Export limit exceeded: 34058 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 333954 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333954 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13884 | 1 Rivercitygraphix | 1 Limit Bio | 2025-04-29 | 7.1 High |
| The Limit Bio WordPress plugin through 1.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2022-41158 | 2 Eyoom, Linux | 2 Eyoom Builder, Linux Kernel | 2025-04-29 | 7.2 High |
| Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code. | ||||
| CVE-2022-34320 | 1 Ibm | 1 Cics Tx | 2025-04-29 | 5.9 Medium |
| IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464. | ||||
| CVE-2024-13885 | 1 Webtechglobal | 1 Wp E-customers Beta | 2025-04-29 | 7.1 High |
| The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||||
| CVE-2022-40751 | 1 Ibm | 1 Urbancode Deploy | 2025-04-29 | 4.9 Medium |
| IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches. IBM X-Force ID: 236601. | ||||
| CVE-2022-32537 | 1 Medtronic | 56 Guardian Link 2 Transmitter Mmt-7730, Guardian Link 2 Transmitter Mmt-7730 Firmware, Guardian Link 2 Transmitter Mmt-7731 and 53 more | 2025-04-29 | 4.8 Medium |
| A vulnerability exists which could allow an unauthorized user to learn aspects of the communication protocol used to pair system components while the pump is being paired with other system components. Exploitation requires nearby wireless signal proximity with the patient and the device; advanced technical knowledge is required for exploitation. Please refer to the Medtronic Product Security Bulletin for guidance | ||||
| CVE-2024-13891 | 1 Scheduler | 1 Schedule | 2025-04-29 | 7.1 High |
| The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2022-31606 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering. | ||||
| CVE-2022-31607 | 2 Linux, Nvidia | 6 Linux Kernel, Cloud Gaming Guest, Geforce and 3 more | 2025-04-29 | 7.8 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure. | ||||
| CVE-2022-31610 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 7.8 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering. | ||||
| CVE-2025-1401 | 1 S-a | 1 Wp Click Info | 2025-04-29 | 7.1 High |
| The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | ||||
| CVE-2025-1436 | 1 Rivercitygraphix | 1 Limit Bio | 2025-04-29 | 7.1 High |
| The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | ||||
| CVE-2022-31612 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 7.1 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information. | ||||
| CVE-2022-31613 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 7.1 High |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic. | ||||
| CVE-2022-31615 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2025-04-29 | 5.5 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | ||||
| CVE-2022-31616 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | ||||
| CVE-2025-29208 | 1 Codezips | 1 Gym Management System | 2025-04-29 | 6.5 Medium |
| CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. | ||||
| CVE-2025-30356 | 1 Nasa | 1 Cryptolib | 2025-04-29 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call. | ||||
| CVE-2022-45934 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2025-04-29 | 7.8 High |
| An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | ||||
| CVE-2022-45933 | 1 Kubeview Project | 1 Kubeview | 2025-04-29 | 9.8 Critical |
| KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." | ||||