Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2916 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39312 | 1 Trueranker | 1 True Ranker | 2025-01-31 | 7.5 High |
| The True Ranker plugin <= 2.2.2 for WordPress allows arbitrary files, including sensitive configuration files such as wp-config.php, to be accessed via the src parameter found in the ~/admin/vendor/datatables/examples/resources/examples.php file. | ||||
| CVE-2023-2356 | 1 Lfprojects | 1 Mlflow | 2025-01-30 | 7.5 High |
| Relative Path Traversal in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
| CVE-2023-2479 | 1 Appium | 1 Appium-desktop | 2025-01-30 | 9.8 Critical |
| OS Command Injection in GitHub repository appium/appium-desktop prior to v1.22.3-4. | ||||
| CVE-2023-1730 | 1 Supportcandy | 1 Supportcandy | 2025-01-30 | 9.8 Critical |
| The SupportCandy WordPress plugin before 3.1.5 does not validate and escape user input before using it in an SQL statement, which could allow unauthenticated attackers to perform SQL injection attacks | ||||
| CVE-2024-40422 | 1 Stitionai | 1 Devika | 2025-01-29 | 9.1 Critical |
| The snapshot_path parameter in the /api/get-browser-snapshot endpoint in stitionai devika v1 is susceptible to a path traversal attack. An attacker can manipulate the snapshot_path parameter to traverse directories and access sensitive files on the server. This can potentially lead to unauthorized access to critical system files and compromise the confidentiality and integrity of the system. | ||||
| CVE-2023-31478 | 1 Gl-inet | 64 Gl-a1300, Gl-a1300 Firmware, Gl-ap1300 and 61 more | 2025-01-29 | 7.5 High |
| An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key. | ||||
| CVE-2023-30013 | 1 Totolink | 2 X5000r, X5000r Firmware | 2025-01-29 | 9.8 Critical |
| TOTOLINK X5000R V9.1.0u.6118_B20201102 and V9.1.0u.6369_B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter. | ||||
| CVE-2023-32235 | 1 Ghost | 1 Ghost | 2025-01-29 | 7.5 High |
| Ghost before 5.42.1 allows remote attackers to read arbitrary files within the active theme's folder via /assets/built%2F..%2F..%2F/ directory traversal. This occurs in frontend/web/middleware/static-theme.js. | ||||
| CVE-2023-28128 | 1 Ivanti | 1 Avalanche | 2025-01-28 | 7.2 High |
| An unrestricted upload of file with dangerous type vulnerability exists in Avalanche versions 6.3.x and below that could allow an attacker to achieve a remove code execution. | ||||
| CVE-2023-2648 | 1 Weaver | 1 E-office | 2025-01-24 | 6.3 Medium |
| A vulnerability was found in Weaver E-Office 9.5. It has been classified as critical. This affects an unknown part of the file /inc/jquery/uploadify/uploadify.php. The manipulation of the argument Filedata leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-228777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-1698 | 1 Wago | 14 Compact Controller 100, Compact Controller 100 Firmware, Edge Controller and 11 more | 2025-01-23 | 9.8 Critical |
| In multiple products of WAGO a vulnerability allows an unauthenticated, remote attacker to create new users and change the device configuration which can result in unintended behaviour, Denial of Service and full system compromise. | ||||
| CVE-2023-21554 | 1 Microsoft | 12 Windows 10 1607, Windows 10 1809, Windows 10 20h2 and 9 more | 2025-01-23 | 9.8 Critical |
| Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | ||||
| CVE-2024-29973 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2024-29972 | 1 Zyxel | 4 Nas326, Nas326 Firmware, Nas542 and 1 more | 2025-01-22 | 9.8 Critical |
| ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program "remote_help-cgi" in Zyxel NAS326 firmware versions before V5.21(AAZF.17)C0 and NAS542 firmware versions before V5.21(ABAG.14)C0 could allow an unauthenticated attacker to execute some operating system (OS) commands by sending a crafted HTTP POST request. | ||||
| CVE-2023-2780 | 1 Lfprojects | 1 Mlflow | 2025-01-22 | 9.8 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.3.1. | ||||
| CVE-2024-2022 | 1 Netentsec | 1 Application Security Gateway | 2025-01-21 | 6.3 Medium |
| A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-29919 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-01-17 | 9.8 Critical |
| SolarView Compact <= 6.0 is vulnerable to Insecure Permissions. Any file on the server can be read or modified because texteditor.php is not restricted. | ||||
| CVE-2024-5806 | 1 Progress | 1 Moveit Transfer | 2025-01-16 | 9.1 Critical |
| Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | ||||
| CVE-2023-2825 | 1 Gitlab | 1 Gitlab | 2025-01-15 | 10 Critical |
| An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups. | ||||
| CVE-2023-33440 | 1 Faculty Evaluation System Project | 1 Faculty Evaluation System | 2025-01-14 | 7.2 High |
| Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via /eval/ajax.php?action=save_user. | ||||