Export limit exceeded: 367003 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26484 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-40457 1 Extremenetworks 1 Extremeos 2026-04-15 N/A
The BGP daemon in Extreme Networks ExtremeXOS (aka EXOS) 30.7.1.1 allows an attacker (who is not on a directly connected network) to cause a denial of service (BGP session reset) because of BGP attribute error mishandling (for attribute 21 and 25). NOTE: the vendor disputes this because it is "evaluating support for RFC 7606 as a future feature" and believes that "customers that have chosen to not require or implement RFC 7606 have done so willingly and with knowledge of what is needed to defend against these types of attacks."
CVE-2024-30263 1 Xwikisas 1 Macro Pdfviewer 2026-04-15 7.7 High
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. Users with edit rights can access restricted PDF attachments using the PDF Viewer macro, just by passing the attachment URL as the value of the ``file`` parameter. Users with view rights can access restricted PDF attachments if they are shown on public pages where the PDF Viewer macro is called using the attachment URL instead of its reference. This vulnerability has been patched in version 2.5.1.
CVE-2024-22260 1 Vmware 1 Workspace One Uem 2026-04-15 6.8 Medium
VMware Workspace One UEM update addresses an information exposure vulnerability.  A malicious actor with network access to the Workspace One UEM may be able to perform an attack resulting in an information exposure.
CVE-2023-38654 2026-04-15 8.2 High
Improper input validation for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.
CVE-2024-22271 2026-04-15 8.2 High
In Spring Cloud Function framework, versions 4.1.x prior to 4.1.2, 4.0.x prior to 4.0.8 an application is vulnerable to a DOS attack when attempting to compose functions with non-existing functions. Specifically, an application is vulnerable when all of the following are true: User is using Spring Cloud Function Web module Affected Spring Products and Versions Spring Cloud Function Framework 4.1.0 to 4.1.2 4.0.0 to 4.0.8 References https://spring.io/security/cve-2022-22979   https://checkmarx.com/blog/spring-function-cloud-dos-cve-2022-22979-and-unintended-function-invocation/  History 2020-01-16: Initial vulnerability report published.
CVE-2024-28285 1 Cryptopp 1 Crypto\+\+ 2026-04-15 9.8 Critical
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate privileges.
CVE-2024-28188 1 Jupyter 1 Scheduler 2026-04-15 5.3 Medium
Jupyter Scheduler is collection of extensions for programming jobs to run now or run on a schedule. The list of conda environments of `jupyter-scheduler` users maybe be exposed, potentially revealing information about projects that a specific user may be working on. This vulnerability has been patched in version(s) 1.1.6, 1.2.1, 1.8.2 and 2.5.2.
CVE-2024-2371 2026-04-15 6.2 Medium
Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials.
CVE-2024-2756 2 Php, Redhat 2 Archive Tar, Enterprise Linux 2026-04-15 6.5 Medium
Due to an incomplete fix to CVE-2022-31629 https://github.com/advisories/GHSA-c43m-486j-j32p , network and same-site attackers can set a standard insecure cookie in the victim's browser which is treated as a __Host- or __Secure- cookie by PHP applications.
CVE-2024-2746 2026-04-15 8.8 High
Incomplete fix for CVE-2024-1929 The problem with CVE-2024-1929 was that the dnf5 D-Bus daemon accepted arbitrary configuration parameters from unprivileged users, which allowed a local root exploit by tricking the daemon into loading a user controlled "plugin". All of this happened before Polkit authentication was even started. The dnf5 library code does not check whether non-root users control the directory in question.  On one hand, this poses a Denial-of-Service attack vector by making the daemonoperate on a blocking file (e.g. named FIFO special file) or a very large file that causes an out-of-memory situation (e.g. /dev/zero). On the other hand, this can be used to let the daemon process privileged files like /etc/shadow. The file in question is parsed as an INI file. Error diagnostics resulting from parsing privileged files could cause information leaks, if these diagnostics are accessible to unprivileged users. In the case of libdnf5, no such user accessible diagnostics should exist, though. Also, a local attacker can place a valid repository configuration file in this directory. This configuration file allows to specify a plethora of additional configuration options. This makes various additional code paths in libdnf5 accessible to the attacker.
CVE-2023-34440 1 Redhat 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more 2026-04-15 7.5 High
Improper input validation in UEFI firmware for some Intel(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-25116 2026-04-15 5.5 Medium
RedisBloom adds a set of probabilistic data structures to Redis. Starting in version 2.0.0 and prior to version 2.4.7 and 2.6.10, authenticated users can use the `CF.RESERVE` command to trigger a runtime assertion and termination of the Redis server process. The problem is fixed in RedisBloom 2.4.7 and 2.6.10.
CVE-2023-34424 2026-04-15 4.4 Medium
Improper input validation in firmware for some Intel(R) CSME may allow a privileged user to potentially enable denial of service via local access.
CVE-2023-32633 2026-04-15 6.7 Medium
Improper input validation in the Intel(R) CSME installer software before version 2328.5.5.0 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-2689 2026-04-15 4.4 Medium
Denial of Service in Temporal Server prior to version 1.20.5, 1.21.6, and 1.22.7 allows an authenticated user who has permissions to interact with workflows and has crafted an invalid UTF-8 string for submission to potentially cause a crashloop. If left unchecked, the task containing the invalid UTF-8 will become stuck in the queue, causing an increase in queue lag. Eventually, all processes handling these queues will become stuck and the system will run out of resources. The workflow ID of the failing task will be visible in the logs, and can be used to remove that workflow as a mitigation. Version 1.23 is not impacted. In this context, a user is an operator of Temporal Server.
CVE-2024-25290 1 Casa Systems 1 Nl1901acv 2026-04-15 8 High
An issue in Casa Systems NL1901ACV R6B032 allows a remote attacker to execute arbitrary code via the userName parameter of the add function.
CVE-2023-1973 1 Redhat 2 Jboss Enterprise Application Platform, Jboss Enterprise Application Platform Eus 2026-04-15 7.5 High
A flaw was found in Undertow package. Using the FormAuthenticationMechanism, a malicious user could trigger a Denial of Service by sending crafted requests, leading the server to an OutofMemory error, exhausting the server's memory.
CVE-2020-25836 2026-04-15 6.3 Medium
Exposure of Sensitive Information to an Unauthorized Access vulnerability in OpenText NetIQ Directory and Resource Administrator. This issue affects NetIQ Directory and Resource Administrator versions prior to 10.0.2 and prior to 9.2.1 Patch 10.
CVE-2019-1815 1 Cisco 1 Meraki Mx Firmware 2026-04-15 N/A
A security vulnerability was discovered in the local status page functionality of Cisco Meraki’s MX67 and MX68 security appliance models that may allow unauthenticated individuals to access and download logs containing sensitive, privileged device information. The vulnerability is due to improper access control to the files holding debugging and maintenance information, and is only exploitable when the local status page is enabled on the device. An attacker exploiting this vulnerability may obtain access to wireless pre-shared keys, Site-to-Site VPN key and other sensitive information. Under certain circumstances, this information may allow an attacker to obtain administrative-level access to the device.
CVE-2011-10020 2026-04-15 N/A
Kaillera Server version 0.86 is vulnerable to a denial-of-service condition triggered by sending a malformed UDP packet after the initial handshake. Once a client sends a valid HELLO0.83 packet and receives a response, any subsequent malformed packet causes the server to crash and become unresponsive. This flaw stems from improper input validation in the server’s UDP packet handler, allowing unauthenticated remote attackers to disrupt service availability.