Search

Search Results (314234 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2025-23366 1 Redhat 4 Hal Management Console, Jboss Data Grid, Jboss Enterprise Application Platform and 1 more 2025-10-14 6.5 Medium
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups “SuperUser”, “Admin”, or “Maintainer”.
CVE-2024-5532 1 Microfocus 1 Operations Agent 2025-10-14 4.8 Medium
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenText™ Operations Agent.  The XSS vulnerability could allow an attacker with local admin permissions to manipulate the content of the internal status page of the Agent on the local system. This issue affects Operations Agent: 12.20, 12.21, 12.22, 12.23, 12.24, 12.25, 12.26.
CVE-2024-20906 1 Oracle 1 Integrated Lights Out Manager Firmware 2025-10-14 4.8 Medium
Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).
CVE-2024-28804 1 Italtel 1 I-mcs Nfv 2025-10-14 7.1 High
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Stored Cross-site scripting (XSS) can occur via POST.
CVE-2024-28806 1 Italtel 1 I-mcs Nfv 2025-10-14 7.5 High
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. Remote unauthenticated attackers can upload files at an arbitrary path.
CVE-2024-34399 1 Bmc 1 Remedy Mid-tier 2025-10-14 9.8 Critical
**UNSUPPORTED WHEN ASSIGNED** An issue was discovered in BMC Remedy Mid Tier 7.6.04. An unauthenticated remote attacker is able to access any user account without using any password. NOTE: This vulnerability only affects products that are no longer supported by the maintainer and the impacted version for this vulnerability is 7.6.04 only.
CVE-2024-34398 1 Bmc 1 Remedy Mid-tier 2025-10-14 4.2 Medium
An issue was discovered in BMC Remedy Mid Tier 7.6.04. The web application allows stored HTML Injection by authenticated remote attackers.
CVE-2024-0799 1 Arcserve 1 Udp 2025-10-14 9.8 Critical
An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin.
CVE-2024-28805 1 Italtel 1 I-mcs Nfv 2025-10-14 9.1 Critical
An issue was discovered in Italtel i-MCS NFV 12.1.0-20211215. There is Incorrect Access Control.
CVE-2024-36353 2025-10-14 6.5 Medium
Insufficient clearing of GPU global memory could allow a malicious process running on the same GPU to read left over memory values potentially leading to loss of confidentiality.
CVE-2025-6264 1 Rapid7 1 Velociraptor 2025-10-14 5.5 Medium
Velociraptor allows collection of VQL queries packaged into Artifacts from endpoints. These artifacts can be used to do anything and usually run with elevated permissions.  To limit access to some dangerous artifact, Velociraptor allows for those to require high permissions like EXECVE to launch. The Admin.Client.UpdateClientConfig is an artifact used to update the client's configuration. This artifact did not enforce an additional required permission, allowing users with COLLECT_CLIENT permissions (normally given by the "Investigator" role) to collect it from endpoints and update the configuration. This can lead to arbitrary command execution and endpoint takeover. To successfully exploit this vulnerability the user must already have access to collect artifacts from the endpoint (i.e. have the COLLECT_CLIENT given typically by the "Investigator' role).
CVE-2024-28803 1 Italtel 1 I-mcs Nfv 2025-10-14 6.1 Medium
Cross-site scripting (XSS) vulnerability in Italtel S.p.A. i-MCS NFV v.12.1.0-20211215 allows unauthenticated remote attackers to inject arbitrary web script or HTML into HTTP/POST parameter
CVE-2024-52949 2 Iptraf-ng, Redhat 2 Iptraf-ng, Enterprise Linux 2025-10-14 7.5 High
iptraf-ng 1.2.1 has a stack-based buffer overflow. In src/ifaces.c, the strcpy function consistently fails to control the size, and it is consequently possible to overflow memory on the stack.
CVE-2024-0800 1 Arcserve 1 Udp 2025-10-14 8.8 High
A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet.
CVE-2024-0801 1 Arcserve 1 Udp 2025-10-14 7.5 High
A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll.
CVE-2024-25651 1 Delinea 1 Secret Server 2025-10-14 5.3 Medium
User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint.
CVE-2025-1534 1 Payara 1 Payara 2025-10-14 5.4 Medium
CVE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0, from 6.0.0 before 6.23.0, from 6.2022.1 before 6.2025.2.
CVE-2024-25653 1 Delinea 1 Secret Server 2025-10-14 4.3 Medium
Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI.
CVE-2025-24949 1 Joturl 1 Joturl 2025-10-14 6.5 Medium
In JotUrl 2.0, is possible to bypass security requirements during the password change process.
CVE-2025-23368 1 Redhat 10 Build Keycloak, Data Grid, Integration and 7 more 2025-10-14 8.1 High
A flaw was found in Wildfly Elytron integration. The component does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks via CLI.