Export limit exceeded: 328772 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (328772 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4123 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | 3.3 Low |
| A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | ||||
| CVE-2022-4122 | 3 Fedoraproject, Podman Project, Redhat | 4 Fedora, Podman, Enterprise Linux and 1 more | 2025-04-22 | 5.3 Medium |
| A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | ||||
| CVE-2022-45968 | 1 Alist Project | 1 Alist | 2025-04-22 | 8.8 High |
| Alist v3.4.0 is vulnerable to File Upload. A user with only file upload permission can upload any file to any folder (even a password protected one). | ||||
| CVE-2022-45910 | 1 Apache | 1 Manifoldcf | 2025-04-22 | 5.3 Medium |
| Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | ||||
| CVE-2022-44213 | 1 Zkteco | 1 Automatic Data Master Server | 2025-04-22 | 4.8 Medium |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44031 | 1 Redmine | 1 Redmine | 2025-04-22 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | ||||
| CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2025-04-22 | 9.3 Critical |
| The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | ||||
| CVE-2022-40939 | 1 Secu | 2 Secustation, Secustation Firmware | 2025-04-22 | 4.9 Medium |
| In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. | ||||
| CVE-2022-3906 | 1 Whitestudio | 1 Easy Form Builder | 2025-04-22 | 4.8 Medium |
| The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3259 | 1 Redhat | 1 Openshift | 2025-04-22 | 7.4 High |
| Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-34297 | 1 Yiiframework | 1 Gii | 2025-04-22 | 5.4 Medium |
| Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | ||||
| CVE-2022-25912 | 1 Simple-git Project | 1 Simple-git | 2025-04-22 | 8.1 High |
| The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | ||||
| CVE-2022-25837 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-04-22 | 7.5 High |
| Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion. | ||||
| CVE-2022-25836 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-04-22 | 7.5 High |
| Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion. | ||||
| CVE-2021-41943 | 1 Logrhythm | 1 Logrhythm | 2025-04-22 | 6.1 Medium |
| Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. | ||||
| CVE-2025-30306 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-22 | 5.5 Medium |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2022-46742 | 1 Paddlepaddle | 1 Paddlepaddle | 2025-04-22 | 10 Critical |
| Code injection in paddle.audio.functional.get_window in PaddlePaddle 2.4.0-rc0 allows arbitrary code execution. | ||||
| CVE-2025-30307 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-22 | 5.5 Medium |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30308 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-22 | 5.5 Medium |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||
| CVE-2025-30309 | 1 Adobe | 1 Xmp Toolkit Software Development Kit | 2025-04-22 | 5.5 Medium |
| XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||||