Export limit exceeded: 16185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 16185 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 329847 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (329847 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-40276 | 1 Zettlr | 1 Zettlr | 2025-05-02 | 5.5 Medium |
| Zettlr version 2.3.0 allows an external attacker to remotely obtain arbitrary local files on any client that attempts to view a malicious markdown file through Zettlr. This is possible because the application does not have a CSP policy (or at least not strict enough) and/or does not properly validate the contents of markdown files before rendering them. | ||||
| CVE-2022-40235 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | 6.5 Medium |
| "IBM InfoSphere Information Server 11.7 could allow a user to cause a denial of service by removing the ability to run jobs due to improper input validation. IBM X-Force ID: 235725." | ||||
| CVE-2022-40230 | 1 Ibm | 1 Mq Appliance | 2025-05-02 | 6.5 Medium |
| "IBM MQ Appliance 9.2 CD, 9.2 LTS, 9.3 CD, and LTS 9.3 does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. IBM X-Force ID: 235532." | ||||
| CVE-2022-38712 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-05-02 | 5.9 Medium |
| "IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 Web services could allow a man-in-the-middle attacker to conduct SOAPAction spoofing to execute unwanted or unauthorized operations. IBM X-Force ID: 234762." | ||||
| CVE-2022-38168 | 1 Avaya | 4 Scopia Pathfinder 10 Pts, Scopia Pathfinder 10 Pts Firmware, Scopia Pathfinder 20 Pts and 1 more | 2025-05-02 | 9.1 Critical |
| Broken Access Control in User Authentication in Avaya Scopia Pathfinder 10 and 20 PTS version 8.3.7.0.4 allows remote unauthenticated attackers to bypass the login page, access sensitive information, and reset user passwords via URL modification. | ||||
| CVE-2022-35717 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | 7.8 High |
| "IBM InfoSphere Information Server 11.7 could allow a locally authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-"Force ID: 231361. | ||||
| CVE-2022-35642 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-02 | 5.4 Medium |
| "IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 227592." | ||||
| CVE-2022-35279 | 1 Ibm | 1 Business Automation Workflow | 2025-05-02 | 4.3 Medium |
| "IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3, 20.0.0.1, 20.0.0.2, 21.0.2, 21.0.3, and 22.0.1 could disclose sensitive version information to authenticated users which could be used in further attacks against the system. IBM X-Force ID: 230537." | ||||
| CVE-2022-34339 | 1 Ibm | 1 Cognos Analytics | 2025-05-02 | 6.5 Medium |
| "IBM Cognos Analytics 11.2.1, 11.2.0, 11.1.7 stores user credentials in plain clear text which can be read by an authenticated user. IBM X-Force ID: 229963." | ||||
| CVE-2022-32287 | 1 Apache | 1 Uimaj | 2025-05-02 | 7.5 High |
| A relative path traversal vulnerability in a FileUtil class used by the PEAR management component of Apache UIMA allows an attacker to create files outside the designated target directory using carefully crafted ZIP entry names. This issue affects Apache UIMA Apache UIMA version 3.3.0 and prior versions. Note that PEAR files should never be installed into an UIMA installation from untrusted sources because PEAR archives are executable plugins that will be able to perform any actions with the same privileges as the host Java Virtual Machine. | ||||
| CVE-2021-37789 | 2 Debian, Stb Project | 2 Debian Linux, Stb | 2025-05-02 | 8.1 High |
| stb_image.h 2.27 has a heap-based buffer over in stbi__jpeg_load, leading to Information Disclosure or Denial of Service. | ||||
| CVE-2021-45447 | 1 Hitachi | 1 Vantara Pentaho | 2025-05-02 | 7.7 High |
| Hitachi Vantara Pentaho Business Analytics Server versions before 9.3.0.0, 9.2.0.2 and 8.3.0.25 with the Data Lineage feature enabled transmits database passwords in clear text. The transmission of sensitive data in clear text allows unauthorized actors with access to the network to sniff and obtain sensitive information that can be later used to gain unauthorized access. | ||||
| CVE-2022-45343 | 1 Gpac | 1 Gpac | 2025-05-02 | 7.8 High |
| GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c. | ||||
| CVE-2022-44638 | 4 Debian, Fedoraproject, Pixman and 1 more | 5 Debian Linux, Fedora, Pixman and 2 more | 2025-05-02 | 8.8 High |
| In libpixman in Pixman before 0.42.2, there is an out-of-bounds write (aka heap-based buffer overflow) in rasterize_edges_8 due to an integer overflow in pixman_sample_floor_y. | ||||
| CVE-2022-43574 | 1 Ibm | 2 Robotic Process Automation, Robotic Process Automation For Cloud Pak | 2025-05-02 | 7.5 High |
| "IBM Robotic Process Automation 21.0.1, 21.0.2, 21.0.3, 21.0.4, and 21.0.5 is vulnerable to incorrect permission assignment which could allow access to application configurations. IBM X-Force ID: 238679." | ||||
| CVE-2022-43107 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-05-02 | 9.8 Critical |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the time parameter in the setSmartPowerManagement function. | ||||
| CVE-2022-43106 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-05-02 | 9.8 Critical |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the schedStartTime parameter in the setSchedWifi function. | ||||
| CVE-2022-43101 | 1 Tenda | 2 Ac23, Ac23 Firmware | 2025-05-02 | 9.8 Critical |
| Tenda AC23 V16.03.07.45_cn was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | ||||
| CVE-2022-41413 | 1 Perfsonar | 1 Perfsonar | 2025-05-02 | 4.3 Medium |
| perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function. | ||||
| CVE-2022-37930 | 1 Hpe | 18 Hf20, Hf20 Firmware, Hf20c and 15 more | 2025-05-02 | 6.7 Medium |
| A security vulnerability has been identified in HPE Nimble Storage Hybrid Flash Arrays and HPE Nimble Storage Secondary Flash Arrays which could potentially allow local disclosure of sensitive information. | ||||