CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

A valid, authenticated LXCA user without sufficient privileges may be able to use the device identifier to modify an LXCA managed device through a specially crafted web API call...

6.5CVSS6.7AI score0.00128EPSS

Exploits0

RedhatCVE•added 2025/05/23 10:33 a.m.•2 views

CVE-2024-45103

A valid, authenticated LXCA user may be able to unmanage an LXCA managed device in through the LXCA web interface without sufficient privileges...

4.3CVSS6.7AI score0.00164EPSS

Exploits0

RedhatCVE•added 2025/05/23 7:4 a.m.•2 views

CVE-2024-45102

A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On SSO provider for XCC instances...

6.8CVSS7.3AI score0.00064EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 3:56 a.m.•4 views

CVE-2023-34418

A valid, authenticated LXCA user may be able to gain unauthorized access to events and other data stored in LXCA due to a SQL injection vulnerability in a specific web API...

8.1CVSS7.6AI score0.0029EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:55 a.m.•4 views

CVE-2023-34422

A valid, authenticated LXCA user with elevated privileges may be able to delete folders in the LXCA filesystem through a specifically crafted web API call due to insufficient input validation...

6.5CVSS6.6AI score0.00125EPSS

Exploits0

RedhatCVE•added 2025/05/23 3:45 a.m.•6 views

CVE-2023-3113

An unauthenticated XML external entity injection XXE vulnerability exists in LXCA's Common Information Model CIM server that could result in read-only access to specific files...

8.2CVSS7.2AI score0.00167EPSS

Exploits0References1

RedhatCVE•added 2025/05/23 2:12 a.m.•6 views

CVE-2023-34420

A valid, authenticated LXCA user with elevated privileges may be able to execute command injections through crafted calls to a specific web API...

7.2CVSS7AI score0.00415EPSS

Exploits0References1