Export limit exceeded: 15761 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326420 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46333 | 1 Proofpoint | 1 Enterprise Protection | 2025-04-23 | 7.2 High |
| The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | ||||
| CVE-2023-7094 | 1 Netentsec | 1 Application Security Gateway | 2025-04-23 | 5.3 Medium |
| A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32960 | 2025-04-23 | 6.4 Medium | ||
| The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website. | ||||
| CVE-2025-32961 | 2025-04-23 | 6.4 Medium | ||
| The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 1.1.1. A workaround is provided on the Jmix documentation website. | ||||
| CVE-2025-31327 | 2025-04-23 | 4.3 Medium | ||
| SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-31328 | 2025-04-23 | 4.6 Medium | ||
| SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2024-40507 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | ||||
| CVE-2024-40508 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | ||||
| CVE-2022-43901 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2025-04-23 | 5.7 Medium |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | ||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | ||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | ||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | ||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3591 | 1 Vim | 1 Vim | 2025-04-23 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0789. | ||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2025-04-23 | 8 High |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | ||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2025-04-23 | 5.3 Medium |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | ||||
| CVE-2022-39894 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | ||||
| CVE-2025-1054 | 2025-04-23 | 6.4 Medium | ||
| The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-39895 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. | ||||
| CVE-2022-39896 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | ||||