Search

Search Results (366282 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28860 1 Cilium 1 Cilium 2025-09-02 8 High
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.
CVE-2023-5568 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2025-09-02 5.9 Medium
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2022-26083 1 Intel 1 Integrated Performance Primitives Cryptography 2025-09-02 7.5 High
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2024-28952 2 Intel, Microsoft 4 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit and 1 more 2025-09-02 6.7 Medium
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32483 1 Intel 2 Ema Software, Endpoint Management Assistant 2025-09-02 8.2 High
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29191 1 Alexxit 1 Go2rtc 2025-09-02 6.1 Medium
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.
CVE-2024-36245 1 Intel 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler 2025-09-02 6.7 Medium
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37027 1 Intel 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler 2025-09-02 6.1 Medium
Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-30266 1 Bytecodealliance 1 Wasmtime 2025-09-02 3.3 Low
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
CVE-2024-39283 1 Intel 2 Tdx Module, Tdx Module Software 2025-09-02 6 Medium
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-2748 1 Github 1 Enterprise Server 2025-09-02 4.3 Medium
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 
CVE-2023-47855 2 Intel, Netapp 3 Tdx Module, Trust Domain Extensions Module, Hci Compute Node Bios 2025-09-02 6 Medium
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-45745 2 Intel, Netapp 3 Tdx Module, Tdx Module Software, Hci Compute Node Bios 2025-09-02 7.9 High
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21801 1 Intel 1 Tdx Module 2025-09-02 7.1 High
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-33607 1 Intel 2 Tdx Module, Tdx Module Software 2025-09-02 5.6 Medium
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-1908 1 Github 1 Enterprise Server 2025-09-02 6.3 Medium
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. 
CVE-2024-27290 1 Jhpyle 1 Docassemble 2025-09-02 6.1 Medium
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.
CVE-2024-27291 1 Jhpyle 1 Docassemble 2025-09-02 6.1 Medium
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.
CVE-2024-27292 1 Jhpyle 1 Docassemble 2025-09-02 7.5 High
Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.
CVE-2024-28244 1 Katex 1 Katex 2025-09-02 6.5 Medium
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.