Export limit exceeded: 365308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365308 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6163 1 Checkmk 1 Checkmk 2025-08-27 5.3 Medium
Certain http endpoints of Checkmk in Checkmk < 2.3.0p10 < 2.2.0p31, < 2.1.0p46, <= 2.0.0p39 allows remote attacker to bypass authentication and access data
CVE-2024-50313 1 Mendix 1 Mendix 2025-08-27 5.3 Medium
A vulnerability has been identified in Mendix Runtime V10 (All versions < V10.16.0 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.12 (All versions < V10.12.7 only if the basic authentication mechanism is used by the application), Mendix Runtime V10.6 (All versions < V10.6.15 only if the basic authentication mechanism is used by the application), Mendix Runtime V8 (All versions only if the basic authentication mechanism is used by the application), Mendix Runtime V9 (All versions < V9.24.29 only if the basic authentication mechanism is used by the application). The basic authentication implementation of affected applications contains a race condition vulnerability which could allow unauthenticated remote attackers to circumvent default account lockout measures.
CVE-2024-45673 3 Ibm, Linux, Microsoft 6 Security Verify Bridge, Security Verify Bridge Directory Sync, Security Verify Gateway For Radius and 3 more 2025-08-27 5.5 Medium
IBM Security Verify Bridge Directory Sync 1.0.1 through 1.0.12, IBM Security Verify Gateway for Windows Login 1.0.1 through 1.0.10, and IBM Security Verify Gateway for Radius 1.0.1 through 1.0.11 stores user credentials in configuration files which can be read by a local user.
CVE-2024-42471 1 Github 2 Actions\/artifact, Actions Toolkit 2025-08-27 7.3 High
actions/artifact is the GitHub ToolKit for developing GitHub Actions. Versions of `actions/artifact` on the 2.x branch before 2.1.2 are vulnerable to arbitrary file write when using `downloadArtifactInternal`, `downloadArtifactPublic`, or `streamExtractExternal` for extracting a specifically crafted artifact that contains path traversal filenames. Users are advised to upgrade to version 2.1.2 or higher. There are no known workarounds for this issue.
CVE-2024-5681 2 Schneider-electric, Schneider Electric 2 Ecostruxure Foxboro Dcs Control Core Services, Ecostruxure Foxboro Dcs Core Control Services 2025-08-27 7.8 High
CWE-20: Improper Input Validation vulnerability exists that could cause local denial-of-service, privilege escalation, and potentially kernel execution when a malicious actor with local user access crafts a script/program using an IOCTL call in the Foxboro.sys driver.
CVE-2024-51472 1 Ibm 2 Devops Deploy, Urbancode Deploy 2025-08-27 3.1 Low
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure.
CVE-2024-43499 4 Apple, Linux, Microsoft and 1 more 6 Macos, Linux Kernel, .net and 3 more 2025-08-27 7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-4872 1 Hitachienergy 3 Microscada Pro Sys600, Microscada Sys600, Microscada X Sys600 2025-08-27 8.8 High
A vulnerability exists in the query validation of the MicroSCADA Pro/X SYS600 product. If exploited this could allow an authenticated attacker to inject code towards persistent data. Note that to successfully exploit this vulnerability an attacker must have a valid credential.
CVE-2024-50570 1 Fortinet 3 Forticlient, Forticlientlinux, Forticlientwindows 2025-08-27 4.9 Medium
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector
CVE-2024-4291 1 Tenda 3 A301, A301 Firmware, Ac15 2025-08-27 8.8 High
A vulnerability was found in Tenda A301 15.13.08.12_multi_TDE01. It has been rated as critical. This issue affects the function formAddMacfilterRule of the file /goform/setBlackRule. The manipulation of the argument deviceList leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-262223. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-3980 1 Hitachienergy 3 Microscada Pro Sys600, Microscada Sys600, Microscada X Sys600 2025-08-27 8.8 High
The MicroSCADA Pro/X SYS600 product allows an authenticated user input to control or influence paths or file names that are used in filesystem operations. If exploited the vulnerability allows the attacker to access or modify system files or other files that are critical to the application.
CVE-2024-39546 1 Juniper 1 Junos Os Evolved 2025-08-27 7.3 High
A Missing Authorization vulnerability in the Socket Intercept (SI) command file interface of Juniper Networks Junos OS Evolved allows an authenticated, low-privilege local attacker to modify certain files, allowing the attacker to cause any command to execute with root privileges leading to privilege escalation ultimately compromising the system.  This issue affects Junos OS Evolved:  * All versions prior to 21.2R3-S8-EVO,  * 21.4 versions prior to  21.4R3-S6-EVO,  * 22.1 versions prior to 22.1R3-S5-EVO,  * 22.2 versions prior to 22.2R3-S3-EVO,  * 22.3 versions prior to 22.3R3-S3-EVO,  * 22.4 versions prior to 22.4R3-EVO,  * 23.2 versions prior to 23.2R2-EVO.
CVE-2024-3746 1 Measuresoft 1 Scadapro Server 2025-08-27 5.5 Medium
The entire parent directory - C:\ScadaPro and its sub-directories and files are configured by default to allow user, including unprivileged users, to write or overwrite files.
CVE-2024-39118 1 Mommyheather 1 Advanced Backups 2025-08-27 5.5 Medium
Mommy Heather Advanced Backups up to v3.5.3 allows attackers to write arbitrary files via restoring a crafted back up.
CVE-2024-30220 1 Planex 4 Mzk-mf300hp2, Mzk-mf300hp2 Firmware, Mzk-mf300n and 1 more 2025-08-27 8.8 High
Command injection vulnerability in PLANEX COMMUNICATIONS wireless LAN routers allows a network-adjacent unauthenticated attacker to execute an arbitrary command by sending a specially crafted request to a certain port. Note that MZK-MF300N is no longer supported, therefore the update for this product is not provided.
CVE-2024-30039 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 5.5 Medium
Windows Remote Access Connection Manager Information Disclosure Vulnerability
CVE-2024-30030 1 Microsoft 1 Windows Server 2008 2025-08-27 7.8 High
Win32k Elevation of Privilege Vulnerability
CVE-2024-30025 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 7.8 High
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2024-30020 1 Microsoft 14 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 11 more 2025-08-27 8.1 High
Windows Cryptographic Services Remote Code Execution Vulnerability
CVE-2024-30018 1 Microsoft 9 Windows 10 1809, Windows 10 21h2, Windows 10 22h2 and 6 more 2025-08-27 7.8 High
Windows Kernel Elevation of Privilege Vulnerability