Export limit exceeded: 326424 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (326424 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-30305 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-23 | 5.5 Medium |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-38123 | 1 Secomea | 1 Gatemanager | 2025-04-23 | 8.7 High |
| Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0. | ||||
| CVE-2022-46332 | 1 Proofpoint | 1 Enterprise Protection | 2025-04-23 | 9.6 Critical |
| The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below. | ||||
| CVE-2025-43014 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | 6.1 Medium |
| In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation | ||||
| CVE-2022-46333 | 1 Proofpoint | 1 Enterprise Protection | 2025-04-23 | 7.2 High |
| The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below. | ||||
| CVE-2023-7094 | 1 Netentsec | 1 Application Security Gateway | 2025-04-23 | 5.3 Medium |
| A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-32960 | 2025-04-23 | 6.4 Medium | ||
| The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 7.2.7. A workaround is provided on the Jmix documentation website. | ||||
| CVE-2025-32961 | 2025-04-23 | 6.4 Medium | ||
| The Cuba JPA web API enables loading and saving any entities defined in the application data model by sending simple HTTP requests. Prior to version 1.1.1, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code to be executed in the browser. For a successful attack, a malicious file needs to be uploaded beforehand. This issue has been patched in version 1.1.1. A workaround is provided on the Jmix documentation website. | ||||
| CVE-2025-31327 | 2025-04-23 | 4.3 Medium | ||
| SAP Field Logistics Manage Logistics application OData meta-data property is vulnerable to data tampering, due to which certain fields could be externally modified by an attacker causing low impact on integrity of the application. Confidentiality and availability are not impacted. | ||||
| CVE-2025-31328 | 2025-04-23 | 4.6 Medium | ||
| SAP Learning Solution is vulnerable to Cross-Site Request Forgery (CSRF), allowing an attacker to trick authenticated user into sending unintended requests to the server. GET-based OData function is named in a way that it violates the expected behaviour. This issue could impact both the confidentiality and integrity of the application without affecting the availability. | ||||
| CVE-2024-40507 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function. | ||||
| CVE-2024-40508 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function. | ||||
| CVE-2022-43901 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2025-04-23 | 5.7 Medium |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | ||||
| CVE-2024-40511 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function. | ||||
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | ||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | ||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3591 | 1 Vim | 1 Vim | 2025-04-23 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0789. | ||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2025-04-23 | 8 High |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | ||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2025-04-23 | 5.3 Medium |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | ||||