Export limit exceeded: 335056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 335056 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (335056 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47899 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47898 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47897 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47896 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47895 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47894 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47893 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47892 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-47891 | 2025-05-14 | N/A | ||
| Not used | ||||
| CVE-2025-0793 | 1 Esafenet | 1 Cdg | 2025-05-13 | 6.3 Medium |
| A vulnerability has been found in ESAFENET CDG V5 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /todoDetail.jsp. The manipulation of the argument flowId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0794 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5 and classified as problematic. Affected by this issue is some unknown functionality of the file /todoDetail.jsp. The manipulation of the argument curpage leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-0795 | 1 Esafenet | 1 Cdg | 2025-05-13 | 3.5 Low |
| A vulnerability was found in ESAFENET CDG V5. It has been classified as problematic. This affects an unknown part of the file /todolistjump.jsp. The manipulation of the argument flowId leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-45627 | 1 Apache | 1 Linkis | 2025-05-13 | 5.9 Medium |
| In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. | ||||
| CVE-2024-9020 | 1 Fernandobriano | 1 List Category Posts | 2025-05-13 | 5.4 Medium |
| The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | ||||
| CVE-2024-12321 | 1 Codexpert | 1 Wc Affiliate | 2025-05-13 | 7.1 High |
| The WC Affiliate WordPress plugin through 2.3.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2025-4668 | 2025-05-13 | N/A | ||
| ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | ||||
| CVE-2022-22128 | 1 Tableau | 1 Tableau Server | 2025-05-13 | 9.8 Critical |
| Tableau discovered a path traversal vulnerability affecting Tableau Server Administration Agent’s internal file transfer service that could allow remote code execution.Tableau only supports product versions for 24 months after release. Older versions have reached their End of Life and are no longer supported. They are also not assessed for potential security issues and do not receive security updates. | ||||
| CVE-2019-14841 | 1 Redhat | 2 Decision Manager, Process Automation | 2025-05-13 | 8.8 High |
| A flaw was found in the RHDM, where an authenticated attacker can change their assigned role in the response header. This flaw allows an attacker to gain admin privileges in the Business Central Console. | ||||
| CVE-2019-14840 | 1 Redhat | 1 Decision Manager | 2025-05-13 | 7.5 High |
| A flaw was found in the RHDM, where sensitive HTML form fields like Password has auto-complete enabled which may lead to leak of credentials. | ||||
| CVE-2017-7517 | 1 Redhat | 1 Openshift | 2025-05-13 | 3.5 Low |
| An input validation vulnerability exists in Openshift Enterprise due to a 1:1 mapping of tenants in Hawkular Metrics and projects/namespaces in OpenShift. If a user creates a project called "MyProject", and then later deletes it another user can then create a project called "MyProject" and access the metrics stored from the original "MyProject" instance. | ||||