Search

Search Results (363139 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-41304 1 Autodesk 1 Fbx Software Development Kit 2025-05-14 7.8 High
An Out-Of-Bounds Write Vulnerability in Autodesk FBX SDK 2020 version and prior may lead to code execution through maliciously crafted FBX files or information disclosure.
CVE-2022-41303 1 Autodesk 1 Fbx Software Development Kit 2025-05-14 7.8 High
A user may be tricked into opening a malicious FBX file which may exploit a use-after-free vulnerability in Autodesk FBX SDK 2020 version causing the application to reference a memory location controlled by an unauthorized third party, thereby running arbitrary code on the system.
CVE-2022-41302 1 Autodesk 1 Fbx Software Development Kit 2025-05-14 7.8 High
An Out-Of-Bounds Read Vulnerability in Autodesk FBX SDK version 2020. and prior may lead to code execution or information disclosure through maliciously crafted FBX files. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process.
CVE-2022-3149 1 Wp Custom Cursors Project 1 Wp Custom Cursors 2025-05-14 6.1 Medium
The WP Custom Cursors WordPress plugin before 3.0.1 does not have CSRF check in place when creating and editing cursors, which could allow attackers to made a logged in admin perform such actions via CSRF attacks. Furthermore, due to the lack of sanitisation and escaping in some of the cursor options, it could also lead to Stored Cross-Site Scripting
CVE-2022-3139 1 Designextreme 1 We\'re Open 2025-05-14 4.8 Medium
The We’re Open! WordPress plugin before 1.42 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-3131 1 Codexpert 1 Search Logger 2025-05-14 7.2 High
The Search Logger WordPress plugin through 0.9 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users
CVE-2022-3126 1 Najeebmedia 1 Frontend File Manager Plugin 2025-05-14 4.3 Medium
The Frontend File Manager Plugin WordPress plugin before 21.4 does not have CSRF check when uploading files, which could allow attackers to make logged in users upload files on their behalf
CVE-2022-39128 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39127 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39126 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39125 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39124 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39123 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39122 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-39121 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2025-05-14 5.5 Medium
In sensor driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service in kernel.
CVE-2022-33217 1 Qualcomm 16 Sd 8 Gen1 5g Firmware, Sm8475, Wcd9380 and 13 more 2025-05-14 7.8 High
Memory corruption in Qualcomm IPC due to buffer copy without checking the size of input while starting communication with a compromised kernel. in Snapdragon Mobile
CVE-2025-2062 1 Projectworlds 1 Life Insurance Management System 2025-05-14 7.3 High
A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-32177 1 Gin-vue-admin Project 1 Gin-vue-admin 2025-05-14 9 Critical
In "Gin-Vue-Admin", versions v2.5.1 through v2.5.3beta are vulnerable to Unrestricted File Upload that leads to execution of javascript code, through the 'Normal Upload' functionality to the Media Library. When an admin user views the uploaded file, a low privilege attacker will get access to the admin’s cookie leading to account takeover.
CVE-2025-2063 1 Projectworlds 1 Life Insurance Management System 2025-05-14 7.3 High
A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-2064 1 Projectworlds 1 Life Insurance Management System 2025-05-14 7.3 High
A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.