Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-43971 1 Osrg 1 Gobgp 2025-05-08 8.6 High
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVE-2025-43973 1 Osrg 1 Gobgp 2025-05-08 6.8 Medium
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVE-2025-43972 1 Osrg 1 Gobgp 2025-05-08 6.8 Medium
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
CVE-2024-25642 1 Sap 1 Cloud Connector 2025-05-08 7.4 High
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
CVE-2025-43970 1 Osrg 1 Gobgp 2025-05-08 4.3 Medium
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
CVE-2024-21406 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2025-05-08 7.5 High
Windows Printing Service Spoofing Vulnerability
CVE-2024-1354 1 Github 1 Enterprise Server 2025-05-08 8 High
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-24697 1 Zoom 4 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 1 more 2025-05-08 7.2 High
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-24481 1 Intel 1 Thunderbolt Dch Driver 2025-05-08 6.3 Medium
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2023-46186 1 Ibm 1 Jazz For Service Management 2025-05-08 5.3 Medium
IBM Jazz for Service Management 1.1.3.20 could allow an unauthorized user to obtain sensitive file information using forced browsing due to improper access controls. IBM X-Force ID: 269929.
CVE-2024-24990 1 F5 2 Nginx Open Source, Nginx Plus 2025-05-08 7.5 High
When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
CVE-2024-0568 1 Se 4 Renf22r2mmw, Renf22r2mmw Firmware, Rmnf22tb30 and 1 more 2025-05-08 8.8 High
CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication.
CVE-2022-42206 1 Phpgurukul 1 Hospital Management System 2025-05-08 5.4 Medium
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via doctor/view-patient.php, admin/view-patient.php, and view-medhistory.php.
CVE-2022-42205 1 Phpgurukul 1 Hospital Management System 2025-05-08 5.4 Medium
PHPGurukul Hospital Management System In PHP V 4.0 is vulnerable to Cross Site Scripting (XSS) via add-patient.php.
CVE-2022-37454 9 Debian, Extended Keccak Code Package Project, Fedoraproject and 6 more 9 Debian Linux, Extended Keccak Code Package, Fedora and 6 more 2025-05-08 9.8 Critical
The Keccak XKCP SHA-3 reference implementation before fdc6fef has an integer overflow and resultant buffer overflow that allows attackers to execute arbitrary code or eliminate expected cryptographic properties. This occurs in the sponge function interface.
CVE-2024-22917 1 Lopalopa 1 Dynamic Lab Management System 2025-05-08 8.6 High
SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-39718 1 Veeam 1 Veeam Backup \& Replication 2025-05-08 8.1 High
An improper input validation vulnerability that allows a low-privileged user to remotely remove files on the system with permissions equivalent to those of the service account.
CVE-2024-26492 1 Oretnom23 1 Online Diagnostic Lab Management System 2025-05-08 6.3 Medium
An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters.
CVE-2024-21114 1 Oracle 1 Vm Virtualbox 2025-05-08 8.8 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2024-21110 1 Oracle 1 Vm Virtualbox 2025-05-08 7.3 High
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are Prior to 7.0.16. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H).