Export limit exceeded: 335308 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335308 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41975 | 2 Microsoft, Realvnc | 3 Windows, Vnc Server, Vnc Viewer | 2025-05-20 | 7.8 High |
| RealVNC VNC Server before 6.11.0 and VNC Viewer before 6.22.826 on Windows allow local privilege escalation via MSI installer Repair mode. | ||||
| CVE-2022-41606 | 1 Hashicorp | 1 Nomad | 2025-05-20 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 1.0.2 up to 1.2.12, and 1.3.5 jobs submitted with an artifact stanza using invalid S3 or GCS URLs can be used to crash client agents. Fixed in 1.2.13, 1.3.6, and 1.4.0. | ||||
| CVE-2022-41550 | 1 Gnu | 1 Osip | 2025-05-20 | 6.5 Medium |
| GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header. | ||||
| CVE-2022-41532 | 1 Open Source Sacco Management System Project | 1 Open Source Sacco Management System | 2025-05-20 | 7.2 High |
| Open Source SACCO Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /sacco_shield/ajax.php?action=delete_plan. | ||||
| CVE-2022-41204 | 1 Sap | 1 Commerce | 2025-05-20 | 8.8 High |
| An attacker can change the content of an SAP Commerce - versions 1905, 2005, 2105, 2011, 2205, login page through a manipulated URL. They can inject code that allows them to redirect submissions from the affected login form to their own server. This allows them to steal credentials and hijack accounts. A successful attack could compromise the Confidentiality, Integrity, and Availability of the system. | ||||
| CVE-2022-40943 | 1 Phpgurukul | 1 Dairy Farm Shop Management System | 2025-05-20 | 9.8 Critical |
| Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via bwdate-report-ds.php file. | ||||
| CVE-2022-40923 | 1 Lief-project | 1 Lief | 2025-05-20 | 6.5 Medium |
| A vulnerability in the LIEF::MachO::SegmentCommand::virtual_address function of LIEF v0.12.1 allows attackers to cause a denial of service (DOS) through a segmentation fault via a crafted MachO file. | ||||
| CVE-2022-40756 | 1 Actian | 2 Psql, Zen | 2025-05-20 | 8.8 High |
| If folder security is misconfigured for Actian Zen PSQL BEFORE Patch Update 1 for Zen 15 SP1 (v15.11.005), Patch Update 4 for Zen 15 (v15.01.017), or Patch Update 5 for Zen 14 SP2 (v14.21.022), it can allow an attacker (with file read/write access) to remove specific security files in order to reset the master password and gain access to the database. | ||||
| CVE-2022-40341 | 1 Mojoportal | 1 Mojoportal | 2025-05-20 | 8.8 High |
| mojoPortal v2.7 was discovered to contain an arbitrary file upload vulnerability which allows attackers to execute arbitrary code via a crafted PNG file. | ||||
| CVE-2022-21222 | 1 Css-what Project | 1 Css-what | 2025-05-20 | 5.3 Medium |
| The package css-what before 2.1.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of insecure regular expression in the re_attr variable of index.js. The exploitation of this vulnerability could be triggered via the parse function. | ||||
| CVE-2022-3364 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | ||||
| CVE-2022-2922 | 1 Dnnsoftware | 1 Dotnetnuke | 2025-05-20 | 4.9 Medium |
| Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0. | ||||
| CVE-2022-2529 | 1 Cloudflare | 1 Goflow | 2025-05-20 | 7.5 High |
| sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service. | ||||
| CVE-2022-3371 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-20 | 7.5 High |
| Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3. | ||||
| CVE-2022-23726 | 1 Pingidentity | 1 Pingcentral | 2025-05-20 | 5.4 Medium |
| PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information. | ||||
| CVE-2022-36961 | 1 Solarwinds | 1 Orion Platform | 2025-05-20 | 8.8 High |
| A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution. | ||||
| CVE-2025-30417 | 1 Ni | 1 Circuit Design Suite | 2025-05-20 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | ||||
| CVE-2025-30418 | 1 Ni | 1 Circuit Design Suite | 2025-05-20 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | ||||
| CVE-2025-30419 | 1 Ni | 1 Circuit Design Suite | 2025-05-20 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | ||||
| CVE-2025-30420 | 1 Ni | 1 Circuit Design Suite | 2025-05-20 | 7.8 High |
| There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite. This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions. | ||||