Export limit exceeded: 364910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364910 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-53122 2025-05-08 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-53104 2025-05-08 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49897 2025-05-08 7.0 High
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49856 2025-05-08 1.9 Low
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2022-49843 2025-05-08 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2024-48944 1 Apache 1 Kylin 2025-05-08 6.5 Medium
Server-Side Request Forgery (SSRF) vulnerability in Apache Kylin. Through a kylin server, an attacker may forge a request to invoke "/kylin/api/xxx/diag" api on another internal host and possibly get leaked information. There are two preconditions: 1) The attacker has got admin access to a kylin server; 2) Another internal host has the "/kylin/api/xxx/diag" api endpoint open for service. This issue affects Apache Kylin: from 5.0.0 through 5.0.1. Users are recommended to upgrade to version 5.0.2, which fixes the issue.
CVE-2020-17386 1 Cellopoint 1 Cellos 2025-05-08 6.5 Medium
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With cookie of an authenticated user, attackers can temper with the URL parameter and access arbitrary file on system.
CVE-2020-17385 1 Cellopoint 1 Cellos 2025-05-08 7.5 High
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly, which allows unauthorized user to launch Path Traversal attack and access arbitrate file on the system.
CVE-2020-17384 1 Cellopoint 1 Cellos 2025-05-08 7.2 High
Cellopoint CelloOS v4.1.10 Build 20190922 does not validate URL inputted properly. With the cookie of the system administrator, attackers can inject and remotely execute arbitrary command to manipulate the system.
CVE-2024-25744 2 Linux, Redhat 3 Linux Kernel, Enterprise Linux, Rhel Eus 2025-05-07 8.8 High
In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
CVE-2024-11953 2025-05-07 N/A
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-49339 1 Ellucian 1 Banner 2025-05-07 6.5 Medium
Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.
CVE-2023-45206 1 Zimbra 1 Collaboration 2025-05-07 6.1 Medium
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15, 9.0, and 10.0. Through the help document endpoint in webmail, an attacker can inject JavaScript or HTML code that leads to cross-site scripting (XSS). (Adding an adequate message to avoid malicious code will mitigate this issue.)
CVE-2023-38960 1 Raidenftpd 1 Raidenftpd 2025-05-07 7.3 High
Insecure Permissions issue in Raiden Professional Server RaidenFTPD v.2.4 build 4005 allows a local attacker to gain privileges and execute arbitrary code via crafted executable running from the installation directory.
CVE-2021-46757 1 Amd 20 Ryzen Embedded 5600e, Ryzen Embedded 5600e Firmware, Ryzen Embedded 5800e and 17 more 2025-05-07 7.8 High
Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.
CVE-2024-25740 1 Linux 1 Linux Kernel 2025-05-07 5.5 Medium
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
CVE-2024-23763 1 Gambio 1 Gambio 2025-05-07 9.8 Critical
SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter.
CVE-2024-23759 1 Gambio 1 Gambio 2025-05-07 9.8 Critical
Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function.
CVE-2024-0566 1 Storeapps 1 Smart Manager 2025-05-07 7.2 High
The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin.
CVE-2024-0421 1 Mappresspro 1 Mappress Maps For Wordpress 2025-05-07 5.3 Medium
The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts.