Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363286 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363286 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-2922 1 Dnnsoftware 1 Dotnetnuke 2025-05-20 4.9 Medium
Relative Path Traversal in GitHub repository dnnsoftware/dnn.platform prior to 9.11.0.
CVE-2022-2529 1 Cloudflare 1 Goflow 2025-05-20 7.5 High
sflow decode package does not employ sufficient packet sanitisation which can lead to a denial of service attack. Attackers can craft malformed packets causing the process to consume large amounts of memory resulting in a denial of service.
CVE-2022-3371 1 Ikus-soft 1 Rdiffweb 2025-05-20 7.5 High
Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.5.0a3.
CVE-2022-23726 1 Pingidentity 1 Pingcentral 2025-05-20 5.4 Medium
PingCentral versions prior to listed versions expose Spring Boot actuator endpoints that with administrative authentication return large amounts of sensitive environmental and application information.
CVE-2022-36961 1 Solarwinds 1 Orion Platform 2025-05-20 8.8 High
A vulnerable component of Orion Platform was vulnerable to SQL Injection, an authenticated attacker could leverage this for privilege escalation or remote code execution.
CVE-2025-30417 1 Ni 1 Circuit Design Suite 2025-05-20 7.8 High
There is a memory corruption vulnerability due to an out of bounds write in Library!DecodeBase64() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVE-2025-30418 1 Ni 1 Circuit Design Suite 2025-05-20 7.8 High
There is a memory corruption vulnerability due to an out of bounds write in CheckPins() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVE-2025-30419 1 Ni 1 Circuit Design Suite 2025-05-20 7.8 High
There is a memory corruption vulnerability due to an out of bounds read in GetSymbolBorderRectSize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVE-2025-30420 1 Ni 1 Circuit Design Suite 2025-05-20 7.8 High
There is a memory corruption vulnerability due to an out of bounds read in Bitmap::InternalDraw() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVE-2025-30421 1 Ni 1 Circuit Design Suite 2025-05-20 7.8 High
There is a memory corruption vulnerability due to a stack-based buffer overflow in DrObjectStorage::XML_Serialize() when using the SymbolEditor in NI Circuit Design Suite.  This vulnerability may result in information disclosure or arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted .sym file. This vulnerability affects NI Circuit Design Suite 14.3.0 and prior versions.
CVE-2022-2601 3 Fedoraproject, Gnu, Redhat 13 Fedora, Grub2, Enterprise Linux and 10 more 2025-05-20 8.6 High
A buffer overflow was found in grub_font_construct_glyph(). A malicious crafted pf2 font can lead to an overflow when calculating the max_glyph_size value, allocating a smaller than needed buffer for the glyph, this further leads to a buffer overflow and a heap based out-of-bounds write. An attacker may use this vulnerability to circumvent the secure boot mechanism.
CVE-2022-34428 1 Dell 1 Hybrid Client 2025-05-20 5 Medium
Dell Hybrid Client prior to version 1.8 contains a Regular Expression Denial of Service Vulnerability in the UI. An adversary with WMS group admin access could potentially exploit this vulnerability, leading to temporary denial-of-service.
CVE-2024-36941 3 Debian, Linux, Redhat 7 Debian Linux, Linux Kernel, Enterprise Linux and 4 more 2025-05-20 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: don't free NULL coalescing rule If the parsing fails, we can dereference a NULL pointer here.
CVE-2022-42717 2 Hashicorp, Linux 2 Vagrant, Linux Kernel 2025-05-20 7.8 High
An issue was discovered in Hashicorp Packer before 2.3.1. The recommended sudoers configuration for Vagrant on Linux is insecure. If the host has been configured according to this documentation, non-privileged users on the host can leverage a wildcard in the sudoers configuration to execute arbitrary commands as root.
CVE-2022-41851 1 Siemens 2 Jt Open Toolkit, Simcenter Femap 2025-05-20 7.8 High
A vulnerability has been identified in JTTK (All versions < V11.1.1.0), Simcenter Femap V2022.1 (All versions < V2022.1.3), Simcenter Femap V2022.2 (All versions < V2022.2.2). The JTTK library is vulnerable to an uninitialized pointer reference vulnerability while parsing specially crafted JT files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-16973)
CVE-2022-41385 1 Democritus 1 D8s-html 2025-05-20 9.8 Critical
The d8s-html package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41384 1 Democritus 1 D8s-domains 2025-05-20 9.8 Critical
The d8s-domains package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-urls package. The affected version is 0.1.0.
CVE-2022-41383 1 Democritus 1 D8s-archives 2025-05-20 9.8 Critical
The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. The affected version is 0.1.0.
CVE-2022-41209 1 Sap 1 Customer Data Cloud 2025-05-20 5.2 Medium
SAP Customer Data Cloud (Gigya mobile app for Android) - version 7.4, uses encryption method which lacks proper diffusion and does not hide the patterns well. This can lead to information disclosure. In certain scenarios, application might also be susceptible to replay attacks.
CVE-2022-41206 1 Sap 1 Businessobjects Business Intelligence 2025-05-20 5.4 Medium
SAP BusinessObjects Business Intelligence platform (Analysis for OLAP) - versions 420, 430, allows an authenticated attacker to send user-controlled inputs when OLAP connections are created and edited in the Central Management Console. On successful exploitation, there could be a limited impact on confidentiality and integrity of the application.