Export limit exceeded: 363318 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (3176 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-49535 | 3 Adobe, Apple, Microsoft | 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more | 2025-01-23 | 6.3 Medium |
| Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that allows an attacker to provide malicious XML input containing a reference to an external entity, potentially leading to unauthorized read access outside the Acrobat sandbox. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document. | ||||
| CVE-2024-1623 | 1 Sagemcom | 2 F\@st 3686, F\@st 3686 Firmware | 2025-01-23 | 7.7 High |
| Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. | ||||
| CVE-2023-33005 | 1 Jenkins | 1 Wso2 Oauth | 2025-01-23 | 5.4 Medium |
| Jenkins WSO2 Oauth Plugin 1.0 and earlier does not invalidate the previous session on login. | ||||
| CVE-2023-2161 | 1 Schneider-electric | 1 Opc Factory Server | 2025-01-22 | 5 Medium |
| A CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause unauthorized read access to the file system when a malicious configuration file is loaded on to the software by a local user. | ||||
| CVE-2023-23759 | 1 Facebook | 1 Fizz | 2025-01-21 | 7.5 High |
| There is a vulnerability in the fizz library prior to v2023.01.30.00 where a CHECK failure can be triggered remotely. This behavior requires the client supported cipher advertisement changing between the original ClientHello and the second ClientHello, crashing the process (impact is limited to denial of service). | ||||
| CVE-2024-3486 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to information disclosure and remote code execution. | ||||
| CVE-2024-3969 | 1 Microfocus | 1 Imanager | 2025-01-21 | 7.8 High |
| XML External Entity injection vulnerability found in OpenText™ iManager 3.2.6.0200. This could lead to remote code execution by parsing untrusted XML payload | ||||
| CVE-2022-46300 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-45468 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-45121 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-43512 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-41696 | 1 Visam | 1 Vbase Automation Base | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-45876 | 1 Visam | 1 Vbase | 2025-01-17 | 5.5 Medium |
| Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file. | ||||
| CVE-2022-41221 | 1 Opentext | 1 Archive Center Administration | 2025-01-17 | 7.1 High |
| The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would cause a negative security impact such as data exfiltration or localized denial of service against the application instance and system of the user running it. | ||||
| CVE-2023-3256 | 1 Advantech | 1 R-seenet | 2025-01-16 | 8.8 High |
| Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files. | ||||
| CVE-2024-4357 | 1 Progress | 1 Telerik Reporting | 2025-01-16 | 6.5 Medium |
| An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | ||||
| CVE-2023-32318 | 1 Nextcloud | 1 Nextcloud Server | 2025-01-14 | 7.2 High |
| Nextcloud server provides a home for data. A regression in the session handling between Nextcloud Server and the Nextcloud Text app prevented a correct destruction of the session on logout if cookies were not cleared manually. After successfully authenticating with any other account the previous session would be continued and the attacker would be authenticated as the previously logged in user. It is recommended that the Nextcloud Server is upgraded to 25.0.6 or 26.0.1. | ||||
| CVE-2020-27650 | 1 Synology | 3 Diskstation Manager, Skynas, Skynas Firmware | 2025-01-14 | 5.8 Medium |
| Synology DiskStation Manager (DSM) before 6.2.3-25426-2 does not set the Secure flag for the session cookie in an HTTPS session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an HTTP session. | ||||
| CVE-2023-33199 | 1 Linuxfoundation | 1 Rekor | 2025-01-14 | 5.3 Medium |
| Rekor's goals are to provide an immutable tamper resistant ledger of metadata generated within a software projects supply chain. A malformed proposed entry of the `intoto/v0.0.2` type can cause a panic on a thread within the Rekor process. The thread is recovered so the client receives a 500 error message and service still continues, so the availability impact of this is minimal. This has been fixed in v1.2.0 of Rekor. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2023-33188 | 1 Omninotes | 1 Omni Notes | 2025-01-14 | 6.3 Medium |
| Omni-notes is an open source note-taking application for Android. The Omni-notes Android app had an insufficient path validation vulnerability when displaying the details of a note received through an externally-provided intent. The paths of the note's attachments were not properly validated, allowing malicious or compromised applications in the same device to force Omni-notes to copy files from its internal storage to its external storage directory, where they would have become accessible to any component with permission to read the external storage. Updating to the newest version (6.2.7) of Omni-notes Android fixes this vulnerability. | ||||