Export limit exceeded: 340857 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29885 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43534 | 2 Arubanetworks, Linux | 2 Clearpass Policy Manager, Linux Kernel | 2025-04-10 | 7.8 High |
| A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the Linux instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2022-43533 | 2 Apple, Arubanetworks | 2 Macos, Clearpass Policy Manager | 2025-04-10 | 7.8 High |
| A vulnerability in the ClearPass OnGuard macOS agent could allow malicious users on a macOS instance to elevate their user privileges. A successful exploit could allow these users to execute arbitrary code with root level privileges on the macOS instance in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x: 6.10.7 and below and ClearPass Policy Manager 6.9.x: 6.9.12 and below. | ||||
| CVE-2024-9099 | 1 Lunary | 1 Lunary | 2025-04-10 | 8.1 High |
| In lunary-ai/lunary version v1.4.29, the GET /projects API endpoint exposes both public and private API keys for all projects to users with minimal permissions, such as Viewers or Prompt Editors. This vulnerability allows unauthorized users to retrieve sensitive credentials, which can be used to perform actions on behalf of the project, access private data, and delete resources. The private API keys are exposed in the developer tools when the endpoint is called from the frontend. | ||||
| CVE-2022-38184 | 1 Esri | 1 Portal For Arcgis | 2025-04-10 | 7.5 High |
| There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs. | ||||
| CVE-2023-40500 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19944. | ||||
| CVE-2023-40501 | 1 Lg | 1 Simple Editor | 2025-04-10 | 9.8 Critical |
| LG Simple Editor copyContent Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the copyContent command. The issue results from an exposed dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. . Was ZDI-CAN-19945. | ||||
| CVE-2022-25926 | 1 Window-control Project | 1 Window-control | 2025-04-10 | 7.4 High |
| Versions of the package window-control before 1.4.5 are vulnerable to Command Injection via the sendKeys function, due to improper input sanitization. | ||||
| CVE-2022-25923 | 1 Exec-local-bin Project | 1 Exec-local-bin | 2025-04-10 | 7.4 High |
| Versions of the package exec-local-bin before 1.2.0 are vulnerable to Command Injection via the theProcess() functionality due to improper user-input sanitization. | ||||
| CVE-2022-43920 | 1 Ibm | 1 Sterling B2b Integrator | 2025-04-10 | 6.3 Medium |
| IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.1 could allow an authenticated user to gain privileges in a different group due to an access control vulnerability in the Sftp server adapter. IBM X-Force ID: 241362. | ||||
| CVE-2023-5457 | 1 Ailux | 1 Imx6 | 2025-04-09 | 7.5 High |
| A CWE-1269 “Product Released in Non-Release Configuration” vulnerability in the Django web framework used by the web application (due to the “debug” configuration parameter set to “True”) allows a remote unauthenticated attacker to access critical information and have other unspecified impacts to the confidentiality, integrity, and availability of the application. This issue affects: AiLux imx6 bundle below version imx6_1.0.7-2. | ||||
| CVE-1999-0012 | 2 Microsoft, Netscape | 5 Frontpage, Internet Information Server, Personal Web Server and 2 more | 2025-04-09 | 7 High |
| Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names. | ||||
| CVE-1999-0011 | 8 Data General, Ibm, Isc and 5 more | 11 Dg Ux, Aix, Bind and 8 more | 2025-04-09 | 5.4 Medium |
| Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer. | ||||
| CVE-2017-20166 | 1 Ecto Project | 1 Ecto | 2025-04-09 | 9.8 Critical |
| Ecto 2.2.0 lacks a certain protection mechanism associated with the interaction between is_nil and raise. | ||||
| CVE-2022-25890 | 1 Wifey Project | 1 Wifey | 2025-04-09 | 7.4 High |
| All versions of the package wifey are vulnerable to Command Injection via the connect() function due to improper input sanitization. | ||||
| CVE-2007-4421 | 1 Olate | 1 Olatedownload | 2025-04-09 | N/A |
| SQL injection vulnerability in Admin.php in Olate Download (od) 3.4.1 allows remote attackers to execute arbitrary SQL commands via an OD3_AutoLogin cookie. | ||||
| CVE-2007-3704 | 1 Entertainment Cms | 1 Entertainment Cms | 2025-04-09 | N/A |
| Entertainment CMS allows remote attackers to bypass authentication and perform certain administrative actions by setting the adminLogged cookie to "Administrator." | ||||
| CVE-2007-4425 | 1 Live For Speed | 1 Live For Speed | 2025-04-09 | N/A |
| Multiple buffer overflows in Live for Speed (LFS) demo, S1, and S2 allow remote authenticated users to (1) cause a denial of service (server crash) and probably execute arbitrary code via an ID 3 packet with a long nickname field, and (2) cause a denial of service (server crash) via an ID 10 packet containing a long string corresponding to an unavailable track. | ||||
| CVE-2006-5401 | 1 Aroundme | 1 Aroundme | 2025-04-09 | N/A |
| PHP remote file inclusion vulnerability in template/barnraiser_01/p_new_password.tpl.php in AROUNDMe 0.5.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the templatePath parameter. | ||||
| CVE-2007-3727 | 1 Valarsoft | 1 Webmatic | 2025-04-09 | N/A |
| Multiple unspecified vulnerabilities in Webmatic before 2.7 have unknown impact and attack vectors, related to the "administration area." | ||||
| CVE-2007-4414 | 1 Cisco | 1 Vpn Client | 2025-04-09 | N/A |
| Cisco VPN Client on Windows before 4.8.02.0010 allows local users to gain privileges by enabling the "Start Before Logon" (SBL) and Microsoft Dial-Up Networking options, and then interacting with the dial-up networking dialog box. | ||||