Search

Search Results (364909 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-32004 2 Fedoraproject, Nodejs 2 Fedora, Node.js 2025-05-08 8.8 High
A vulnerability has been discovered in Node.js version 20, specifically within the experimental permission model. This flaw relates to improper handling of Buffers in file system APIs causing a traversal path to bypass when verifying file permissions. This vulnerability affects all users using the experimental permission model in Node.js 20. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js.
CVE-2022-42200 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 5.4 Medium
Simple Exam Reviewer Management System v1.0 is vulnerable to Stored Cross Site Scripting (XSS) via the Exam List.
CVE-2022-42199 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 8.8 High
Simple Exam Reviewer Management System v1.0 is vulnerable to Cross Site Request Forgery (CSRF) via the Exam List.
CVE-2022-42198 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 8.8 High
In Simple Exam Reviewer Management System v1.0 the User List function suffers from insecure file upload.
CVE-2022-42197 1 Simple Exam Reviewer Management System Project 1 Simple Exam Reviewer Management System 2025-05-08 6.5 Medium
In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges.
CVE-2022-42176 1 Pctechsoft 1 Pcsecure 2025-05-08 7.8 High
In PCTechSoft PCSecure V5.0.8.xw, use of Hard-coded Credentials in configuration files leads to admin panel access.
CVE-2022-42021 1 Best Student Result Management System Project 1 Best Student Result Management System 2025-05-08 9.8 Critical
Best Student Result Management System v1.0 is vulnerable to SQL Injection via /upresult/upresult/notice-details.php?nid=.
CVE-2022-41358 1 Garage Management System Project 1 Garage Management System 2025-05-08 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php.
CVE-2022-40084 1 Opencrx 1 Opencrx 2025-05-08 5.3 Medium
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
CVE-2022-38108 1 Solarwinds 1 Orion Platform 2025-05-08 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-37298 1 Shinken-monitoring 1 Shinken Monitoring 2025-05-08 9.8 Critical
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
CVE-2022-36122 2 Automox, Microsoft 2 Automox, Windows 2025-05-08 7.8 High
The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2025-05-08 9.1 Critical
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-31366 1 Eve-ng 1 Eve-ng 2025-05-08 7.2 High
An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.
CVE-2025-43967 1 Struktur 1 Libheif 2025-05-08 2.9 Low
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVE-2025-43966 1 Struktur 1 Libheif 2025-05-08 2.9 Low
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVE-2022-2188 2 Mcafee, Microsoft 2 Data Exchange Layer, Windows 2025-05-08 6.5 Medium
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.
CVE-2022-41208 1 Sap 1 Financial Consolidation 2025-05-08 5.4 Medium
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
CVE-2024-21376 1 Microsoft 1 Azure Kubernetes Service 2025-05-08 9 Critical
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2025-43971 1 Osrg 1 Gobgp 2025-05-08 8.6 High
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.