Export limit exceeded: 335298 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335298 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-21837 | 2025-05-20 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-21686 | 2025-05-20 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-21633 | 1 Redhat | 1 Enterprise Linux | 2025-05-20 | 7.0 High |
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-49933 | 2025-05-20 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-49056 | 2025-05-20 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-42731 | 1 Django-mfa2 Project | 1 Django-mfa2 | 2025-05-20 | 7.5 High |
| mfa/FIDO2.py in django-mfa2 before 2.5.1 and 2.6.x before 2.6.1 allows a replay attack that could be used to register another device for a user. The device registration challenge is not invalidated after usage. | ||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | 8.8 High |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | ||||
| CVE-2022-42236 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-20 | 5.4 Medium |
| A Stored XSS issue in Merchandise Online Store v.1.0 allows to injection of Arbitrary JavaScript in edit account form. | ||||
| CVE-2022-42037 | 1 Democritus | 1 D8s-asns | 2025-05-20 | 9.8 Critical |
| The d8s-asns package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-csv package. The affected version is 0.1.0. | ||||
| CVE-2022-42034 | 1 Wedding Planner Project | 1 Wedding Planner | 2025-05-20 | 8.8 High |
| Wedding Planner v1.0 is vulnerable to arbitrary code execution via users_profile.php. | ||||
| CVE-2022-41387 | 1 Democritus | 1 D8s-pdfs | 2025-05-20 | 9.8 Critical |
| The d8s-pdfs package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||||
| CVE-2022-41386 | 1 Democritus | 1 D8s-utility | 2025-05-20 | 9.8 Critical |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0. | ||||
| CVE-2022-41382 | 1 Democritus | 1 D8s-json | 2025-05-20 | 9.8 Critical |
| The d8s-json package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-41381 | 1 Democritus | 1 D8s-utility | 2025-05-20 | 9.8 Critical |
| The d8s-utility package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-41380 | 1 Democritus | 1 D8s-yaml | 2025-05-20 | 9.8 Critical |
| The d8s-yaml package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0. | ||||
| CVE-2022-41376 | 1 Metroui | 1 Metro Ui | 2025-05-20 | 6.1 Medium |
| Metro UI v4.4.0 to v4.5.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Javascript function. | ||||
| CVE-2022-41210 | 1 Sap | 1 Customer Data Cloud | 2025-05-20 | 5.2 Medium |
| SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses insecure random number generator program which makes it easy for the attacker to predict future random numbers. This can lead to information disclosure and modification of certain user settings. | ||||
| CVE-2022-41202 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-05-20 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated Visual Design Stream (.vds, vds.x3d) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-41189 | 1 Sap | 1 3d Visual Enterprise Viewer | 2025-05-20 | 7.8 High |
| Due to lack of proper memory management, when a victim opens a manipulated AutoCAD (.dwg, TeighaTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory. | ||||
| CVE-2022-32175 | 1 Adguard | 1 Adguardhome | 2025-05-20 | 5.4 Medium |
| In AdGuardHome, versions v0.95 through v0.108.0-b.13 are vulnerable to Cross-Site Request Forgery (CSRF), in the custom filtering rules functionality. An attacker can persuade an authorized user to follow a malicious link, resulting in deleting/modifying the custom filtering rules. | ||||