Export limit exceeded: 338009 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (338009 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-13689 | 1 Google | 2 Chrome, Chrome Os | 2025-05-02 | 7.8 High |
| Inappropriate implementation in OS in Google Chrome on ChromeOS prior to 75.0.3770.80 allowed a remote attacker to perform arbitrary read/write via a malicious file. (Chromium security severity: Critical) | ||||
| CVE-2022-3675 | 1 Redhat | 1 Fedora Coreos | 2025-05-02 | 2.6 Low |
| Fedora CoreOS supports setting a GRUB bootloader password using a Butane config. When this feature is enabled, GRUB requires a password to access the GRUB command-line, modify kernel command-line arguments, or boot non-default OSTree deployments. Recent Fedora CoreOS releases have a misconfiguration which allows booting non-default OSTree deployments without entering a password. This allows someone with access to the GRUB menu to boot into an older version of Fedora CoreOS, reverting any security fixes that have recently been applied to the machine. A password is still required to modify kernel command-line arguments and to access the GRUB command line. | ||||
| CVE-2022-43449 | 1 Openharmony | 1 Openharmony | 2025-05-02 | 6.2 Medium |
| OpenHarmony-v3.1.2 and prior versions had an Arbitrary file read vulnerability via download_server. Local attackers can install an malicious application on the device and reveal any file from the filesystem that is accessible to download_server service which run with UID 1000. | ||||
| CVE-2021-44862 | 1 Netskope | 1 Netskope | 2025-05-02 | 8.4 High |
| Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user. | ||||
| CVE-2025-28144 | 1 Edimax | 2 Br-6478ac V3, Br-6478ac V3 Firmware | 2025-05-02 | 6.5 Medium |
| Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 1.0.15 was discovered to contain a stack overflow vlunerability via peerPin parameter in the formWsc function. | ||||
| CVE-2022-38656 | 1 Hcltechsw | 1 Hcl Commerce | 2025-05-02 | 8.6 High |
| HCL Commerce, when using Elasticsearch, can allow a remote attacker to cause a denial of service attack on the site and make administrative changes. | ||||
| CVE-2022-3191 | 2 Hitachi, Linux | 2 Ops Center Analyzer, Linux Kernel | 2025-05-02 | 6.6 Medium |
| Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Analyzer on Linux (Virtual Strage Software Agent component) allows local users to gain sensitive information. This issue affects Hitachi Ops Center Analyzer: from 10.8.1-00 before 10.9.0-00 | ||||
| CVE-2022-38661 | 1 Hcltechsw | 1 Hcl Workload Automation | 2025-05-02 | 6.2 Medium |
| HCL Workload Automation could allow a local user to overwrite key system files which would cause the system to crash. | ||||
| CVE-2022-38654 | 1 Hcltech | 1 Domino | 2025-05-02 | 5.5 Medium |
| HCL Domino is susceptible to an information disclosure vulnerability. In some scenarios, local calls made on the server to search the Domino directory will ignore xACL read restrictions. An authenticated attacker could leverage this vulnerability to access attributes from a user's person record. | ||||
| CVE-2022-38660 | 1 Hcltech | 1 Domino | 2025-05-02 | 8.3 High |
| HCL XPages applications are susceptible to a Cross Site Request Forgery (CSRF) vulnerability. An unauthenticated attacker could exploit this vulnerability to perform actions in the application on behalf of the logged in user. | ||||
| CVE-2020-12509 | 1 Badgermeter | 1 Moni\ | 2025-05-02 | 7.5 High |
| In s::can moni::tools in versions below 4.2 an unauthenticated attacker could get any file from the device by path traversal in the camera-file module. | ||||
| CVE-2022-41205 | 2 Microsoft, Sap | 2 Windows, Gui | 2025-05-02 | 5.5 Medium |
| SAP GUI allows an authenticated attacker to execute scripts in the local network. On successful exploitation, the attacker can gain access to registries which can cause a limited impact on confidentiality and high impact on availability of the application. | ||||
| CVE-2022-27894 | 1 Palantir | 1 Foundry Blobster | 2025-05-02 | 4.8 Medium |
| The Foundry Blobster service was found to have a cross-site scripting (XSS) vulnerability that could have allowed an attacker with access to Foundry to launch attacks against other users. This vulnerability is resolved in Blobster 3.228.0. | ||||
| CVE-2022-27893 | 1 Osisoft-pi-web-connector Project | 1 Osisoft-pi-web-connector | 2025-05-02 | 4.2 Medium |
| The Foundry Magritte plugin osisoft-pi-web-connector versions 0.15.0 - 0.43.0 was found to be logging in a manner that captured authentication requests. This vulnerability is resolved in osisoft-pi-web-connector version 0.44.0. | ||||
| CVE-2022-41669 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41668 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41667 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41666 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-02 | 8.8 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | ||||
| CVE-2023-4620 | 1 Wpbookingcalendar | 1 Booking Calendar | 2025-05-02 | 6.1 Medium |
| The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators | ||||