Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-22530 1 Sap 1 S\/4hana 2026-02-24 8.1 High
The F0743 Create Single Payment application of SAP S/4HANA - versions 100, 101, 102, 103, 104, 105, 106, does not check uploaded or downloaded files. This allows an attacker with basic user rights to inject dangerous content or malicious code which could result in critical information being modified or completely compromise the availability of the application.
CVE-2022-22529 1 Sap 1 Enterprise Threat Detection 2026-02-24 6.1 Medium
SAP Enterprise Threat Detection (ETD) - version 2.0, does not sufficiently encode user-controlled inputs which may lead to an unauthorized attacker possibly exploit XSS vulnerability. The UIs in ETD are using SAP UI5 standard controls, the UI5 framework provides automated output encoding for its standard controls. This output encoding prevents stored malicious user input from being executed when it is reflected in the UI.
CVE-2022-22528 2 Microsoft, Sap 2 Windows, Adaptive Server Enterprise 2026-02-24 7.8 High
SAP Adaptive Server Enterprise (ASE) - version 16.0, installation makes an entry in the system PATH environment variable in Windows platform which, under certain conditions, allows a Standard User to execute malicious Windows binaries which may lead to privilege escalation on the local system. The issue is with the ASE installer and does not impact other ASE binaries.
CVE-2022-1650 3 Debian, Eventsource, Redhat 11 Debian Linux, Eventsource, Ceph Storage and 8 more 2026-02-24 8.1 High
Improper Removal of Sensitive Information Before Storage or Transfer in GitHub repository eventsource/eventsource prior to v2.0.2.
CVE-2022-1316 2 Microsoft, Zerotier 2 Windows, Zerotierone 2026-02-24 8.8 High
Incorrect Permission Assignment for Critical Resource in GitHub repository zerotier/zerotierone prior to 1.8.8. Local Privilege Escalation
CVE-2022-1252 1 Sir 1 Gnuboard 2026-02-24 8.2 High
Use of a Broken or Risky Cryptographic Algorithm in GitHub repository gnuboard/gnuboard5 prior to and including 5.5.5. A vulnerability in gnuboard v5.5.5 and below uses weak encryption algorithms leading to sensitive information exposure. This allows an attacker to derive the email address of any user, including when the 'Let others see my information.' box is ticked off. Or to send emails to any email address, with full control of its contents
CVE-2022-1223 1 Phpipam 1 Phpipam 2026-02-24 6.5 Medium
Incorrect Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.
CVE-2025-65097 2 Romm.app, Rommapp 2 Romm, Romm 2026-02-24 6.5 Medium
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No ownership verification is performed before deleting collections. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVE-2025-65027 2 Romm.app, Rommapp 2 Romm, Romm 2026-02-24 7.6 High
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browser executes embedded JavaScript, leading to stored Cross-Site Scripting (XSS) which when combined with a CSRF misconfiguration they lead to achieve full administrative account takeover, creating a rogue admin account, escalating the attacker account role to admin, and much more. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVE-2025-65096 2 Romm.app, Rommapp 2 Romm, Romm 2026-02-24 4.3 Medium
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verification or checking if the collection is public/private before returning collection data. This vulnerability is fixed in 4.4.1 and 4.4.1-beta.2.
CVE-2025-15313 1 Tanium 3 Endpoint Euss, Euss, Tanium Euss 2026-02-24 5.5 Medium
Tanium addressed an arbitrary file deletion vulnerability in Tanium EUSS.
CVE-2025-64113 1 Emby 1 Emby 2026-02-24 9.8 Critical
Emby Server is a user-installable home media server. Versions below 4.9.1.81 allow an attacker to gain full administrative access to an Emby Server (for Emby Server administration, not at the OS level). Other than network access, no specific preconditions need to be fulfilled for a server to be vulnerable. This issue is fixed in version 4.9.1.81.
CVE-2025-15310 1 Tanium 3 Endpoint Configuration Toolset Solution, Endpoint Patch, Patch Endpoint Tools 2026-02-24 7.8 High
Tanium addressed a local privilege escalation vulnerability in Patch Endpoint Tools.
CVE-2025-2148 1 Linuxfoundation 1 Pytorch 2026-02-24 5 Medium
A vulnerability was found in PyTorch 2.6.0+cu124. It has been declared as critical. Affected by this vulnerability is the function torch.ops.profiler._call_end_callbacks_on_jit_fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult.
CVE-2015-6420 1 Apache 1 Commons Collections 2026-02-24 9.8 Critical
Serialized-object interfaces in certain Cisco Collaboration and Social Media; Endpoint Clients and Client Software; Network Application, Service, and Acceleration; Network and Content Security Devices; Network Management and Provisioning; Routing and Switching - Enterprise and Service Provider; Unified Computing; Voice and Unified Communications Devices; Video, Streaming, TelePresence, and Transcoding Devices; Wireless; and Cisco Hosted Services products allow remote attackers to execute arbitrary commands via a crafted serialized Java object, related to the Apache Commons Collections (ACC) library.
CVE-2025-64328 2 Freepbx, Sangoma 4 Endpoint Manager, Filestore, Freepbx and 1 more 2026-02-24 7.2 High
FreePBX Endpoint Manager is a module for managing telephony endpoints in FreePBX systems. In versions 17.0.2.36 and above before 17.0.3, the filestore module within the Administrative interface is vulnerable to a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to obtain remote access to the system as an asterisk user. This issue is fixed in version 17.0.3.
CVE-2024-38268 1 Zyxel 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more 2026-02-24 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
CVE-2024-38266 1 Zyxel 84 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 81 more 2026-02-24 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the parameter type parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.
CVE-2024-5412 1 Zyxel 100 Ax7501-b0, Ax7501-b0 Firmware, Ax7501-b1 and 97 more 2026-02-24 7.5 High
A buffer overflow vulnerability in the library "libclinkc" of the Zyxel VMG8825-T50K firmware version 5.50(ABOM.8)C0 could allow an unauthenticated attacker to cause denial of service (DoS) conditions by sending a crafted HTTP request to a vulnerable device.
CVE-2024-38269 1 Zyxel 82 Ax7501-b1, Ax7501-b1 Firmware, Dx3300-t0 and 79 more 2026-02-24 4.9 Medium
An improper restriction of operations within the bounds of a memory buffer in the USB file-sharing handler of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated attacker with administrator privileges to cause potential memory corruptions, resulting in a thread crash on an affected device.