Export limit exceeded: 365349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (8866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1640 1 Debian 1 Axiom 2025-04-11 N/A
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-1639 1 Debian 1 Syncevolution 2025-04-11 N/A
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite arbitrary files via a symlink attack on the new filename.
CVE-2014-0027 1 Cmu 1 Flite 2025-04-11 N/A
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from third party information.
CVE-2013-6891 2 Apple, Canonical 2 Cups, Ubuntu Linux 2025-04-11 N/A
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cups/client.conf.
CVE-2012-4028 1 Tridium 1 Niagara Ax 2025-04-11 N/A
Tridium Niagara AX Framework does not properly store credential data, which allows context-dependent attackers to bypass intended access restrictions by using the stored information for authentication.
CVE-2022-47037 1 Siklu 10 Tg Firmware, Tg Lr T280, Tg Mpl-261 and 7 more 2025-04-10 7.5 High
Siklu TG Terragraph devices before 2.1.1 allow attackers to discover valid, randomly generated credentials via GetCredentials.
CVE-2024-51542 1 Abb 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more 2025-04-10 8.2 High
Configuration Download vulnerabilities allow access to dependency configuration information.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2024-51546 1 Abb 41 Aspect-ent-12, Aspect-ent-12 Firmware, Aspect-ent-2 and 38 more 2025-04-10 7.5 High
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles.  Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02
CVE-2022-4236 1 Welcart 1 Welcart E-commerce 2025-04-10 6.5 Medium
The Welcart e-Commerce WordPress plugin before 2.8.5 does not validate user input before using it to output the content of a file via an AJAX action available to any authenticated users, which could allow users with a role as low as subscriber to read arbitrary files on the server.
CVE-2024-9052 2025-04-10 N/A
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-57762 1 Wangl1989 1 Mysiteforme 2025-04-10 7.5 High
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file.
CVE-2024-57763 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField.
CVE-2024-57764 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add.
CVE-2024-57766 1 Wangl1989 1 Mysiteforme 2025-04-10 9.1 Critical
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField.
CVE-2023-40510 1 Lg 1 Simple Editor 2025-04-10 7.5 High
LG Simple Editor getServerSetting Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getServerSetting method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20012.
CVE-2023-40511 1 Lg 1 Simple Editor 2025-04-10 7.5 High
LG Simple Editor checkServer Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the checkServer method. The issue results from the exposure of plaintext credentials. An attacker can leverage this vulnerability to bypass authentication on the system. . Was ZDI-CAN-20013.
CVE-2024-39931 1 Gogs 1 Gogs 2025-04-10 9.9 Critical
Gogs through 0.13.0 allows deletion of internal files.
CVE-2023-45594 1 Ailux 1 Imx6 2025-04-09 6.8 Medium
A CWE-552 “Files or Directories Accessible to External Parties” vulnerability in the embedded Chromium browser allows a physical attacker to arbitrarily download/upload files to/from the file system, with unspecified impacts to the confidentiality, integrity, and availability of the device. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2.
CVE-2025-25759 1 Sucms Project 1 Sucms 2025-04-09 7.5 High
An issue in the component admin_template.php of SUCMS v1.0 allows attackers to execute a directory traversal and arbitrary file deletion via a crafted GET request.
CVE-2024-13126 1 W3eden 1 Download Manager 2025-04-09 4.6 Medium
The Download Manager WordPress plugin before 3.3.07 doesn't prevent directory listing on web servers that don't use htaccess, allowing unauthorized access of files.