Search

Search Results (364158 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24117 1 Ge 16 Inet 900, Inet 900 Firmware, Inet Ii 900 and 13 more 2025-04-12 9.8 Critical
Certain General Electric Renewable Energy products download firmware without an integrity check. This affects iNET and iNET II before 8.3.0, SD before 6.4.7, TD220X before 2.0.16, and TD220MAX before 1.2.6.
CVE-2022-46582 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the login_name parameter in the do_graph_auth (sub_4061E0) function.
CVE-2022-46581 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the cameo.cameo.nslookup_target parameter in the tools_nslookup function.
CVE-2022-46580 1 Trendnet 2 Tew-755ap, Tew-755ap Firmware 2025-04-11 9.8 Critical
TRENDnet TEW755AP 1.13B01 was discovered to contain a stack overflow via the user_edit_page parameter in the wifi_captive_portal function.
CVE-2022-45431 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2025-04-11 7.5 High
Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.
CVE-2022-45430 2 Dahuasecurity, Linux 9 Dhi-dss4004-s2, Dhi-dss4004-s2 Firmware, Dhi-dss7016d-s2 and 6 more 2025-04-11 3.7 Low
Some Dahua software products have a vulnerability of unauthenticated enable or disable SSHD service. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could enable or disable the SSHD service.
CVE-2022-44137 1 Sanitization Management System Project 1 Sanitization Management System 2025-04-11 7.2 High
SourceCodester Sanitization Management System 1.0 is vulnerable to SQL Injection.
CVE-2022-36437 2 Hazelcast, Redhat 3 Hazelcast, Hazelcast-jet, Jboss Fuse 2025-04-11 9.1 Critical
The Connection handler in Hazelcast and Hazelcast Jet allows a remote unauthenticated attacker to access and manipulate data in the cluster with the identity of another already authenticated connection. The affected Hazelcast versions are through 4.0.6, 4.1.9, 4.2.5, 5.0.3, and 5.1.2. The affected Hazelcast Jet versions are through 4.5.3.
CVE-2020-36569 1 Digitalocean 1 Golang-nanoauth 2025-04-11 9.1 Critical
Authentication is globally bypassed in github.com/nanobox-io/golang-nanoauth between v0.0.0-20160722212129-ac0cc4484ad4 and v0.0.0-20200131131040-063a3fb69896 if ListenAndServe is called with an empty token.
CVE-2020-36568 1 Revel 1 Revel 2025-04-11 7.5 High
Unsanitized input in the query parser in github.com/revel/revel before v1.0.0 allows remote attackers to cause resource exhaustion via memory allocation.
CVE-2019-25073 1 Goa.design 1 Goa 2025-04-11 7.5 High
Improper path sanitization in github.com/goadesign/goa before v3.0.9, v2.0.10, or v1.4.3 allow remote attackers to read files outside of the intended directory.
CVE-2018-25046 1 Cloudfoundry 1 Archiver 2025-04-11 9.1 Critical
Due to improper path sanitization, archives containing relative file paths can cause files to be written (or overwritten) outside of the target directory.
CVE-2017-20146 1 Gorillatoolkit 1 Handlers 2025-04-11 9.8 Critical
Usage of the CORS handler may apply improper CORS headers, allowing the requester to explicitly control the value of the Access-Control-Allow-Origin header, which bypasses the expected behavior of the Same Origin Policy.
CVE-2015-10004 1 Json Web Token Project 1 Json Web Token 2025-04-11 7.5 High
Token validation methods are susceptible to a timing side-channel during HMAC comparison. With a large enough number of requests over a low latency connection, an attacker may use this to determine the expected HMAC.
CVE-2014-125026 1 Cloudflare 1 Golz4 2025-04-11 9.8 Critical
LZ4 bindings use a deprecated C API that is vulnerable to memory corruption, which could lead to arbitrary code execution if called with untrusted user input.
CVE-2013-10005 1 Socks5 Project 1 Socks5 2025-04-11 7.5 High
The RemoteAddr and LocalAddr methods on the returned net.Conn may call themselves, leading to an infinite loop which will crash the program due to a stack overflow.
CVE-2025-1176 1 Gnu 1 Binutils 2025-04-11 5 Medium
A vulnerability was found in GNU Binutils 2.43 and classified as critical. This issue affects the function _bfd_elf_gc_mark_rsec of the file elflink.c of the component ld. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The patch is named f9978defb6fab0bd8583942d97c112b0932ac814. It is recommended to apply a patch to fix this issue.
CVE-2023-36237 2 Bagisto, Webkul 2 Bagisto, Bagisto 2025-04-11 8.8 High
Cross Site Request Forgery vulnerability in Bagisto before v.1.5.1 allows an attacker to execute arbitrary code via a crafted HTML script.
CVE-2014-3211 1 Publify 1 Publify 2025-04-11 7.5 High
Publify before 8.0.1 is vulnerable to a Denial of Service attack
CVE-2025-25877 1 Angeljudesuarez 1 Simple Chatbox 2025-04-11 3.8 Low
A vulnerability was found in ITSourcecode Simple ChatBox up to 1.0. This vulnerability affects unknown code of the file /admin.php. The attack can use SQL injection to obtain sensitive data.