Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-1355 | 1 Github | 1 Enterprise Server | 2025-03-24 | 9.1 Critical |
| A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2023-21428 | 1 Samsung | 1 Android | 2025-03-24 | 4 Medium |
| Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. | ||||
| CVE-2022-45088 | 1 Gruparge | 1 Smartpower Web | 2025-03-24 | 9.8 Critical |
| Improper Input Validation vulnerability in Group Arge Energy and Control Systems Smartpower Web allows PHP Local File Inclusion.This issue affects Smartpower Web: before 23.01.01. | ||||
| CVE-2023-23592 | 1 Wallix | 1 Bastion Access Manager | 2025-03-24 | 7.5 High |
| WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information. | ||||
| CVE-2023-21446 | 1 Samsung | 1 Android | 2025-03-24 | 6.2 Medium |
| Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | ||||
| CVE-2023-21451 | 1 Samsung | 1 Android | 2025-03-24 | 6.7 Medium |
| A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. | ||||
| CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2025-03-24 | 3.3 Low |
| Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | ||||
| CVE-2023-21435 | 1 Samsung | 1 Android | 2025-03-24 | 4.4 Medium |
| Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log. | ||||
| CVE-2023-21439 | 1 Samsung | 1 Android | 2025-03-24 | 8.5 High |
| Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities. | ||||
| CVE-2023-24569 | 1 Dell | 1 Alienware Command Center | 2025-03-24 | 7.8 High |
| Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system. | ||||
| CVE-2022-24410 | 1 Dell | 310 Alienware 13 R2, Alienware 13 R2 Firmware, Alienware 13 R3 and 307 more | 2025-03-24 | 6.8 Medium |
| Dell BIOS contains an information exposure vulnerability. An unauthenticated local attacker with physical access to the system and knowledge of the system configuration could potentially exploit this vulnerability to read system information via debug interfaces. | ||||
| CVE-2024-48798 | 1 Hubble Connected | 1 Hubble Connected | 2025-03-24 | 7.5 High |
| An issue in Hubble Connected (com.hubbleconnected.vervelife) 2.00.81 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2022-45725 | 1 Comfast | 2 Cf-wr610n, Cf-wr610n Firmware | 2025-03-24 | 8.8 High |
| Improper Input Validation in Comfast router CF-WR6110N V2.3.1 allows a remote attacker on the same network to execute arbitrary code on the target via an HTTP POST request | ||||
| CVE-2022-46675 | 1 Dell | 1 Wyse Management Suite | 2025-03-24 | 5.3 Medium |
| Wyse Management Suite Repository 3.8 and below contain an information disclosure vulnerability. A unauthenticated attacker could potentially discover the internal structure of the application and its components and use this information for further vulnerability research. | ||||
| CVE-2024-31817 | 1 Totolink | 2 Ex200, Ex200 Firmware | 2025-03-24 | 7.5 High |
| In TOTOLINK EX200 V4.0.3c.7646_B20201211, an attacker can obtain sensitive information without authorization through the function getSysStatusCfg. | ||||
| CVE-2025-2689 | 1 Yiiframework | 1 Yii | 2025-03-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-2690 | 1 Yiiframework | 1 Yii | 2025-03-24 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-48799 | 2025-03-24 | 7.5 High | ||
| An issue in LOREX TECHNOLOGY INC com.lorexcorp.lorexping 1.4.22 allows a remote attacker to obtain sensitive information via the firmware update process. | ||||
| CVE-2022-46650 | 1 Sierrawireless | 9 Aleos, Es450, Gx450 and 6 more | 2025-03-24 | 4.9 Medium |
| Acemanager in ALEOS before version 4.16 allows a user with valid credentials to reconfigure the device to expose the ACEManager credentials on the pre-login status page. | ||||
| CVE-2018-7935 | 1 Huawei | 2 E5573cs-322, E5573cs-322 Firmware | 2025-03-24 | 5.3 Medium |
| There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable. | ||||