Export limit exceeded: 335668 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335668 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32818 | 1 Apple | 1 Macos | 2025-05-22 | 5.5 Medium |
| The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.5. An app may be able to leak sensitive kernel state. | ||||
| CVE-2022-32228 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 since the getReadReceipts Meteor server method does not properly filter user inputs that are passed to MongoDB queries, allowing $regex queries to enumerate arbitrary Message IDs. | ||||
| CVE-2022-32227 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 6.5 Medium |
| A cleartext transmission of sensitive information exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 relating to Oauth tokens by having the permission "view-full-other-user-info", this could cause an oauth token leak in the product. | ||||
| CVE-2022-32226 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An improper access control vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to input data in the getUsersOfRoom Meteor server method is not type validated, so that MongoDB query operator objects are accepted by the server, so that instead of a matching rid String a$regex query can be executed, bypassing the room access permission check for every but the first matching room. | ||||
| CVE-2022-32218 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 4.3 Medium |
| An information disclosure vulnerability exists in Rocket.Chat <v5, <v4.8.2 and <v4.7.5 due to the actionLinkHandler method was found to allow Message ID Enumeration with Regex MongoDB queries. | ||||
| CVE-2022-32217 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 5.3 Medium |
| A cleartext storage of sensitive information exists in Rocket.Chat <v4.6.4 due to Oauth token being leaked in plaintext in Rocket.chat logs. | ||||
| CVE-2022-31679 | 1 Vmware | 1 Spring Data Rest | 2025-05-22 | 3.7 Low |
| Applications that allow HTTP PATCH access to resources exposed by Spring Data REST in versions 3.6.0 - 3.5.5, 3.7.0 - 3.7.2, and older unsupported versions, if an attacker knows about the structure of the underlying domain model, they can craft HTTP requests that expose hidden entity attributes. | ||||
| CVE-2022-30577 | 1 Tibco | 1 Ebx | 2025-05-22 | 8 High |
| The Web Server component of TIBCO Software Inc.'s TIBCO EBX contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute Stored Cross Site Scripting (XSS) on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 6.0.0 through 6.0.8. | ||||
| CVE-2022-30124 | 1 Rocket.chat | 1 Rocket.chat | 2025-05-22 | 6.8 Medium |
| An improper authentication vulnerability exists in Rocket.Chat Mobile App <4.14.1.22788 that allowed an attacker with physical access to a mobile device to bypass local authentication (PIN code). | ||||
| CVE-2022-2413 | 1 Simonpedge | 1 Slide Anything | 2025-05-22 | 5.4 Medium |
| The Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled. | ||||
| CVE-2022-28886 | 1 F-secure | 5 Cloud Protection For Salesforce, Collaboration Protection, Elements Endpoint Protection and 2 more | 2025-05-22 | 4.3 Medium |
| A Denial-of-Service vulnerability was discovered in the F-Secure and WithSecure products where aerdl.so/aerdl.dll may go into an infinite loop when unpacking PE files. It is possible that this can crash the scanning engine | ||||
| CVE-2022-27492 | 1 Whatsapp | 1 Whatsapp | 2025-05-22 | 7.8 High |
| An integer underflow in WhatsApp could have caused remote code execution when receiving a crafted video file. | ||||
| CVE-2022-26700 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2025-05-22 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 15.5, watchOS 8.6, iOS 15.5 and iPadOS 15.5, macOS Monterey 12.4, Safari 15.5. Processing maliciously crafted web content may lead to code execution. | ||||
| CVE-2022-23952 | 1 Keylime | 1 Keylime | 2025-05-22 | 7.5 High |
| In Keylime before 6.3.0, current keylime installer installs the keylime.conf file, which can contain sensitive data, as world-readable. | ||||
| CVE-2022-23144 | 1 Zte | 30 Zxa10 B700v7, Zxa10 B700v7 Firmware, Zxa10 B710c-a12 and 27 more | 2025-05-22 | 9.1 Critical |
| There is a broken access control vulnerability in ZTE ZXvSTB product. Due to improper permission control, attackers could use this vulnerability to delete the default application type, which affects normal use of system. | ||||
| CVE-2022-22624 | 2 Apple, Redhat | 6 Ipad Os, Iphone Os, Macos and 3 more | 2025-05-22 | 8.8 High |
| A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.3, iOS 15.4 and iPadOS 15.4, tvOS 15.4, Safari 15.4. Processing maliciously crafted web content may lead to arbitrary code execution. | ||||
| CVE-2022-22610 | 1 Apple | 6 Ipad Os, Iphone Os, Macos and 3 more | 2025-05-22 | 8.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.3, Safari 15.4, watchOS 8.5, iOS 15.4 and iPadOS 15.4, tvOS 15.4. Processing maliciously crafted web content may lead to code execution. | ||||
| CVE-2022-20019 | 2 Google, Mediatek | 40 Android, Mt6595, Mt6735 and 37 more | 2025-05-22 | 5.5 Medium |
| In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID: ALPS05917620. | ||||
| CVE-2022-20014 | 2 Google, Mediatek | 18 Android, Mt6781, Mt6785 and 15 more | 2025-05-22 | 6.7 Medium |
| In vow driver, there is a possible memory corruption due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05857308; Issue ID: ALPS05857308. | ||||
| CVE-2021-45116 | 3 Djangoproject, Fedoraproject, Redhat | 4 Django, Fedora, Satellite and 1 more | 2025-05-22 | 7.5 High |
| An issue was discovered in Django 2.2 before 2.2.26, 3.2 before 3.2.11, and 4.0 before 4.0.1. Due to leveraging the Django Template Language's variable resolution logic, the dictsort template filter was potentially vulnerable to information disclosure, or an unintended method call, if passed a suitably crafted key. | ||||