Export limit exceeded: 10231 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359701 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 25981 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25981 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21558 | 1 Microsoft | 17 Windows 10, Windows 10 1507, Windows 10 1607 and 14 more | 2025-01-01 | 7.8 High |
| Windows Error Reporting Service Elevation of Privilege Vulnerability | ||||
| CVE-2023-21550 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 5.5 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2023-21540 | 1 Microsoft | 13 Windows 10 1809, Windows 10 20h2, Windows 10 20h2 and 10 more | 2025-01-01 | 5.5 Medium |
| Windows Cryptographic Information Disclosure Vulnerability | ||||
| CVE-2024-38194 | 1 Microsoft | 1 Azure Web Apps | 2024-12-31 | 8.4 High |
| An authenticated attacker can exploit an improper authorization vulnerability in Azure Web Apps to elevate privileges over a network. | ||||
| CVE-2024-43455 | 1 Microsoft | 10 Windows Server 2008, Windows Server 2008 R2, Windows Server 2008 Sp2 and 7 more | 2024-12-31 | 8.8 High |
| Windows Remote Desktop Licensing Service Spoofing Vulnerability | ||||
| CVE-2024-38245 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38244 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38243 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38234 | 1 Microsoft | 25 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 22 more | 2024-12-31 | 6.5 Medium |
| Windows Networking Denial of Service Vulnerability | ||||
| CVE-2024-38046 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| PowerShell Elevation of Privilege Vulnerability | ||||
| CVE-2024-38241 | 1 Microsoft | 20 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 17 more | 2024-12-31 | 7.8 High |
| Kernel Streaming Service Driver Elevation of Privilege Vulnerability | ||||
| CVE-2024-38230 | 1 Microsoft | 5 Windows Server 2012, Windows Server 2012 R2, Windows Server 2016 and 2 more | 2024-12-31 | 6.5 Medium |
| Windows Standards-Based Storage Management Service Denial of Service Vulnerability | ||||
| CVE-2024-38216 | 1 Microsoft | 1 Azure Stack Hub | 2024-12-31 | 8.2 High |
| Azure Stack Hub Elevation of Privilege Vulnerability | ||||
| CVE-2024-27315 | 1 Apache | 1 Superset | 2024-12-31 | 4.3 Medium |
| An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. | ||||
| CVE-2023-2820 | 1 Proofpoint | 1 Threat Response Auto Pull | 2024-12-27 | 6.1 Medium |
| An information disclosure vulnerability in the faye endpoint in Proofpoint Threat Response / Threat Response Auto-Pull (PTR/TRAP) could be used by an attacker on an adjacent network to obtain credentials to integrated services via a man-in-the-middle position or cryptanalysis of the session traffic. An attacker could use these credentials to impersonate PTR/TRAP to these services. All versions prior to 5.10.0 are affected. | ||||
| CVE-2023-7012 | 1 Google | 1 Chrome | 2024-12-26 | 9.6 Critical |
| Insufficient data validation in Permission Prompts in Google Chrome prior to 117.0.5938.62 allowed an attacker who convinced a user to install a malicious app to potentially perform a sandbox escape via a malicious file. (Chromium security severity: Medium) | ||||
| CVE-2024-7339 | 2 Provision-isr, Tvt | 12 Sh-4050a5-5l\(mm\), Sh-4050a5-5l\(mm\) Firmware, Avision Av108t and 9 more | 2024-12-20 | 5.3 Medium |
| A vulnerability has been found in TVT DVR TD-2104TS-CL, DVR TD-2108TS-HP, Provision-ISR DVR SH-4050A5-5L(MM) and AVISION DVR AV108T and classified as problematic. This vulnerability affects unknown code of the file /queryDevInfo. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-273262 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-42424 | 1 Dell | 4 7920 Xl Rack, 7920 Xl Rack Firmware, Precision 7920 Rack and 1 more | 2024-12-20 | 5.3 Medium |
| Dell Precision Rack, 14G Intel BIOS versions prior to 2.22.2, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2024-38303 | 1 Dell | 62 Dss 8440, Dss 8440 Firmware, Emc Storage Nx3240 and 59 more | 2024-12-20 | 5.3 Medium |
| Dell PowerEdge Platform, 14G Intel BIOS version(s) prior to 2.22.x, contains an Improper Input Validation vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | ||||
| CVE-2020-3393 | 1 Cisco | 128 1100-4g Integrated Services Router, 1100-4gltegb Integrated Services Router, 1100-4gltena Integrated Services Router and 125 more | 2024-12-19 | 6 Medium |
| A vulnerability in the application-hosting subsystem of Cisco IOS XE Software could allow an authenticated, local attacker to elevate privileges to root on an affected device. The attacker could execute IOS XE commands outside the application-hosting subsystem Docker container as well as on the underlying Linux operating system. These commands could be run as the root user. The vulnerability is due to a combination of two factors: (a) incomplete input validation of the user payload of CLI commands, and (b) improper role-based access control (RBAC) when commands are issued at the command line within the application-hosting subsystem. An attacker could exploit this vulnerability by using a CLI command with crafted user input. A successful exploit could allow the lower-privileged attacker to execute arbitrary CLI commands with root privileges. The attacker would need valid user credentials to exploit this vulnerability. | ||||