Search

Search Results (364917 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-23833 1 Openrefine 1 Openrefine 2025-05-07 7.5 High
OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability.
CVE-2024-58106 1 Huawei 1 Harmonyos 2025-05-07 4.6 Medium
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58107 1 Huawei 1 Harmonyos 2025-05-07 7.5 High
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58108 1 Huawei 1 Harmonyos 2025-05-07 4.6 Medium
Buffer overflow vulnerability in the codec module Impact: Successful exploitation of this vulnerability may affect availability.
CVE-2024-58126 1 Huawei 2 Emui, Harmonyos 2025-05-07 8.4 High
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2024-22228 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVE-2024-22227 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges.
CVE-2024-22225 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges.
CVE-2024-22224 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges.
CVE-2024-22223 1 Dell 1 Unity Operating Environment 2025-05-07 7.8 High
Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.
CVE-2024-58127 1 Huawei 2 Emui, Harmonyos 2025-05-07 8.4 High
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2022-41833 1 F5 11 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Analytics and 8 more 2025-05-07 7.5 High
In all BIG-IP 13.1.x versions, when an iRule containing the HTTP::collect command is configured on a virtual server, undisclosed requests can cause Traffic Management Microkernel (TMM) to terminate.
CVE-2022-41835 1 F5 2 F5os-a, F5os-c 2025-05-07 7.3 High
In F5OS-A version 1.x before 1.1.0 and F5OS-C version 1.x before 1.5.0, excessive file permissions in F5OS allows an authenticated local attacker to execute limited set of commands in a container and impact the F5OS controller.
CVE-2022-41836 1 F5 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager 2025-05-07 7.5 High
When an 'Attack Signature False Positive Mode' enabled security policy is configured on a virtual server, undisclosed requests can cause the bd process to terminate.
CVE-2022-27625 1 Synology 4 Diskstation Manager, Ds3622xs\+, Fs3410 and 1 more 2025-05-07 10 Critical
A vulnerability regarding improper restriction of operations within the bounds of a memory buffer is found in the message processing functionality of Out-of-Band (OOB) Management. This allows remote attackers to execute arbitrary commands via unspecified vectors. The following models with Synology DiskStation Manager (DSM) versions before 7.1.1-42962-2 may be affected: DS3622xs+, FS3410, and HD6500.
CVE-2025-31170 1 Huawei 2 Emui, Harmonyos 2025-05-07 8.4 High
Access control vulnerability in the security verification module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality.
CVE-2023-48452 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2025-05-07 5.4 Medium
Adobe Experience Manager versions 6.5.18 and earlier are affected by a Cross-site Scripting (DOM-based XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
CVE-2023-48538 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2025-05-07 5.4 Medium
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2023-50723 1 Xwiki 1 Xwiki 2025-05-07 10 Critical
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.
CVE-2023-27317 1 Netapp 1 Ontap 2025-05-07 4.3 Medium
ONTAP 9 versions 9.12.1P8, 9.13.1P4, and 9.13.1P5 are susceptible to a vulnerability which will cause all SAS-attached FIPS 140-2 drives to become unlocked after a system reboot or power cycle or a single SAS-attached FIPS 140-2 drive to become unlocked after reinsertion. This could lead to disclosure of sensitive information to an attacker with physical access to the unlocked drives.