Export limit exceeded: 351254 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (2345 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-35392 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.7 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-29334 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-24935 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 6.1 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2023-24892 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 8.2 High |
| Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability | ||||
| CVE-2023-21794 | 1 Microsoft | 1 Edge Chromium | 2025-02-28 | 4.3 Medium |
| Microsoft Edge (Chromium-based) Spoofing Vulnerability | ||||
| CVE-2021-31209 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
| Microsoft Exchange Server Spoofing Vulnerability | ||||
| CVE-2021-31195 | 1 Microsoft | 1 Exchange Server | 2025-02-28 | 6.5 Medium |
| Microsoft Exchange Server Remote Code Execution Vulnerability | ||||
| CVE-2024-43201 | 4 Apple, Google, Planet Fitness and 1 more | 4 Iphone Os, Android, Planet Fitness Workouts and 1 more | 2025-02-28 | 8.8 High |
| The Planet Fitness Workouts iOS and Android mobile apps fail to properly validate TLS certificates, allowing an attacker with appropriate network access to obtain session tokens and sensitive information. Planet Fitness first addressed this vulnerability in version 9.8.12 (released on 2024-07-25) and more recently in version 9.9.13 (released on 2025-02-11). | ||||
| CVE-2023-22943 | 1 Splunk | 2 Add-on Builder, Cloudconnect Software Development Kit | 2025-02-28 | 4.8 Medium |
| In Splunk Add-on Builder (AoB) versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs. | ||||
| CVE-2023-1537 | 1 Answer | 1 Answer | 2025-02-27 | 9.8 Critical |
| Authentication Bypass by Capture-replay in GitHub repository answerdev/answer prior to 1.0.6. | ||||
| CVE-2021-21548 | 1 Dell | 3 Emc Unisphere For Powermax, Emc Unisphere For Powermax Virtual Appliance, Powermax Os | 2025-02-26 | 7.4 High |
| Dell EMC Unisphere for PowerMax versions before 9.1.0.27, Dell EMC Unisphere for PowerMax Virtual Appliance versions before 9.1.0.27, and PowerMax OS Release 5978 contain an improper certificate validation vulnerability. An unauthenticated remote attacker may potentially exploit this vulnerability to carry out a man-in-the-middle attack by supplying a crafted certificate and intercepting the victim's traffic to view or modify a victim’s data in transit. | ||||
| CVE-2022-48349 | 1 Huawei | 2 Emui, Harmonyos | 2025-02-24 | 9.1 Critical |
| The control component has a spoofing vulnerability. Successful exploitation of this vulnerability may affect confidentiality and availability. | ||||
| CVE-2023-1177 | 1 Lfprojects | 1 Mlflow | 2025-02-19 | 9.3 Critical |
| Path Traversal: '\..\filename' in GitHub repository mlflow/mlflow prior to 2.2.1. | ||||
| CVE-2022-46415 | 1 Dji | 2 Spark, Spark Firmware | 2025-02-19 | 9.1 Critical |
| DJI Spark 01.00.0900 allows remote attackers to prevent legitimate terminal connections by exhausting the DHCP IP address pool. To accomplish this, the attacker would first need to connect to the device's internal Wi-Fi network (e.g., by guessing the password). Then, the attacker would need to send many DHCP request packets. | ||||
| CVE-2023-0466 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more | 2025-02-19 | 5.3 Medium |
| The function X509_VERIFY_PARAM_add0_policy() is documented to implicitly enable the certificate policy check when doing certificate verification. However the implementation of the function does not enable the check which allows certificates with invalid or incorrect policies to pass the certificate verification. As suddenly enabling the policy check could break existing deployments it was decided to keep the existing behavior of the X509_VERIFY_PARAM_add0_policy() function. Instead the applications that require OpenSSL to perform certificate policy check need to use X509_VERIFY_PARAM_set1_policies() or explicitly enable the policy check by calling X509_VERIFY_PARAM_set_flags() with the X509_V_FLAG_POLICY_CHECK flag argument. Certificate policy checks are disabled by default in OpenSSL and are not commonly used by applications. | ||||
| CVE-2023-0816 | 1 Strategy11 | 1 Formidable Form Builder | 2025-02-19 | 6.5 Medium |
| The Formidable Forms WordPress plugin before 6.1 uses several potentially untrusted headers to determine the IP address of the client, leading to IP Address spoofing and bypass of anti-spam protections. | ||||
| CVE-2023-0465 | 2 Openssl, Redhat | 4 Openssl, Enterprise Linux, Jboss Core Services and 1 more | 2025-02-18 | 5.3 Medium |
| Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | ||||
| CVE-2022-27644 | 1 Netgear | 48 Cbr40, Cbr40 Firmware, Lbr1020 and 45 more | 2025-02-18 | 8.8 High |
| This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR R6700v3 1.0.4.120_10.0.91 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-15797. | ||||
| CVE-2023-46724 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-02-13 | 8.6 High |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | ||||
| CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2025-02-13 | 4.6 Medium |
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | ||||