Export limit exceeded: 365297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 365297 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365297 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6558 1 Hms-networks 4 Anybus Compactcom 30 Module Ethernet\/ip, Anybus Compactcom 30 Module Ethernet\/ip Firmware, Anybus Compactcom 30 Module Usb Without Housing and 1 more 2025-08-27 6.3 Medium
HMS Industrial Networks Anybus-CompactCom 30 products are vulnerable to a XSS attack caused by the lack of input sanitation checks. As a consequence, it is possible to insert HTML code into input fields and store the HTML code. The stored HTML code will be embedded in the page and executed by host browser the next time the page is loaded, enabling social engineering attacks.
CVE-2024-6435 1 Rockwellautomation 1 Pavilion8 2025-08-27 8.8 High
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administrative level privileges. If exploited, an attacker could read sensitive data, and create users. For example, a malicious user with basic privileges could perform critical functions such as creating a user with elevated privileges and reading sensitive information in the “views” section.
CVE-2024-6236 2 Citrix, Netscaler 6 Netscaler Agent, Netscaler Console, Netscaler Sdx and 3 more 2025-08-27 7.5 High
Denial of Service in NetScaler Console (formerly NetScaler ADM), NetScaler Agent, and NetScaler SDX
CVE-2024-5990 1 Rockwellautomation 2 Thinmanager, Thinserver 2025-08-27 7.5 High
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
CVE-2024-5989 1 Rockwellautomation 2 Thinmanager, Thinserver 2025-08-27 9.8 Critical
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVE-2024-5988 1 Rockwellautomation 2 Thinmanager, Thinserver 2025-08-27 9.8 Critical
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVE-2024-4079 1 Ni 1 Labview 2025-08-27 7.8 High
An out of bounds read due to a missing bounds check in LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions.
CVE-2024-39883 2 Delta Electronics, Deltaww 2 Cncsoft-g2, Cncsoft-g2 2025-08-27 8.8 High
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2024-39882 2 Delta Electronics, Deltaww 2 Cncsoft-g2, Cncsoft-g2 2025-08-27 8.8 High
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2024-39881 2 Delta Electronics, Deltaww 2 Cncsoft-g2, Cncsoft-g2 2025-08-27 8.8 High
Delta Electronics CNCSoft-G2 lacks proper validation of user-supplied data, which can result in a memory corruption condition. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2024-39880 2 Delta Electronics, Deltaww 2 Cncsoft-g2, Cncsoft-g2 2025-08-27 7.8 High
Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to execute code in the context of the current process.
CVE-2024-39876 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 4 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly handle log rotation. This could allow an unauthenticated remote attacker to cause a denial of service condition through resource exhaustion on the device.
CVE-2024-39875 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 4.3 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application allows authenticated, low privilege users with the 'Manage own remote connections' permission to retrieve details about other users and group memberships.
CVE-2024-39874 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 7.5 High
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its Client Communication component. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
CVE-2024-39873 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 7.5 High
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly implement brute force protection against user credentials in its web API. This could allow an attacker to learn user credentials that are vulnerable to brute force attacks.
CVE-2024-39872 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 9.6 Critical
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected application does not properly assign rights to temporary files created during its update process. This could allow an authenticated attacker with the 'Manage firmware updates' role to escalate their privileges on the underlying OS level.
CVE-2024-39871 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 6.3 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.
CVE-2024-39870 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 6.3 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). The affected applications can be configured to allow users to manage own users. A local authenticated user with this privilege could use this modify users outside of their own scope as well as to escalate privileges.
CVE-2024-39869 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 6.5 Medium
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected products allow to upload certificates. An authenticated attacker could upload a crafted certificates leading to a permanent denial-of-service situation. In order to recover from such an attack, the offending certificate needs to be removed manually.
CVE-2024-39868 1 Siemens 1 Sinema Remote Connect Server 2025-08-27 7.6 High
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of networks for which they have no privileges.