Show filters
18,553 Total Results
Displaying 171-180 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Low

CVE-2024-4215

Disclosure Date: May 02, 2024 (last updated February 14, 2025)
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
1
1
Attacker Value
Unknown

CVE-2023-48795

Disclosure Date: December 18, 2023 (last updated April 30, 2024)
The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. This occurs because the SSH Binary Packet Protocol (BPP), implemented by these extensions, mishandles the handshake phase and mishandles use of sequence numbers. For example, there is an effective attack against SSH's use of ChaCha20-Poly1305 (and CBC with Encrypt-then-MAC). The bypass occurs in chacha20-poly1305@openssh.com and (if CBC is used) the -etm@openssh.com MAC algorithms. This also affects Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT, Dropbear through 2022.83, Ssh before 5.1.1 in Erlang/OTP, PuTTY before 0.80, AsyncSSH before 2.14.2, golang.org/x/crypto before 0.17.0, libssh before 0…
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
2
0
Attacker Value
High

CVE-2023-4220

Disclosure Date: November 28, 2023 (last updated December 05, 2023)
Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
Unknown

CVE-2021-34506

Disclosure Date: July 01, 2023 (last updated January 11, 2025)
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
Unknown

CVE-2021-34475

Disclosure Date: July 01, 2023 (last updated October 08, 2023)
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
High

CVE-2023-33137

Disclosure Date: June 14, 2023 (last updated February 25, 2025)
Microsoft Excel Remote Code Execution Vulnerability
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
High

CVE-2023-28311

Disclosure Date: April 11, 2023 (last updated February 24, 2025)
Microsoft Word Remote Code Execution Vulnerability
Attack Vector: LocalPrivileges: NoneUser Interaction: Required
1
1
Attacker Value
High

CVE-2023-21768

Disclosure Date: January 10, 2023 (last updated February 24, 2025)
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
1
1
Attacker Value
Unknown

CVE-2022-41033

Disclosure Date: October 11, 2022 (last updated February 24, 2025)
Windows COM+ Event System Service Elevation of Privilege Vulnerability
Attack Vector: LocalPrivileges: LowUser Interaction: None
2
0
Attacker Value
Unknown

CVE-2022-41040

Disclosure Date: October 03, 2022 (last updated February 24, 2025)
Microsoft Exchange Server Elevation of Privilege Vulnerability
2
0
View More Topics  < Previous  Next >