | ||||
| CVE-2024-49381 | 1 Plenti | 2 Plenti, Plentico | 2024-11-14 | 7.5 High |
| Plenti, a static site generator, has an arbitrary file deletion vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write deletion when a plenti user serves their website. This issue may lead to information loss. Version 0.7.2 fixes the vulnerability. | ||||
| CVE-2024-49376 | 1 Autolabproject | 1 Autolab | 2024-11-14 | 8.8 High |
| Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their passwords. This issue is fixed in version 3.0.1. No known workarounds exist. | ||||
| CVE-2024-25431 | 1 Bytecodealliance | 1 Webassembly Micro Runtime | 2024-11-14 | 8.8 High |
| An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | ||||
| CVE-2024-50634 | 2 Sbond, Sbondco | 2 Watcharr, Watcharr | 2024-11-14 | 8.8 High |
| A vulnerability in a weak JWT token in Watcharr v1.43.0 and below allows attackers to perform privilege escalation using a crafted JWT token. This vulnerability is not limited to privilege escalation but also affects all functions that require authentication. | ||||