Search
Search Results (366088 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37835 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-37795 | 2025-05-10 | 7.1 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-50016 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-47770 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47769 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47768 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47767 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47766 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47765 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47764 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47763 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47762 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2022-42983 | 1 Anji-plus | 1 Aj-report | 2025-05-10 | 8.8 High |
| anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | ||||
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | 9.8 Critical |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | ||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2025-05-10 | 7.5 High |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | ||||
| CVE-2022-42237 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-10 | 9.8 Critical |
| A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | ||||
| CVE-2022-42114 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-10 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2022-42113 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-10 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. | ||||
| CVE-2022-41547 | 1 Opensecurity | 1 Mobile Security Framework | 2025-05-10 | 7.5 High |
| Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request. | ||||
| CVE-2022-3368 | 1 Avira | 1 Avira Security | 2025-05-10 | 7.3 High |
| A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | ||||