Export limit exceeded: 26245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26245 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-41781 1 Zte 2 Mf258, Mf258 Firmware 2025-06-03 5.7 Medium
There is a Cross-site scripting (XSS)  vulnerability in ZTE MF258. Due to insufficient input validation of SMS interface parameter, an XSS attack will be triggered.
CVE-2024-0490 1 Huaxiaerp 1 Huaxia Erp 2025-06-03 5.3 Medium
A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.
CVE-2024-20721 2 Adobe, Microsoft 2 Acrobat, Edge Chromium 2025-06-03 5.5 Medium
Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-54188 1 Infoblox 1 Netmri 2025-06-03 5.3 Medium
Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
CVE-2023-2264 1 Selinc 2 Sel-411l, Sel-411l Firmware 2025-06-03 4 Medium
An improper input validation vulnerability in the Schweitzer Engineering Laboratories SEL-411L could allow a malicious actor to manipulate authorized users to click on a link that could allow undesired behavior. See product Instruction Manual Appendix A dated 20230830 for more details.
CVE-2023-40699 3 Ibm, Linux, Microsoft 4 Aix, Infosphere Information Server, Linux Kernel and 1 more 2025-06-03 7.5 High
IBM InfoSphere Information Server 11.7 could allow a remote attacker to cause a denial of service due to improper input validation. IBM X-Force ID: 265161.
CVE-2023-48644 1 Eptura 2 Archibus, Archibus Ios Application 2025-06-03 6.1 Medium
An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on.
CVE-2023-49107 3 Hitachi, Linux, Microsoft 3 Device Manager, Linux Kernel, Windows 2025-06-02 5.3 Medium
Generation of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules).This issue affects Hitachi Device Manager: before 8.8.5-04.
CVE-2024-0569 1 Totolink 2 T8, T8 Firmware 2025-06-02 4.3 Medium
A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.
CVE-2023-50431 1 Linux 1 Linux Kernel 2025-05-30 5.5 Medium
sec_attest_info in drivers/accel/habanalabs/common/habanalabs_ioctl.c in the Linux kernel through 6.6.5 allows an information leak to user space because info->pad0 is not initialized.
CVE-2023-28484 3 Debian, Redhat, Xmlsoft 5 Debian Linux, Enterprise Linux, Jboss Core Services and 2 more 2025-05-30 6.5 Medium
In libxml2 before 2.10.4, parsing of certain invalid XSD schemas can lead to a NULL pointer dereference and subsequently a segfault. This occurs in xmlSchemaFixupComplexType in xmlschemas.c.
CVE-2022-40482 1 Laravel 1 Framework 2025-05-30 5.3 Medium
The authentication method in Laravel 8.x through 9.x before 9.32.0 was discovered to be vulnerable to user enumeration via timeless timing attacks with HTTP/2 multiplexing. This is caused by the early return inside the hasValidCredentials method in the Illuminate\Auth\SessionGuard class when a user is found to not exist.
CVE-2023-44312 1 Apache 1 Servicecomb 2025-05-30 5.8 Medium
Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 (include). Users are recommended to upgrade to version 2.2.0, which fixes the issue.
CVE-2024-34009 1 Moodle 1 Moodle 2025-05-30 7.5 High
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is utilized.
CVE-2024-33999 1 Moodle 1 Moodle 2025-05-30 9.8 Critical
The referrer URL used by MFA required additional sanitizing, rather than being used directly.
CVE-2024-33996 1 Moodle 1 Moodle 2025-05-30 6.2 Medium
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to.
CVE-2022-45167 1 Archibus 1 Archibus Web Central 2025-05-30 4.3 Medium
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users.
CVE-2024-23771 1 Unix4lyfe 1 Darkhttpd 2025-05-30 9.8 Critical
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
CVE-2024-0717 1 Dlink 88 Dap-1360, Dap-1360 Firmware, Dir-1210 and 85 more 2025-05-30 5.3 Medium
A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.
CVE-2023-47152 3 Ibm, Linux, Microsoft 5 Aix, Db2, Linux On Ibm Z and 2 more 2025-05-30 5.9 Medium
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an insecure cryptographic algorithm and to information disclosure in stack trace under exceptional conditions.