Vulnerabilities (CVE)

Total 306815 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-28950 2024-11-15 N/A 6.7 MEDIUM
Uncontrolled search path for some Intel(R) oneAPI Math Kernel Library software for Windows before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-28885 2024-11-15 N/A 5.9 MEDIUM
Observable discrepancy in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-25647 2024-11-15 N/A 6.7 MEDIUM
Incorrect default permissions for some Intel(R) Binary Configuration Tool software for Windows before version 3.4.5 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-33617 2024-11-15 N/A 5.9 MEDIUM
Insufficient control flow management in some Intel(R) QAT Engine for OpenSSL software before version v1.6.1 may allow information disclosure via network access.
CVE-2024-36282 2024-11-15 N/A 8.2 HIGH
Improper input validation in the Intel(R) Server Board S2600ST Family BIOS and Firmware Update software all versions may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-31154 2024-11-15 N/A 7.5 HIGH
Improper input validation in UEFI firmware for some Intel(R) Server S2600BPBR may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-29079 2024-11-15 N/A 6.8 MEDIUM
Insufficient control flow management in some Intel(R) VROC software before version 8.6.0.3001 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-45594 2024-11-15 N/A 7.7 HIGH
Decidim is a participatory democracy framework. The meeting embeds feature used in the online or hybrid meetings is subject to potential XSS attack through a malformed URL. This vulnerability is fixed in 0.28.3 and 0.29.0.
CVE-2024-40885 2024-11-15 N/A 6.4 MEDIUM
Use after free in the UEFI firmware of some Intel(R) Server M20NTP BIOS may allow a privileged user to potentially enable escalation of privilege via local access.
CVE-2024-29083 2024-11-15 N/A 6.7 MEDIUM
Incorrect default permissions in some Intel(R) Distribution for Python software before version 2024.2 may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-34776 2024-11-15 N/A 4.5 MEDIUM
Out-of-bounds write in some Intel(R) SGX SDK software may allow an authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-27200 2024-11-15 N/A 4.4 MEDIUM
Improper access control in some Intel(R) Granulate(TM) software before version 4.30.1 may allow a authenticated user to potentially enable escalation of privilege via local access.
CVE-2024-52552 2024-11-15 N/A 8.0 HIGH
Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
CVE-2024-11206 2024-11-15 N/A 7.5 HIGH
Unauthorized access vulnerability in the mobile application (com.transsion.phoenix) can lead to the leakage of user information.
CVE-2024-52374 2024-11-15 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.
CVE-2024-52384 2024-11-15 N/A 9.9 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.
CVE-2024-51688 2024-11-15 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in FraudLabs Pro FraudLabs Pro SMS Verification allows Stored XSS.This issue affects FraudLabs Pro SMS Verification: from n/a through 1.10.1.
CVE-2024-52375 2024-11-15 N/A 10.0 CRITICAL
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.
CVE-2024-51687 2024-11-15 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF) vulnerability in Platform.Ly Platform.Ly Official allows Stored XSS.This issue affects Platform.Ly Official: from n/a through 1.1.3.
CVE-2022-31666 2024-11-15 N/A 7.7 HIGH
Harbor fails to validate user permissions while deleting Webhook policies, allowing malicious users to view, update and delete Webhook policies of other users.  The attacker could modify Webhook policies configured in other projects.