Vulnerabilities (CVE)

Filtered by CWE-20
Total 10018 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24037 1 Karmasis 1 Infraskope Siem\+ 2024-09-16 N/A 8.2 HIGH
Karmasis Informatics Infraskope SIEM+ has an unauthenticated access vulnerability which could allow an unauthenticated attacker to obtain critical information.
CVE-2023-41061 1 Apple 3 Ipados, Iphone Os, Watchos 2024-09-16 N/A 7.8 HIGH
A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted attachment may result in arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2023-22515 1 Atlassian 2 Confluence Data Center, Confluence Server 2024-09-16 N/A 9.8 CRITICAL
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.
CVE-2022-47966 1 Zohocorp 22 Manageengine Access Manager Plus, Manageengine Ad360, Manageengine Adaudit Plus and 19 more 2024-09-16 N/A 9.8 CRITICAL
Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security protections, and the ManageEngine applications did not provide those protections. This affects Access Manager Plus before 4308, Active Directory 360 before 4310, ADAudit Plus before 7081, ADManager Plus before 7162, ADSelfService Plus before 6211, Analytics Plus before 5150, Application Control Plus before 10.1.2220.18, Asset Explorer before 6983, Browser Security Plus before 11.1.2238.6, Device Control Plus before 10.1.2220.18, Endpoint Central before 10.1.2228.11, Endpoint Central MSP before 10.1.2228.11, Endpoint DLP before 10.1.2137.6, Key Manager Plus before 6401, OS Deployer before 1.1.2243.1, PAM 360 before 5713, Password Manager Pro before 12124, Patch Manager Plus before 10.1.2220.18, Remote Access Plus before 10.1.2228.11, Remote Monitoring and Management (RMM) before 10.1.41. ServiceDesk Plus before 14004, ServiceDesk Plus MSP before 13001, SupportCenter Plus before 11026, and Vulnerability Manager Plus before 10.1.2220.18. Exploitation is only possible if SAML SSO has ever been configured for a product (for some products, exploitation requires that SAML SSO is currently active).
CVE-2021-20330 1 Mongodb 1 Mongodb 2024-09-16 4.0 MEDIUM 6.5 MEDIUM
An attacker with basic CRUD permissions on a replicated collection can run the applyOps command with specially malformed oplog entries, resulting in a potential denial of service on secondaries. This issue affects MongoDB Server v4.0 versions prior to 4.0.27; MongoDB Server v4.2 versions prior to 4.2.16; MongoDB Server v4.4 versions prior to 4.4.9.
CVE-2024-21829 2024-09-16 N/A 7.5 HIGH
Improper input validation in UEFI firmware error handler for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21871 2024-09-16 N/A 7.5 HIGH
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-21781 2024-09-16 N/A 7.2 HIGH
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to enable information disclosure or denial of service via local access.
CVE-2024-41839 1 Adobe 1 Experience Manager 2024-09-16 N/A 3.5 LOW
Adobe Experience Manager versions 6.5.20 and earlier are affected by an Improper Input Validation vulnerability that could lead to a security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and affect the integrity of the page. Exploitation of this issue requires user interaction.
CVE-2024-5989 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-09-16 N/A 9.8 CRITICAL
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVE-2024-5988 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-09-16 N/A 9.8 CRITICAL
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager® ThinServer™.
CVE-2024-5990 1 Rockwellautomation 2 Thinmanager, Thinserver 2024-09-16 N/A 7.5 HIGH
Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected device.
CVE-2024-45058 1 Portabilis 1 I-educar 2024-09-13 N/A 8.1 HIGH
i-Educar is free, fully online school management software that can be used by school secretaries, teachers, coordinators, and area managers. Prior to the 2.9 branch, an attacker with only minimal viewing privileges in the settings section is able to change their user type to Administrator (or another type with super-permissions) through a specifically crafted POST request to `/intranet/educar_usuario_cad.php`, modifying the `nivel_usuario_` parameter. The vulnerability occurs in the file located at `ieducar/intranet/educar_usuario_cad.php`, which does not check the user's current permission level before allowing changes. Commit c25910cdf11ab50e50162a49dd44bef544422b6e contains a patch for the issue.
CVE-2021-38122 1 Microfocus 1 Netiq Advanced Authentication 2024-09-13 N/A 8.2 HIGH
A Cross-Site Scripting vulnerable identified in NetIQ Advance Authentication that impacts the server functionality and disclose sensitive information. This issue affects NetIQ Advance Authentication before 6.3.5.1
CVE-2024-43455 1 Microsoft 6 Windows Server 2008, Windows Server 2012, Windows Server 2016 and 3 more 2024-09-13 N/A 9.8 CRITICAL
Windows Remote Desktop Licensing Service Spoofing Vulnerability
CVE-2024-41856 3 Adobe, Apple, Microsoft 3 Illustrator, Macos, Windows 2024-09-13 N/A 7.8 HIGH
Illustrator versions 28.5, 27.9.4, 28.6, 27.9.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2024-8073 1 Hillstonenet 1 Web Application Firewall 2024-09-12 N/A 9.8 CRITICAL
Improper Input Validation vulnerability in Hillstone Networks Hillstone Networks Web Application Firewall on 5.5R6 allows Command Injection.This issue affects Hillstone Networks Web Application Firewall: from 5.5R6-2.6.7 through 5.5R6-2.8.13.
CVE-2024-45441 1 Huawei 2 Emui, Harmonyos 2024-09-12 N/A 7.5 HIGH
Input verification vulnerability in the system service module Impact: Successful exploitation of this vulnerability will affect availability.
CVE-2024-34163 1 Intel 18 Nuc X15 Laptop Kit Lapac71g, Nuc X15 Laptop Kit Lapac71g Firmware, Nuc X15 Laptop Kit Lapac71h and 15 more 2024-09-12 N/A 8.2 HIGH
Improper input validation in firmware for some Intel(R) NUC may allow a privileged user to potentially enableescalation of privilege via local access.
CVE-2024-28947 1 Intel 1 Server Board S2600st Firmware 2024-09-12 N/A 8.2 HIGH
Improper input validation in kernel mode driver for some Intel(R) Server Board S2600ST Family firmware before version 02.01.0017 may allow a privileged user to potentially enable escalation of privilege via local access.