Search Results (34218 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-29111 1 Sap 1 Application Interface Framework 2025-02-07 3.1 Low
The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.
CVE-2023-29185 1 Sap 1 Netweaver As Abap Business Server Pages 2025-02-07 5.3 Medium
SAP NetWeaver AS for ABAP (Business Server Pages) - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
CVE-2023-28763 1 Sap 1 Netweaver Application Server Abap 2025-02-07 6.5 Medium
SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters which can consume the server's resources sufficiently to make it unavailable over the network without any user interaction.
CVE-2023-28765 1 Sap 1 Businessobjects Business Intelligence 2025-02-07 9.8 Critical
An attacker with basic privileges in SAP BusinessObjects Business Intelligence Platform (Promotion Management) - versions 420, 430, can get access to lcmbiar file and further decrypt the file. After this attacker can gain access to BI user’s passwords and depending on the privileges of the BI user, the attacker can perform operations that can completely compromise the application.
CVE-2023-27193 1 Dualspace 1 Space Clean \& Super Cleaner 2025-02-07 7.8 High
An issue found in DUALSPACE v.1.1.3 allows a local attacker to gain privileges via the key_ad_new_user_avoid_time field.
CVE-2023-24509 1 Arista 21 704x3, 7304x, 7304x3 and 18 more 2025-02-07 9.3 Critical
On affected modular platforms running Arista EOS equipped with both redundant supervisor modules and having the redundancy protocol configured with RPR or SSO, an existing unprivileged user can login to the standby supervisor as a root user, leading to a privilege escalation. Valid user credentials are required in order to exploit this vulnerability.
CVE-2024-1591 1 Beyondtrust 1 Privilege Management For Windows 2025-02-07 3.3 Low
Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues.
CVE-2024-3270 1 Thingsboard 1 Thingsboard 2025-02-07 3.8 Low
A vulnerability classified as problematic was found in ThingsBoard up to 3.6.2. This vulnerability affects unknown code of the component AdvancedFeature. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-259282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure and replied to be planning to fix this issue in version 3.7.
CVE-2024-37455 1 Brainstormforce 1 Ultimate Addons For Elementor 2025-02-07 8.8 High
Improper Privilege Management vulnerability in Brainstorm Force Ultimate Addons for Elementor allows Privilege Escalation.This issue affects Ultimate Addons for Elementor: from n/a through 1.36.31.
CVE-2024-32100 1 Sandhillsdev 1 Easy Digital Downloads 2025-02-07 5.3 Medium
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Easy Digital Downloads.This issue affects Easy Digital Downloads: from n/a through 3.2.11.
CVE-2023-6922 1 Acurax 1 Under Construction \/ Maintenance Mode 2025-02-07 4.3 Medium
The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax' function. This can allow authenticated attackers to extract sensitive data such as names and email addresses of subscribed visitors.
CVE-2024-0680 1 Wpexpertdeveloper 1 Wp Private Content Plus 2025-02-07 5.3 Medium
The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
CVE-2024-0682 1 Theandystratton 1 Pagerestrict 2025-02-07 5.3 Medium
The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts.
CVE-2024-0975 1 Brandonwamboldt 1 Wordpress Access Control 2025-02-07 5.3 Medium
The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature (when unset) and view restricted page and post content.
CVE-2023-29569 1 Cesanta 1 Mjs 2025-02-06 5.5 Medium
Cesanta MJS v2.20.0 was discovered to contain a SEGV vulnerability via ffi_cb_impl_wpwwwww at src/mjs_ffi.c. This vulnerability can lead to a Denial of Service (DoS).
CVE-2025-0510 2 Mozilla, Redhat 6 Thunderbird, Enterprise Linux, Rhel Aus and 3 more 2025-02-06 6.5 Medium
Thunderbird displayed an incorrect sender address if the From field of an email used the invalid group name syntax that is described in CVE-2024-49040. This vulnerability affects Thunderbird < 128.7 and Thunderbird < 135.
CVE-2023-30459 1 Smartptt 1 Smartptt Scada 2025-02-06 7.2 High
SmartPTT SCADA 1.1.0.0 allows remote code execution (when the attacker has administrator privileges) by writing a malicious C# script and executing it on the server (via server settings in the administrator control panel on port 8101, by default).
CVE-2023-29850 1 Slims 1 Senayan Library Management System 2025-02-06 7.5 High
SENAYAN Library Management System (SLiMS) Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information.
CVE-2018-17453 1 Gitlab 1 Gitlab 2025-02-06 5.3 Medium
An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers may have been able to obtain sensitive access-token data from Sentry logs via the GRPC::Unknown exception.
CVE-2023-28091 1 Hp 1 Oneview 2025-02-06 5.5 Medium
HPE OneView virtual appliance "Migrate server hardware" option may expose sensitive information in an HPE OneView support dump