Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (2845 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-6202 1 Haloservicesolutions 1 Haloitsm 2024-08-29 9.8 Critical
HaloITSM versions up to 2.146.1 are affected by a SAML XML Signature Wrapping (XSW) vulnerability. When having a SAML integration configured, anonymous actors could impersonate arbitrary HaloITSM users by just knowing their email address. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability.
CVE-2024-7604 1 Logsign 1 Unified Secops Platform 2024-08-23 7.8 High
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue results from the lack of proper validation of the user's license expiration date. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25029.
CVE-2024-6358 1 Opentext 1 Arcsight Intelligence 2024-08-19 6.3 Medium
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
CVE-2024-41941 1 Siemens 1 Sinec Nms 2024-08-14 4.3 Medium
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and modify settings in the application without authorization.
CVE-2024-41939 1 Siemens 1 Sinec Nms 2024-08-14 8.8 High
A vulnerability has been identified in SINEC NMS (All versions < V3.0). The affected application does not properly enforce authorization checks. This could allow an authenticated attacker to bypass the checks and elevate their privileges on the application.