Show filters
11,879 Total Results
Displaying 281-290 of 10,000
Refine your search criteria for more targeted results.
Sort by:
Attacker Value
Unknown

CVE-2024-13158

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
0
0
Attacker Value
Unknown

CVE-2024-13181

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-13180

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-13179

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-10811

Disclosure Date: January 14, 2025 (last updated February 23, 2025)
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information.
0
0
Attacker Value
Unknown

CVE-2024-10630

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.
0
0
Attacker Value
Unknown

CVE-2024-11497

Disclosure Date: January 14, 2025 (last updated February 27, 2025)
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2025-0393

Disclosure Date: January 14, 2025 (last updated March 04, 2025)
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2025-22588

Disclosure Date: January 13, 2025 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3.
0
0
Attacker Value
Unknown

CVE-2025-22337

Disclosure Date: January 13, 2025 (last updated February 27, 2025)
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0.
0
0
View More Topics  < Previous  Next >