Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (1606 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-39578 1 Dell 1 Powerscale Onefs 2024-09-03 6.3 Medium
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering.
CVE-2024-5928 1 Vipre 1 Advanced Security 2024-08-23 7.8 High
VIPRE Advanced Security PMAgent Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Patch Management Agent. By creating a symbolic link, an attacker can abuse the agent to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22315.
CVE-2024-40464 1 Beego 1 Beego 2024-08-15 8.8 High
An issue in beego v.2.2.0 and before allows a remote attacker to escalate privileges via the sendMail function located in beego/core/logs/smtp.go file
CVE-2024-32931 1 Johnsoncontrols 1 Exacqvision Web Service 2024-08-09 5.7 Medium
Under certain circumstances the exacqVision Web Service can expose authentication token details within communications.
CVE-2024-41265 1 Linuxfoundation 1 Cortex 2024-08-02 7.5 High
A TLS certificate verification issue discovered in cortex v0.42.1 allows attackers to obtain sensitive information via the makeOperatorRequest function.
CVE-2024-41253 1 Goframe 1 Goframe 2024-08-01 7.1 High
goframe v2.7.2 is configured to skip TLS certificate verification, possibly allowing attackers to execute a man-in-the-middle attack via the gclient component.