31,467 indexed
CVECVE vulnerabilities
31,467 CVEs indexed — newest first. Filter by CVSS severity or CISA KEV listing; KEV-flagged entries surface a rose pill. Authored by Adam Lundqvist.
Showing 401–450 of 1,619 in KEV · page 9 of 33
| ID | Title | Summary |
|---|---|---|
| CVE-2024-13161 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability KEVIvanti | Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-13160 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability KEVIvanti | Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-13159 | Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability KEVIvanti | Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. |
| CVE-2024-12987 | DrayTek Vigor Routers OS Command Injection Vulnerability KEVDrayTek | DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.… |
| CVE-2024-12686 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability KEVBeyondTrust | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with exis… |
| CVE-2024-12356 | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability KEVBeyondTrust | BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to in… |
| CVE-2024-1212 | Progress Kemp LoadMaster OS Command Injection Vulnerability KEVProgress | Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMa… |
| CVE-2024-11680 | ProjectSend Improper Authentication Vulnerability KEVProjectSend | ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the applica… |
| CVE-2024-11667 | Zyxel Multiple Firewalls Path Traversal Vulnerability KEVZyxel | Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a … |
| CVE-2024-11182 | MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability KEVMDaemon | MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail mes… |
| CVE-2024-11120 | GeoVision Devices OS Command Injection Vulnerability KEVGeoVision | Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system … |
| CVE-2024-1086 | Linux Kernel Use-After-Free Vulnerability KEVLinux | Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. |
| CVE-2024-0769 | D-Link DIR-859 Router Path Traversal Vulnerability KEVD-Link | D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument … |
| CVE-2024-0519 | Google Chromium V8 Out-of-Bounds Memory Access Vulnerability KEVGoogle | Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a craf… |
| CVE-2024-0012 | Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability KEVPalo Alto Networks | Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewall… |
| CVE-2023-7101 | Spreadsheet::ParseExcel Remote Code Execution Vulnerability KEVSpreadsheet::ParseExcel | Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type “eval”. Specifically, th… |
| CVE-2023-7028 | GitLab Community and Enterprise Editions Improper Access Control Vulnerability KEVGitLab | GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent … |
| CVE-2023-7024 | Google Chromium WebRTC Heap Buffer Overflow Vulnerability KEVGoogle | Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a… |
| CVE-2023-6549 | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability KEVCitrix | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtua… |
| CVE-2023-6548 | Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability KEVCitrix | Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interfa… |
| CVE-2023-6448 | Unitronics Vision PLC and HMI Insecure Default Password Vulnerability KEVUnitronics | Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. |
| CVE-2023-6345 | Google Skia Integer Overflow Vulnerability KEVGoogle | Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform… |
| CVE-2023-5631 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability KEVRoundcube | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. |
| CVE-2023-5217 | Google Chromium libvpx Heap Buffer Overflow Vulnerability KEVGoogle | Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a… |
| CVE-2023-52163 | Digiever DS-2105 Pro Missing Authorization Vulnerability KEVDigiever | Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi. |
| CVE-2023-50224 | TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability KEVTP-Link | TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the… |
| CVE-2023-49897 | FXC AE1021, AE1021PE OS Command Injection Vulnerability KEVFXC | FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. |
| CVE-2023-4966 | Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability KEVCitrix | Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gatewa… |
| CVE-2023-4911 | GNU C Library Buffer Overflow Vulnerability KEVGNU | GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacke… |
| CVE-2023-49103 | ownCloud graphapi Information Disclosure Vulnerability KEVownCloud | ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrat… |
| CVE-2023-48788 | Fortinet FortiClient EMS SQL Injection Vulnerability KEVFortinet | Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted … |
| CVE-2023-4863 | Google Chromium WebP Heap-Based Buffer Overflow Vulnerability KEVGoogle | Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted H… |
| CVE-2023-48365 | Qlik Sense HTTP Tunneling Vulnerability KEVQlik | Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the … |
| CVE-2023-4762 | Google Chromium V8 Type Confusion Vulnerability KEVGoogle | Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affe… |
| CVE-2023-47565 | QNAP VioStor NVR OS Command Injection Vulnerability KEVQNAP | QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. |
| CVE-2023-47246 | SysAid Server Path Traversal Vulnerability KEVSysAid | SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. |
| CVE-2023-46805 | Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability KEVIvanti | Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web… |
| CVE-2023-46748 | F5 BIG-IP Configuration Utility SQL Injection Vulnerability KEVF5 | F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP managem… |
| CVE-2023-46747 | F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability KEVF5 | F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow a… |
| CVE-2023-46604 | Apache ActiveMQ Deserialization of Untrusted Data Vulnerability KEVApache | Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell comman… |
| CVE-2023-45727 | North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability KEVNorth Grid | North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which … |
| CVE-2023-45249 | Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability KEVAcronis | Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. |
| CVE-2023-44487 | HTTP/2 Rapid Reset Attack Vulnerability KEVIETF | HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). |
| CVE-2023-44221 | SonicWall SMA100 Appliances OS Command Injection Vulnerability KEVSonicWall | SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with… |
| CVE-2023-43770 | Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability KEVRoundcube | Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain… |
| CVE-2023-43208 | NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability KEVNextGen Healthcare | NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a special… |
| CVE-2023-43000 | Apple Multiple products Use-After-Free Vulnerability KEVApple | Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memo… |
| CVE-2023-42917 | Apple Multiple Products WebKit Memory Corruption Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web cont… |
| CVE-2023-42916 | Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability KEVApple | Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously cra… |
| CVE-2023-42824 | Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability KEVApple | Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. |