Export limit exceeded: 336933 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336933 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39022 | 1 Edetw | 1 U-office Force | 2025-05-06 | 6.5 Medium |
| U-Office Force Download function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to download arbitrary system file. | ||||
| CVE-2022-39021 | 1 Edetw | 1 U-office Force | 2025-05-06 | 6.1 Medium |
| U-Office Force login function has an Open Redirect vulnerability. An unauthenticated remote attacker can exploit this vulnerability to redirect user to arbitrary website. | ||||
| CVE-2024-23533 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 6.5 Medium |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an authenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-23532 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds Read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. In certain conditions this could also lead to remote code execution. | ||||
| CVE-2024-23531 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An Integer Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to perform denial of service attacks. In certain rare conditions this could also lead to reading content from memory. | ||||
| CVE-2024-22061 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 9.8 Critical |
| A Heap Overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute arbitrary commands | ||||
| CVE-2022-39020 | 1 Schoolbox | 1 Schoolbox | 2025-05-06 | 7.6 High |
| Multiple instances of XSS (stored and reflected) was found in the application. For example, features such as student assessment submission, file upload, news, ePortfolio and calendar event creation were found to be vulnerable to cross-site scripting. | ||||
| CVE-2022-39016 | 1 M-files | 1 Hubshare | 2025-05-06 | 8.2 High |
| Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. | ||||
| CVE-2024-24993 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| A Race Condition (TOCTOU) vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-24996 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 9.8 Critical |
| A Heap overflow vulnerability in WLInfoRailService component of Ivanti Avalanche before 6.4.3 allows an unauthenticated remote attacker to execute arbitrary commands. | ||||
| CVE-2023-6036 | 1 Miniorange | 1 Web3 - Crypto Wallet Login \& Nft Token Gating | 2025-05-06 | 9.8 Critical |
| The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. This makes it possible for non authenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username. | ||||
| CVE-2023-52430 | 1 Authcrunch | 1 Caddy-security | 2025-05-06 | 5.4 Medium |
| The caddy-security plugin 1.1.20 for Caddy allows reflected XSS via a GET request to a URL that contains an XSS payload and begins with either a /admin or /settings/mfa/delete/ substring. | ||||
| CVE-2023-46257 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-41727 | 2 Ivanti, Microsoft | 2 Avalanche, Windows | 2025-05-06 | 9.8 Critical |
| An attacker sending specially crafted data packets to the Mobile Device Server can cause memory corruption which could result to a Denial of Service (DoS) or code execution. | ||||
| CVE-2023-27172 | 1 Xpand-it | 1 Write-back Manager | 2025-05-06 | 9.1 Critical |
| Xpand IT Write-back Manager v2.3.1 uses weak secret keys to sign JWT tokens. This allows attackers to easily obtain the secret key used to sign JWT tokens via a bruteforce attack. | ||||
| CVE-2022-44081 | 1 Lodev | 1 Lodepng | 2025-05-06 | 5.5 Medium |
| Lodepng v20220717 was discovered to contain a segmentation fault via the function pngdetail. | ||||
| CVE-2022-44079 | 1 Pycdc Project | 1 Pycdc | 2025-05-06 | 5.5 Medium |
| pycdc commit 44a730f3a889503014fec94ae6e62d8401cb75e5 was discovered to contain a stack overflow via the component __sanitizer::StackDepotBase<__sanitizer::StackDepotNode. | ||||
| CVE-2022-43752 | 2 Common Desktop Environment Project, Oracle | 2 Common Desktop Environment, Solaris | 2025-05-06 | 7.8 High |
| Oracle Solaris version 10 1/13, when using the Common Desktop Environment (CDE), is vulnerable to a privilege escalation vulnerability. A low privileged user can escalate to root by crafting a malicious printer and double clicking on the the crafted printer's icon. | ||||
| CVE-2022-43152 | 1 Tsmuxer Project | 1 Tsmuxer | 2025-05-06 | 5.5 Medium |
| tsMuxer v2.6.16 was discovered to contain a heap overflow via the function BitStreamWriter::flushBits() at /tsMuxer/bitStream.h. | ||||
| CVE-2022-43151 | 1 Hzeller | 1 Timg | 2025-05-06 | 5.5 Medium |
| timg v1.4.4 was discovered to contain a memory leak via the function timg::QueryBackgroundColor() at /timg/src/term-query.cc. | ||||