Export limit exceeded: 334758 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334758 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-24186 | 1 Jsish | 1 Jsish | 2025-05-08 | 9.8 Critical |
| Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. | ||||
| CVE-2024-24112 | 1 Exrick | 1 Xmall | 2025-05-08 | 9.8 Critical |
| xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. | ||||
| CVE-2024-24003 | 1 Jishenghua | 1 Jsherp | 2025-05-08 | 9.8 Critical |
| jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. | ||||
| CVE-2024-22515 | 1 Ispyconnect | 1 Agent Dvr | 2025-05-08 | 8.8 High |
| Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. | ||||
| CVE-2024-22012 | 1 Google | 1 Android | 2025-05-08 | 7.8 High |
| there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-33770 | 2025-05-08 | 5.1 Medium | ||
| Real Estate Management System v1.0 was discovered to contain a SQL injection vulnerability via the message parameter at /contact.php. | ||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | 5.3 Medium |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43434 | 1 Jenkins | 1 Neuvector Vulnerability Scanner | 2025-05-08 | 5.3 Medium |
| Jenkins NeuVector Vulnerability Scanner Plugin 1.20 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43433 | 1 Jenkins | 1 Screenrecorder | 2025-05-08 | 4.3 Medium |
| Jenkins ScreenRecorder Plugin 0.7 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43432 | 1 Jenkins | 1 Xframium Builder | 2025-05-08 | 4.3 Medium |
| Jenkins XFramium Builder Plugin 1.0.22 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-43431 | 1 Jenkins | 1 Compuware Strobe Measurement | 2025-05-08 | 4.3 Medium |
| Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-43430 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2025-05-08 | 7.5 High |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-43429 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2025-05-08 | 7.5 High |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to read arbitrary files on the Jenkins controller file system. | ||||
| CVE-2022-43428 | 1 Jenkins | 2 Compuware Topaz For Total Test, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43427 | 1 Jenkins | 1 Compuware Topaz For Total Test | 2025-05-08 | 4.3 Medium |
| Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | ||||
| CVE-2022-43426 | 1 Jenkins | 1 S3 Explorer | 2025-05-08 | 5.3 Medium |
| Jenkins S3 Explorer Plugin 1.0.8 and earlier does not mask the AWS_SECRET_ACCESS_KEY form field, increasing the potential for attackers to observe and capture it. | ||||
| CVE-2022-43425 | 1 Jenkins | 1 Custom Checkbox Parameter | 2025-05-08 | 5.4 Medium |
| Jenkins Custom Checkbox Parameter Plugin 1.4 and earlier does not escape the name and description of Custom Checkbox Parameter parameters on views displaying parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2022-43423 | 1 Jenkins | 2 Compuware Source Code Download For Endevor\, Pds\, And Ispw, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43422 | 1 Jenkins | 2 Compuware Topaz Utilities, Jenkins | 2025-05-08 | 5.3 Medium |
| Jenkins Compuware Topaz Utilities Plugin 1.0.8 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins controller process. | ||||
| CVE-2022-43421 | 1 Jenkins | 1 Tuleap Git Branch Source | 2025-05-08 | 5.3 Medium |
| A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value. | ||||