Search Results (35577 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-36394 1 Moodle 1 Moodle 2025-03-06 9.8 Critical
In Moodle, a remote code execution risk was identified in the Shibboleth authentication plugin.
CVE-2023-22089 1 Oracle 1 Weblogic Server 2025-03-06 9.8 Critical
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
CVE-2023-30908 1 Hp 1 Oneview 2025-03-06 9.8 Critical
A remote authentication bypass issue exists in a OneView API.
CVE-2023-1203 1 Devolutions 1 Remote Desktop Manager 2025-03-06 6.5 Medium
Improper removal of sensitive data in the entry edit feature of Hub Business submodule in Devolutions Remote Desktop Manager PowerShell Module 2022.3.1.5 and earlier allows an authenticated user to access sensitive data on entries that were edited using the affected submodule.
CVE-2025-1878 1 I-drive 4 I11, I11 Firmware, I12 and 1 more 2025-03-06 3.1 Low
A vulnerability has been found in i-Drive i11 and i12 up to 20250227 and classified as problematic. This vulnerability affects unknown code of the component WiFi. The manipulation leads to use of default password. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitation appears to be difficult. It was not possible to identify the current maintainer of the product. It must be assumed that the product is end-of-life.
CVE-2023-26474 1 Xwiki 1 Xwiki 2025-03-05 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.
CVE-2023-26473 1 Xwiki 1 Xwiki 2025-03-05 6.5 Medium
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
CVE-2023-26471 1 Xwiki 1 Xwiki 2025-03-05 10 Critical
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.
CVE-2023-26108 1 Nestjs 1 Nest 2025-03-05 3.7 Low
Versions of the package @nestjs/core before 9.0.5 are vulnerable to Information Exposure via the StreamableFile pipe. Exploiting this vulnerability is possible when the client cancels a request while it is streaming a StreamableFile, the stream wrapped by the StreamableFile will be kept open.
CVE-2023-22232 1 Adobe 1 Connect 2025-03-05 5.3 Medium
Adobe Connect versions 11.4.5 (and earlier), 12.1.5 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not require user interaction.
CVE-2021-41613 1 Openrisc 2 Mor1kx, Mor1kx Firmware 2025-03-05 4.3 Medium
An issue was discovered in the controller unit of the OpenRISC mor1kx processor. The write logic of Exception Effective Address Register (EEAR) is not implemented correctly. User programs from authorized privilege levels will be unable to write to EEAR.
CVE-2023-26406 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-03-05 7.8 High
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-26408 3 Adobe, Apple, Microsoft 6 Acrobat, Acrobat Dc, Acrobat Reader and 3 more 2025-03-05 7.8 High
Adobe Acrobat Reader versions 23.001.20093 (and earlier) and 20.005.30441 (and earlier) are affected by an Improper Access Control vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2023-2679 2 Microsoft, Snowsoftware 2 Windows, Snow License Manager 2025-03-05 4.1 Medium
Data leakage in Adobe connector in Snow Software SPE 9.27.0 on Windows allows privileged user to observe other users data.
CVE-2014-125102 1 Bestwebsoft 1 Relevant 2025-03-05 4.3 Medium
A vulnerability classified as problematic was found in Bestwebsoft Relevant Plugin up to 1.0.7 on WordPress. Affected by this vulnerability is an unknown functionality of the component Thumbnail Handler. The manipulation leads to information disclosure. The attack can be launched remotely. Upgrading to version 1.0.8 is able to address this issue. The identifier of the patch is 860d1891025548cf0f5f97364c1f51a888f523c3. It is recommended to upgrade the affected component. The identifier VDB-230113 was assigned to this vulnerability.
CVE-2021-46876 1 Ibexa 1 Ez Platform Kernel 2025-03-05 5.3 Medium
An issue was discovered in eZ Publish Ibexa Kernel before 7.5.15.1. The /user/sessions endpoint can be abused to determine account existence.
CVE-2023-30630 2 Nongnu, Redhat 2 Dmidecode, Enterprise Linux 2025-03-04 7.1 High
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
CVE-2023-37412 1 Ibm 1 Aspera Faspex 2025-03-04 4.4 Medium
IBM Aspera Faspex 5.0.0 through 5.0.10 could allow a privileged user to make system changes without proper access controls.
CVE-2021-33639 1 Openatom 1 Openeuler Kernel 2025-03-04 7.5 High
REMAP cmd of SVM driver can be used to remap read only memory as read-write, then cause read only memory/file modified.
CVE-2024-45426 1 Zoom 6 Meeting Software Development Kit, Rooms, Rooms Controller and 3 more 2025-03-04 4.9 Medium
Incorrect ownership assignment in some Zoom Workplace Apps may allow a privileged user to conduct an information disclosure via network access.