Export limit exceeded: 336182 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (336182 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39037 | 1 Flowring | 1 Agentflow | 2025-05-01 | 7.5 High |
| Agentflow BPM file download function has a path traversal vulnerability. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files. | ||||
| CVE-2024-36843 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | 7.5 High |
| libmodbus v3.1.6 was discovered to contain a heap overflow via the modbus_mapping_free() function. | ||||
| CVE-2022-34331 | 1 Ibm | 1 Powervm Hypervisor | 2025-05-01 | 5.5 Medium |
| After performing a sequence of Power FW950, FW1010 maintenance operations a SRIOV network adapter can be improperly configured leading to desired VEPA configuration being disabled. IBM X-Force ID: 229695. | ||||
| CVE-2022-38387 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-05-01 | 7.1 High |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 233786. | ||||
| CVE-2022-41211 | 1 Sap | 2 3d Visual Enterprise Author, 3d Visual Enterprise Viewer | 2025-05-01 | 7 High |
| Due to lack of proper memory management, when a victim opens manipulated file received from untrusted sources in SAP 3D Visual Enterprise Author and SAP 3D Visual Enterprise Viewer, Arbitrary Code Execution can be triggered when payload forces:Re-use of dangling pointer which refers to overwritten space in memory. The accessed memory must be filled with code to execute the attack. Therefore, repeated success is unlikely.Stack-based buffer overflow. Since the memory overwritten is random, based on access rights of the memory, repeated success is not assured. | ||||
| CVE-2022-38385 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-05-01 | 7.1 High |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. | ||||
| CVE-2024-36844 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | 7.5 High |
| libmodbus v3.1.6 was discovered to contain a use-after-free via the ctx->backend pointer. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | ||||
| CVE-2022-34666 | 5 Citrix, Linux, Microsoft and 2 more | 6 Hypervisor, Linux Kernel, Windows and 3 more | 2025-05-01 | 6.5 Medium |
| NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service. | ||||
| CVE-2022-41258 | 1 Sap | 1 Financial Consolidation | 2025-05-01 | 6.5 Medium |
| Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker to inject malicious script when running a common query in the Web Administration Console. On successful exploitation, an attacker can view or modify information causing a limited impact on confidentiality, integrity and availability of the application. | ||||
| CVE-2024-36845 | 1 Libmodbus | 1 Libmodbus | 2025-05-01 | 4.3 Medium |
| An invalid pointer in the modbus_receive() function of libmodbus v3.1.6 allows attackers to cause a Denial of Service (DoS) via a crafted message sent to the unit-test-server. | ||||
| CVE-2022-39885 | 1 Google | 1 Android | 2025-05-01 | 5.9 Medium |
| Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | ||||
| CVE-2022-40750 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-05-01 | 5.4 Medium |
| IBM WebSphere Application Server 8.5, and 9.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236588. | ||||
| CVE-2022-36776 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-05-01 | 5.4 Medium |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 79and 1.10.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233663. | ||||
| CVE-2022-29836 | 1 Westerndigital | 6 My Cloud Home, My Cloud Home Duo, My Cloud Home Duo Firmware and 3 more | 2025-05-01 | 1.9 Low |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability was discovered via an HTTP API on Western Digital My Cloud Home; My Cloud Home Duo; and SanDisk ibi devices that could allow an attacker to abuse certain parameters to point to random locations on the file system. This could also allow the attacker to initiate the installation of custom packages at these locations. This can only be exploited once the attacker has been authenticated to the device. This issue affects: Western Digital My Cloud Home and My Cloud Home Duo versions prior to 8.11.0-113 on Linux; SanDisk ibi versions prior to 8.11.0-113 on Linux. | ||||
| CVE-2022-31772 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-05-01 | 5.3 Medium |
| IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. | ||||
| CVE-2022-40753 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2025-05-01 | 5.4 Medium |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 236688. | ||||
| CVE-2020-8887 | 1 Telestream | 2 Medius, Sentry | 2025-05-01 | 7.5 High |
| Telestream Tektronix Medius before 10.7.5 and Sentry before 10.7.5 have a SQL injection vulnerability allowing an unauthenticated attacker to dump database contents via the page parameter in a page=login request to index.php (aka the server login page). | ||||
| CVE-2025-24358 | 2025-05-01 | N/A | ||
| gorilla/csrf provides Cross Site Request Forgery (CSRF) prevention middleware for Go web applications & services. Prior to 1.7.2, gorilla/csrf does not validate the Origin header against an allowlist. Its executes its validation of the Referer header for cross-origin requests only when it believes the request is being served over TLS. It determines this by inspecting the r.URL.Scheme value. However, this value is never populated for "server" requests per the Go spec, and so this check does not run in practice. This vulnerability allows an attacker who has gained XSS on a subdomain or top level domain to perform authenticated form submissions against gorilla/csrf protected targets that share the same top level domain. This vulnerability is fixed in 1.7.2. | ||||
| CVE-2022-46091 | 2 Online Flight Booking Management System Project, Oretnom23 | 2 Online Flight Booking Management System, Online Flight Booking Management System | 2025-05-01 | 4.7 Medium |
| Cross Site Scripting (XSS) vulnerability in the feedback form of Online Flight Booking Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the airline parameter. | ||||
| CVE-2023-33676 | 2 Oretnom23, Sourcecodester | 2 Lost And Found Information System, Lost And Found Information System | 2025-05-01 | 8.4 High |
| Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id=*" which can be escalated to the remote command execution. | ||||