Total
539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-24458 | 1 Jetbrains | 1 Youtrack | 2025-01-30 | N/A | 7.1 HIGH |
| In JetBrains YouTrack before 2024.3.55417 account takeover was possible via spoofed email and Helpdesk integration | |||||
| CVE-2022-22364 | 1 Ibm | 1 Cognos Controller | 2025-01-07 | N/A | 5.3 MEDIUM |
| IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 is vulnerable to external service interaction attack, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to induce the application to perform server-side DNS lookups or HTTP requests to arbitrary domain names. By submitting suitable payloads, an attacker can cause the application server to attack other systems that it can interact with. IBM X-Force ID: 220903. | |||||
| CVE-2023-2001 | 1 Gitlab | 1 Gitlab | 2025-01-07 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. | |||||
| CVE-2024-12108 | 2 Microsoft, Progress | 2 Windows, Whatsup Gold | 2025-01-06 | N/A | 9.6 CRITICAL |
| In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | |||||
| CVE-2022-35770 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 6.5 MEDIUM |
| Windows NTLM Spoofing Vulnerability | |||||
| CVE-2022-34689 | 1 Microsoft | 10 Windows 10, Windows 11, Windows 7 and 7 more | 2025-01-02 | N/A | 7.5 HIGH |
| Windows CryptoAPI Spoofing Vulnerability | |||||
| CVE-2024-3843 | 2 Fedoraproject, Google | 2 Fedora, Chrome | 2024-12-19 | N/A | 4.3 MEDIUM |
| Insufficient data validation in Downloads in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | |||||
| CVE-2023-34157 | 1 Huawei | 1 Harmonyos | 2024-12-17 | N/A | 10.0 CRITICAL |
| Vulnerability of HwWatchHealth being hijacked.Successful exploitation of this vulnerability may cause repeated pop-up windows of the app. | |||||
| CVE-2023-34167 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
| CVE-2023-34160 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
| CVE-2023-34158 | 1 Huawei | 1 Emui | 2024-12-12 | N/A | 5.3 MEDIUM |
| Vulnerability of spoofing trustlists of Huawei desktop.Successful exploitation of this vulnerability can cause third-party apps to hide app icons on the desktop to prevent them from being uninstalled. | |||||
| CVE-2024-1347 | 1 Gitlab | 1 Gitlab | 2024-12-11 | N/A | 4.3 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.6, all versions starting from 16.10 before 16.10.4, all versions starting from 16.11 before 16.11.1. Under certain conditions, an attacker through a crafted email address may be able to bypass domain based restrictions on an instance or a group. | |||||
| CVE-2023-42843 | 4 Apple, Fedoraproject, Webkitgtk and 1 more | 7 Ipad Os, Iphone Os, Macos and 4 more | 2024-12-09 | N/A | 4.3 MEDIUM |
| An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. | |||||
| CVE-2024-22457 | 1 Dell | 1 Secure Connect Gateway | 2024-12-04 | N/A | 7.1 HIGH |
| Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. | |||||
| CVE-2023-27199 | 1 Paxtechnology | 2 Pax A930, Pax A930 Firmware | 2024-12-04 | N/A | 6.7 MEDIUM |
| PAX Technology A930 PayDroid_7.1.1_Virgo_V04.5.02_20220722 allows attackers to compile a malicious shared library and use LD_PRELOAD to bypass authorization checks. | |||||
| CVE-2023-29147 | 1 Malwarebytes | 2 Endpoint Detection And Response, Malwarebytes | 2024-11-26 | N/A | 5.5 MEDIUM |
| In Malwarebytes EDR 1.0.11 for Linux, it is possible to bypass the detection layers that depend on inode identifiers, because an identifier may be reused when a file is replaced, and because two files on different filesystems can have the same identifier. | |||||
| CVE-2024-6678 | 1 Gitlab | 1 Gitlab | 2024-11-21 | N/A | 9.9 CRITICAL |
| An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certain circumstances. | |||||
| CVE-2024-5037 | 1 Redhat | 2 Openshift Container Platform, Openshift Distributed Tracing | 2024-11-21 | N/A | 7.5 HIGH |
| A flaw was found in OpenShift's Telemeter. If certain conditions are in place, an attacker can use a forged token to bypass the issue ("iss") check during JSON web token (JWT) authentication. | |||||
| CVE-2024-39350 | 2024-11-21 | N/A | 7.5 HIGH | ||
| A vulnerability regarding authentication bypass by spoofing is found in the RTSP functionality. This allows man-in-the-middle attackers to obtain privileges without consent via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500. | |||||
| CVE-2024-35749 | 1 Acurax | 1 Under Construction \/ Maintenance Mode | 2024-11-21 | N/A | 3.7 LOW |
| Authentication Bypass by Spoofing vulnerability in Acurax Under Construction / Maintenance Mode from Acurax allows Authentication Bypass.This issue affects Under Construction / Maintenance Mode from Acurax: from n/a through 2.6. | |||||