Export limit exceeded: 333980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (333980 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-31615 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2025-04-29 | 5.5 Medium |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | ||||
| CVE-2022-31616 | 2 Microsoft, Nvidia | 7 Windows, Cloud Gaming Guest, Geforce and 4 more | 2025-04-29 | 6.1 Medium |
| NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure. | ||||
| CVE-2025-29208 | 1 Codezips | 1 Gym Management System | 2025-04-29 | 6.5 Medium |
| CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php. | ||||
| CVE-2025-30356 | 1 Nasa | 1 Cryptolib | 2025-04-29 | 9.8 Critical |
| CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call. | ||||
| CVE-2022-45934 | 5 Debian, Fedoraproject, Linux and 2 more | 14 Debian Linux, Fedora, Linux Kernel and 11 more | 2025-04-29 | 7.8 High |
| An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | ||||
| CVE-2022-45933 | 1 Kubeview Project | 1 Kubeview | 2025-04-29 | 9.8 Critical |
| KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure." | ||||
| CVE-2022-45932 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used. | ||||
| CVE-2022-45931 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used. | ||||
| CVE-2022-45930 | 1 Linuxfoundation | 1 Opendaylight | 2025-04-29 | 7.5 High |
| A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface. | ||||
| CVE-2022-45914 | 1 Electronic Shelf Label Protocol Project | 1 Electronic Shelf Label Protocol | 2025-04-29 | 6.5 Medium |
| The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing. | ||||
| CVE-2022-45885 | 2 Linux, Netapp | 11 Linux Kernel, H300s, H300s Firmware and 8 more | 2025-04-29 | 7 High |
| An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. | ||||
| CVE-2022-45476 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-29 | 9.8 Critical |
| Tiny File Manager version 2.4.8 executes the code of files uploaded by users of the application, instead of just returning them for download. This is possible because the application is vulnerable to insecure file upload. | ||||
| CVE-2022-45475 | 1 Tiny File Manager Project | 1 Tiny File Manager | 2025-04-29 | 6.5 Medium |
| Tiny File Manager version 2.4.8 allows an unauthenticated remote attacker to access the application's internal files. This is possible because the application is vulnerable to broken access control. | ||||
| CVE-2022-45470 | 1 Apache | 1 Hama | 2025-04-29 | 7.5 High |
| missing input validation in Apache Hama may cause information disclosure through path traversal and XSS. Since Apache Hama is EOL, we do not expect these issues to be fixed. | ||||
| CVE-2022-45461 | 3 Linux, Opengroup, Veritas | 3 Linux Kernel, Unix, Netbackup | 2025-04-29 | 7.5 High |
| The Java Admin Console in Veritas NetBackup through 10.1 and related Veritas products on Linux and UNIX allows authenticated non-root users (that have been explicitly added to the auth.conf file) to execute arbitrary commands as root. | ||||
| CVE-2022-45225 | 1 Book Store Management System Project | 1 Book Store Management System | 2025-04-29 | 6.1 Medium |
| Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | ||||
| CVE-2022-45017 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Overview Page settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Loop field. | ||||
| CVE-2022-45016 | 1 Wbce | 1 Wbce Cms | 2025-04-29 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the Search Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Footer field. | ||||
| CVE-2022-44401 | 1 Online Tours \& Travels Management System Project | 1 Online Tours \& Travels Management System | 2025-04-29 | 9.8 Critical |
| Online Tours & Travels Management System v1.0 contains an arbitrary file upload vulnerability via /tour/admin/file.php. | ||||
| CVE-2022-44183 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.19 is vulnerable to Buffer Overflow via function formSetWifiGuestBasic. | ||||