Export limit exceeded: 366284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366284 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28233 1 Jupyter 1 Jupyterhub 2025-09-02 8.1 High
JupyterHub is an open source multi-user server for Jupyter notebooks. By tricking a user into visiting a malicious subdomain, the attacker can achieve an XSS directly affecting the former's session. More precisely, in the context of JupyterHub, this XSS could achieve full access to JupyterHub API and user's single-user server. The affected configurations are single-origin JupyterHub deployments and JupyterHub deployments with user-controlled applications running on subdomains or peer subdomains of either the Hub or a single-user server. This vulnerability is fixed in 4.1.0.
CVE-2024-39284 1 Intel 2 Advisor, Oneapi Base Toolkit 2025-09-02 6.7 Medium
Uncontrolled search path for some Intel(R) Advisor software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28860 1 Cilium 1 Cilium 2025-09-02 8 High
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Users of IPsec transparent encryption in Cilium may be vulnerable to cryptographic attacks that render the transparent encryption ineffective. In particular, Cilium is vulnerable to chosen plaintext, key recovery, replay attacks by a man-in-the-middle attacker. These attacks are possible due to an ESP sequence number collision when multiple nodes are configured with the same key. Fixed versions of Cilium use unique keys for each IPsec tunnel established between nodes, resolving all of the above attacks. This vulnerability is fixed in 1.13.13, 1.14.9, and 1.15.3.
CVE-2023-5568 2 Redhat, Samba 3 Enterprise Linux, Storage, Samba 2025-09-02 5.9 Medium
A heap-based Buffer Overflow flaw was discovered in Samba. It could allow a remote, authenticated attacker to exploit this vulnerability to cause a denial of service.
CVE-2022-26083 1 Intel 1 Integrated Performance Primitives Cryptography 2025-09-02 7.5 High
Generation of weak initialization vector in an Intel(R) IPP Cryptography software library before version 2021.5 may allow an unauthenticated user to potentially enable information disclosure via local access.
CVE-2024-28952 2 Intel, Microsoft 4 Integrated Performance Primitives, Ipp Software, Oneapi Base Toolkit and 1 more 2025-09-02 6.7 Medium
Uncontrolled search path for some Intel(R) IPP software for Windows before version 2021.12.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-32483 1 Intel 2 Ema Software, Endpoint Management Assistant 2025-09-02 8.2 High
Improper access control for some Intel(R) EMA software before version 1.13.1.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-29191 1 Alexxit 1 Go2rtc 2025-09-02 6.1 Medium
gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The links page (`links.html`) appends the `src` GET parameter (`[0]`) in all of its links for 1-click previews. The context in which `src` is being appended is `innerHTML` (`[1]`), which will insert the text as HTML. Commit 3b3d5b033aac3a019af64f83dec84f70ed2c8aba contains a patch for the issue.
CVE-2024-36245 1 Intel 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler 2025-09-02 6.7 Medium
Uncontrolled search path element in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-37027 1 Intel 3 Oneapi Base Toolkit, System Bring-up Toolkit, Vtune Profiler 2025-09-02 6.1 Medium
Improper Input validation in some Intel(R) VTune(TM) Profiler software before version 2024.2.0 may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-30266 1 Bytecodealliance 1 Wasmtime 2025-09-02 3.3 Low
wasmtime is a runtime for WebAssembly. The 19.0.0 release of Wasmtime contains a regression introduced during its development which can lead to a guest WebAssembly module causing a panic in the host runtime. A valid WebAssembly module, when executed at runtime, may cause this panic. This vulnerability has been patched in version 19.0.1.
CVE-2024-39283 1 Intel 2 Tdx Module, Tdx Module Software 2025-09-02 6 Medium
Incomplete filtering of special elements in Intel(R) TDX module software before version TDX_1.5.01.00.592 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-2748 1 Github 1 Enterprise Server 2025-09-02 4.3 Medium
A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. 
CVE-2023-47855 2 Intel, Netapp 3 Tdx Module, Trust Domain Extensions Module, Hci Compute Node Bios 2025-09-02 6 Medium
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2023-45745 2 Intel, Netapp 3 Tdx Module, Tdx Module Software, Hci Compute Node Bios 2025-09-02 7.9 High
Improper input validation in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21801 1 Intel 1 Tdx Module 2025-09-02 7.1 High
Insufficient control flow management in some Intel(R) TDX module software before version 1.5.05.46.698 may allow a privileged user to potentially enable denial of service via local access.
CVE-2024-33607 1 Intel 2 Tdx Module, Tdx Module Software 2025-09-02 5.6 Medium
Out-of-bounds read in some Intel(R) TDX module software before version TDX_1.5.07.00.774 may allow an authenticated user to potentially enable information disclosure via local access.
CVE-2024-1908 1 Github 1 Enterprise Server 2025-09-02 6.3 Medium
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. 
CVE-2024-27290 1 Jhpyle 1 Docassemble 2025-09-02 6.1 Medium
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch.
CVE-2024-27291 1 Jhpyle 1 Docassemble 2025-09-02 6.1 Medium
Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch.