Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 24693 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (24693 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21558 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2025-01-01 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-21550 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 5.5 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2023-21540 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 5.5 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-12-31 | 8.4 High |
| An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
| CVE-2024-43455 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-12-31 | 8.8 High |
| Windows Remote Desktop Licensing Service Spoofing Vulnerability | ||||
| CVE-2024-38245 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38244 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38243 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38234 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-12-31 | 6.5 Medium |
| Windows Networking Denial of Service Vulnerability | ||||
| CVE-2024-38046 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-38241 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38230 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-12-31 | 6.5 Medium |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
| CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-12-31 | 8.2 High |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2024-54454 | 2024-12-31 | 5.3 Medium | ||
| An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames. | ||||
| CVE-2024-27315 | 1 Apache | 1 Superset | 2024-12-31 | 4.3 Medium |
| An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | ||||
| CVE-2024-47922 | 2024-12-30 | 7.5 High | ||
| Priority – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-47923 | 2024-12-30 | 5.3 Medium | ||
| Mashov – CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | ||||
| CVE-2024-12994 | 2024-12-28 | 6.3 Medium | ||
| A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-12-27 | 6.1 Medium |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | ||||
| CVE-2024-12984 | 2024-12-27 | 5.3 Medium | ||
| A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||