Export limit exceeded: 334960 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (334960 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0599 | 1 Ujcms | 1 Jspxcms | 2025-05-09 | 3.5 Low |
| A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability. | ||||
| CVE-2022-40885 | 1 Axiosys | 1 Bento4 | 2025-05-09 | 5.5 Medium |
| Bento4 v1.6.0-639 has a memory allocation issue that can cause denial of service. | ||||
| CVE-2022-40884 | 1 Axiosys | 1 Bento4 | 2025-05-09 | 5.5 Medium |
| Bento4 1.6.0 has memory leaks via the mp4fragment. | ||||
| CVE-2022-3327 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-09 | 9.8 Critical |
| Missing Authentication for Critical Function in GitHub repository ikus060/rdiffweb prior to 2.5.0a6. | ||||
| CVE-2022-38901 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-09 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the Document and Media module - file upload functionality in Liferay Digital Experience Platform 7.3.10 SP3 allows remote attackers to inject arbitrary JS script or HTML into the description field of uploaded svg file. | ||||
| CVE-2022-35860 | 1 Corsair | 2 K63, K63 Firmware | 2025-05-09 | 6.8 Medium |
| Missing AES encryption in Corsair K63 Wireless 3.1.3 allows physically proximate attackers to inject and sniff keystrokes via 2.4 GHz radio transmissions. | ||||
| CVE-2022-33077 | 1 Nopcommerce | 1 Nopcommerce | 2025-05-09 | 7.5 High |
| An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint. | ||||
| CVE-2022-31684 | 2 Pivotal, Redhat | 3 Reactor Netty, Camel Spring Boot, Openshift Application Runtimes | 2025-05-09 | 4.3 Medium |
| Reactor Netty HTTP Server, in versions 1.0.11 - 1.0.23, may log request headers in some cases of invalid HTTP requests. The logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where logging at WARN level is enabled. | ||||
| CVE-2022-2805 | 1 Redhat | 2 Rhev Manager, Virtualization | 2025-05-09 | 6.5 Medium |
| A flaw was found in ovirt-engine, which leads to the logging of plaintext passwords in the log file when using otapi-style. This flaw allows an attacker with sufficient privileges to read the log file, leading to confidentiality loss. | ||||
| CVE-2022-25736 | 1 Qualcomm | 486 Aqt1000, Aqt1000 Firmware, Ar8031 and 483 more | 2025-05-09 | 7.5 High |
| Denial of service in WLAN due to out-of-bound read happens while processing VHT action frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2022-25720 | 1 Qualcomm | 370 Apq8009, Apq8009 Firmware, Apq8009w and 367 more | 2025-05-09 | 9.8 Critical |
| Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2022-25719 | 1 Qualcomm | 236 Apq8009, Apq8009 Firmware, Apq8009w and 233 more | 2025-05-09 | 8.2 High |
| Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2022-25718 | 1 Qualcomm | 284 Apq8009, Apq8009 Firmware, Apq8009w and 281 more | 2025-05-09 | 9.1 Critical |
| Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2022-25687 | 1 Qualcomm | 362 Apq8009, Apq8009 Firmware, Apq8009w and 359 more | 2025-05-09 | 7.3 High |
| memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | ||||
| CVE-2022-25666 | 1 Qualcomm | 296 Apq8096au, Apq8096au Firmware, Aqt1000 and 293 more | 2025-05-09 | 6.7 Medium |
| Memory corruption due to use after free in service while trying to access maps by different threads in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking | ||||
| CVE-2022-23734 | 1 Github | 1 Enterprise Server | 2025-05-09 | 8.8 High |
| A deserialization of untrusted data vulnerability was identified in GitHub Enterprise Server that could potentially lead to remote code execution on the SVNBridge. To exploit this vulnerability, an attacker would need to gain access via a server-side request forgery (SSRF) that would let an attacker control the data being deserialized. This vulnerability affected all versions of GitHub Enterprise Server prior to v3.6 and was fixed in versions 3.5.3, 3.4.6, 3.3.11, and 3.2.16. This vulnerability was reported via the GitHub Bug Bounty program. | ||||
| CVE-2022-23241 | 1 Netapp | 1 Clustered Data Ontap | 2025-05-09 | 8.1 High |
| Clustered Data ONTAP versions 9.11.1 through 9.11.1P2 with SnapLock configured FlexGroups are susceptible to a vulnerability which could allow an authenticated remote attacker to arbitrarily modify or delete WORM data prior to the end of the retention period. | ||||
| CVE-2022-1414 | 1 Redhat | 1 3scale Api Management | 2025-05-09 | 8.8 High |
| 3scale API Management 2 does not perform adequate sanitation for user input in multiple fields. An authenticated user could use this flaw to inject scripts and possibly gain access to sensitive information or conduct further attacks. | ||||
| CVE-2020-23648 | 1 Asus | 2 Rt-n12e, Rt-n12e Firmware | 2025-05-09 | 7.5 High |
| Asus RT-N12E 2.0.0.39 is affected by an incorrect access control vulnerability. Through system.asp / start_apply.htm, an attacker can change the administrator password without any authentication. | ||||
| CVE-2016-20016 | 1 Mvpower | 4 Tv-7104he, Tv-7104he Firmware, Tv7108he and 1 more | 2025-05-09 | 9.8 Critical |
| MVPower CCTV DVR models, including TV-7104HE 1.8.4 115215B9 and TV7108HE, contain a web shell that is accessible via a /shell URI. A remote unauthenticated attacker can execute arbitrary operating system commands as root. This vulnerability has also been referred to as the "JAWS webserver RCE" because of the easily identifying HTTP response server field. Other firmware versions, at least from 2014 through 2019, can be affected. This was exploited in the wild in 2017 through 2022. | ||||