Export limit exceeded: 335872 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335872 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-36652 | 1 Prolion | 1 Cryptospike | 2025-05-27 | 4.3 Medium |
| A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. | ||||
| CVE-2023-28465 | 1 Hapifhir | 1 Hl7 Fhir Core | 2025-05-27 | 7.5 High |
| The package-decompression feature in HL7 (Health Level 7) FHIR Core Libraries before 5.6.106 allows attackers to copy arbitrary files to certain directories via directory traversal, if an allowed directory name is a substring of the directory name chosen by the attacker. NOTE: this issue exists because of an incomplete fix for CVE-2023-24057. | ||||
| CVE-2022-41320 | 1 Veritas | 1 System Recovery | 2025-05-27 | 6.5 Medium |
| Veritas System Recovery (VSR) versions 18 and 21 store a network destination password in the Windows registry during configuration of the backup configuration. This vulnerability could provide a Windows user (who has sufficient privileges) to access a network file system that they were not authorized to access. | ||||
| CVE-2022-41319 | 1 Veritas | 1 Desktop And Laptop Option | 2025-05-27 | 6.1 Medium |
| A Reflected Cross-Site Scripting (XSS) vulnerability affects the Veritas Desktop Laptop Option (DLO) application login page (aka the DLOServer/restore/login.jsp URI). This affects versions before 9.8 (e.g., 9.1 through 9.7). | ||||
| CVE-2022-40869 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-27 | 9.8 Critical |
| Tenda AC15 and AC18 routers V15.03.05.19 contain stack overflow vulnerabilities in the function fromDhcpListClient with a combined parameter "list*" ("%s%d","list"). | ||||
| CVE-2022-40865 | 1 Tendacn | 4 Ac15, Ac15 Firmware, Ac18 and 1 more | 2025-05-27 | 9.8 Critical |
| Tenda AC15 and AC18 routers V15.03.05.19 contain heap overflow vulnerabilities in the function setSchedWifi with the request /goform/openSchedWifi/ | ||||
| CVE-2022-40716 | 1 Hashicorp | 1 Consul | 2025-05-27 | 6.5 Medium |
| HashiCorp Consul and Consul Enterprise up to 1.11.8, 1.12.4, and 1.13.1 do not check for multiple SAN URI values in a CSR on the internal RPC endpoint, enabling leverage of privileged access to bypass service mesh intentions. Fixed in 1.11.9, 1.12.5, and 1.13.2." | ||||
| CVE-2022-40188 | 3 Debian, Fedoraproject, Nic | 3 Debian Linux, Fedora, Knot Resolver | 2025-05-27 | 7.5 High |
| Knot Resolver before 5.5.3 allows remote attackers to cause a denial of service (CPU consumption) because of algorithmic complexity. During an attack, an authoritative server must return large NS sets or address sets. | ||||
| CVE-2022-40089 | 1 Simple College Website Project | 1 Simple College Website | 2025-05-27 | 9.8 Critical |
| A remote file inclusion (RFI) vulnerability in Simple College Website v1.0 allows attackers to execute arbitrary code via a crafted PHP file. This vulnerability is exploitable when the directive allow_url_include is set to On. | ||||
| CVE-2022-40088 | 1 Simple College Website Project | 1 Simple College Website | 2025-05-27 | 6.1 Medium |
| Simple College Website v1.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /college_website/index.php?page=. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||||
| CVE-2022-40087 | 1 Simple College Website Project | 1 Simple College Website | 2025-05-27 | 9.8 Critical |
| Simple College Website v1.0 was discovered to contain an arbitrary file write vulnerability via the function file_put_contents(). This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-38936 | 1 Pbc Project | 1 Pbc | 2025-05-27 | 7.5 High |
| An issue has been found in PBC through 2022-8-27. A SEGV issue detected in the function pbc_wmessage_integer in src/wmessage.c:137. | ||||
| CVE-2022-37235 | 1 Netgear | 2 R7000, R7000 Firmware | 2025-05-27 | 9.8 Critical |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncat | ||||
| CVE-2022-37234 | 1 Netgear | 2 R7000, R7000 Firmware | 2025-05-27 | 7.8 High |
| Netgear Nighthawk AC1900 Smart WiFi Dual Band Gigabit Router R7000-V1.0.11.134_10.2.119 is vulnerable to Buffer Overflow via the wl binary in firmware. There is a stack overflow vulnerability caused by strncpy. | ||||
| CVE-2022-36944 | 3 Fedoraproject, Redhat, Scala-lang | 4 Fedora, Amq Streams, Scala and 1 more | 2025-05-27 | 9.8 Critical |
| Scala 2.13.x before 2.13.9 has a Java deserialization chain in its JAR file. On its own, it cannot be exploited. There is only a risk in conjunction with Java object deserialization within an application. In such situations, it allows attackers to erase contents of arbitrary files, make network connections, or possibly run arbitrary code (specifically, Function0 functions) via a gadget chain. | ||||
| CVE-2022-35024 | 1 Otfcc Project | 1 Otfcc | 2025-05-27 | 6.5 Medium |
| OTFCC commit 617837b was discovered to contain a segmentation violation via /multiarch/memmove-vec-unaligned-erms.S. | ||||
| CVE-2022-34026 | 1 Icecoder | 1 Icecoder | 2025-05-27 | 7.5 High |
| ICEcoder v8.1 allows attackers to execute a directory traversal. | ||||
| CVE-2022-33682 | 1 Apache | 1 Pulsar | 2025-05-27 | 5.9 Medium |
| TLS hostname verification cannot be enabled in the Pulsar Broker's Java Client, the Pulsar Broker's Java Admin Client, the Pulsar WebSocket Proxy's Java Client, and the Pulsar Proxy's Admin Client leaving intra-cluster connections and geo-replication connections vulnerable to man in the middle attacks, which could leak credentials, configuration data, message data, and any other data sent by these clients. The vulnerability is for both the pulsar+ssl protocol and HTTPS. An attacker can only take advantage of this vulnerability by taking control of a machine 'between' the client and the server. The attacker must then actively manipulate traffic to perform the attack by providing the client with a cryptographically valid certificate for an unrelated host. This issue affects Apache Pulsar Broker, Proxy, and WebSocket Proxy versions 2.7.0 to 2.7.4; 2.8.0 to 2.8.3; 2.9.0 to 2.9.2; 2.10.0; 2.6.4 and earlier. | ||||
| CVE-2022-32849 | 1 Apple | 5 Ipados, Iphone Os, Mac Os X and 2 more | 2025-05-27 | 5.5 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in iOS 15.6 and iPadOS 15.6, macOS Big Sur 11.6.8, tvOS 15.6, macOS Monterey 12.5, Security Update 2022-005 Catalina. An app may be able to access sensitive user information. | ||||
| CVE-2022-32814 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-27 | 7.8 High |
| A type confusion issue was addressed with improved state handling. This issue is fixed in watchOS 8.7, tvOS 15.6, iOS 15.6 and iPadOS 15.6, macOS Monterey 12.5. An app may be able to execute arbitrary code with kernel privileges. | ||||