31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 251–300 of 1,619 in KEV · page 6 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2025-0108 | Palo Alto Networks PAN-OS Authentication Bypass Vulnerability KEVCVSS 9.1Palo Alto Networks | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacke… |
| CVE-2024-9680 | Mozilla Firefox Use-After-Free Vulnerability KEVMozilla | Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. |
| CVE-2024-9537 | ScienceLogic SL1 Unspecified Vulnerability KEVScienceLogic | ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component. |
| CVE-2024-9474 | Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability KEVPalo Alto Networks | Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for se… |
| CVE-2024-9465 | Palo Alto Networks Expedition SQL Injection Vulnerability KEVPalo Alto Networks | Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as pa… |
| CVE-2024-9463 | Palo Alto Networks Expedition OS Command Injection Vulnerability KEVPalo Alto Networks | Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Ex… |
| CVE-2024-9380 | Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability KEVIvanti | Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker wi… |
| CVE-2024-9379 | Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability KEVIvanti | Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote atta… |
| CVE-2024-8963 | Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability KEVIvanti | Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted function… |
| CVE-2024-8957 | PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability KEVPTZOptics | PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a… |
| CVE-2024-8956 | PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability KEVPTZOptics | PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for th… |
| CVE-2024-8190 | Ivanti Cloud Services Appliance OS Command Injection Vulnerability KEVIvanti | Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker wi… |
| CVE-2024-8069 | Citrix Session Recording Deserialization of Untrusted Data Vulnerability KEVCitrix | Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkServic… |
| CVE-2024-8068 | Citrix Session Recording Improper Privilege Management Vulnerability KEVCitrix | Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An… |
| CVE-2024-7971 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability… |
| CVE-2024-7965 | Google Chromium V8 Inappropriate Implementation Vulnerability KEVGoogle | Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HT… |
| CVE-2024-7694 | TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability KEVTeamT5 | TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly val… |
| CVE-2024-7593 | Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability KEVCVSS 9.8Ivanti | Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator … |
| CVE-2024-7399 | Samsung MagicINFO 9 Server Path Traversal Vulnerability KEVSamsung | Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority. |
| CVE-2024-7262 | Kingsoft WPS Office Path Traversal Vulnerability KEVKingsoft | Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library. |
| CVE-2024-6670 | Progress WhatsUp Gold SQL Injection Vulnerability KEVProgress | Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the applicati… |
| CVE-2024-6047 | GeoVision Devices OS Command Injection Vulnerability KEVGeoVision | Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system … |
| CVE-2024-5910 | Palo Alto Networks Expedition Missing Authentication Vulnerability KEVPalo Alto Networks | Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin accou… |
| CVE-2024-58136 | Yiiframework Yii Improper Protection of Alternate Path Vulnerability KEVYiiframework | Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability co… |
| CVE-2024-57968 | Advantive VeraCore Unrestricted File Upload Vulnerability KEVAdvantive | Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via u… |
| CVE-2024-57728 | SimpleHelp Path Traversal Vulnerability KEVSimpleHelp | SimpleHelp contains a path traversal vulnerability that allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip fil… |
| CVE-2024-57727 | SimpleHelp Path Traversal Vulnerability KEVSimpleHelp | SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files fro… |
| CVE-2024-57726 | SimpleHelp Missing Authorization Vulnerability KEVSimpleHelp | SimpleHelp contains a missing authorization vulnerability that could allow low-privileged technicians to create API keys with excessive permissions. These API … |
| CVE-2024-56145 | Craft CMS Code Injection Vulnerability KEVCraft CMS | Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `reg… |
| CVE-2024-55956 | Cleo Multiple Products Unauthenticated File Upload Vulnerability KEVCleo | Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenti… |
| CVE-2024-55591 | Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability KEVFortinet | Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privilege… |
| CVE-2024-55550 | Mitel MiCollab Path Traversal Vulnerability KEVMitel | Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the… |
| CVE-2024-54085 | AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability KEVAMI | AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may … |
| CVE-2024-53704 | SonicWall SonicOS SSLVPN Improper Authentication Vulnerability KEVSonicWall | SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authenticati… |
| CVE-2024-53197 | Linux Kernel Out-of-Bounds Access Vulnerability KEVLinux | Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicio… |
| CVE-2024-53150 | Linux Kernel Out-of-Bounds Read Vulnerability KEVLinux | Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive info… |
| CVE-2024-53104 | Linux Kernel Out-of-Bounds Write Vulnerability KEVLinux | Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physic… |
| CVE-2024-5274 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affe… |
| CVE-2024-5217 | ServiceNow Incomplete List of Disallowed Inputs Vulnerability KEVServiceNow | ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression scr… |
| CVE-2024-51567 | CyberPanel Incorrect Default Permissions Vulnerability KEVCyberPersons | CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root. |
| CVE-2024-51378 | CyberPanel Incorrect Default Permissions Vulnerability KEVCyberPersons | CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell me… |
| CVE-2024-50623 | Cleo Multiple Products Unrestricted File Upload Vulnerability KEVCleo | Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to … |
| CVE-2024-50603 | Aviatrix Controllers OS Command Injection Vulnerability KEVAviatrix | Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters… |
| CVE-2024-50302 | Linux Kernel Use of Uninitialized Resource Vulnerability KEVLinux | The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report. |
| CVE-2024-4978 | Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability KEVJustice AV Solutions | Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07… |
| CVE-2024-4947 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. |
| CVE-2024-49138 | Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability KEVMicrosoft | Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. |
| CVE-2024-49039 | Microsoft Windows Task Scheduler Privilege Escalation Vulnerability KEVMicrosoft | Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges ou… |
| CVE-2024-49035 | Microsoft Partner Center Improper Access Control Vulnerability KEVMicrosoft | Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges. |
| CVE-2024-4885 | Progress WhatsUp Gold Path Traversal Vulnerability KEVProgress | Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution. |