Search

Search Results (366186 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-38060 2 Openstack, Redhat 2 Kolla, Openstack 2025-05-07 8.8 High
A privilege escalation vulnerability exists in the sudo functionality of OpenStack Kolla git master 05194e7618. A misconfiguration in /etc/sudoers within a container can lead to increased privileges.
CVE-2022-33757 1 Tenable 1 Nessus 2025-05-07 6.5 Medium
An authenticated attacker could read Nessus Debug Log file attachments from the web UI without having the correct privileges to do so. This may lead to the disclosure of information on the scan target and/or the Nessus scan to unauthorized parties able to reach the Nessus instance.
CVE-2022-33184 1 Broadcom 1 Fabric Operating System 2025-05-07 7.8 High
A vulnerability in fab_seg.c.h libraries of all Brocade Fabric OS versions before Brocade Fabric OS v9.1.1, v9.0.1e, v8.2.3c, v8.2.0_cbn5, 7.4.2j could allow local authenticated attackers to exploit stack-based buffer overflows and execute arbitrary code as the root user account.
CVE-2022-33183 1 Broadcom 1 Fabric Operating System 2025-05-07 8.8 High
A vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a remote authenticated attacker to perform stack buffer overflow using in “firmwaredownload” and “diagshow” commands.
CVE-2022-33182 1 Broadcom 1 Fabric Operating System 2025-05-07 7.8 High
A privilege escalation vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, could allow a local authenticated user to escalate its privilege to root using switch commands “supportlink”, “firmwaredownload”, “portcfgupload, license, and “fosexec”.
CVE-2022-33181 1 Broadcom 1 Fabric Operating System 2025-05-07 5.5 Medium
An information disclosure vulnerability in Brocade Fabric OS CLI before Brocade Fabric OS v9.1.0, 9.0.1e, 8.2.3c, 8.2.0cbn5, 7.4.2.j could allow a local authenticated attacker to read sensitive files using switch commands “configshow” and “supportlink”.
CVE-2022-2508 1 Octopus 1 Octopus Server 2025-05-07 5.3 Medium
In affected versions of Octopus Server it is possible to reveal the existence of resources in a space that the user does not have access to due to verbose error messaging.
CVE-2022-2190 1 Enviragallery 1 Envira Gallery 2025-05-07 6.1 Medium
The Gallery Plugin for WordPress plugin before 1.8.4.7 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2022-2167 1 Tagdiv 1 Newspaper 2025-05-07 6.1 Medium
The Newspaper WordPress theme before 12 does not sanitise a parameter before outputting it back in an HTML attribute via an AJAX action, leading to a Reflected Cross-Site Scripting
CVE-2022-29851 1 Open-xchange 1 Ox App Suite 2025-05-07 9.8 Critical
documentconverter in OX App Suite through 7.10.6, in a non-default configuration with ghostscript, allows OS Command Injection because file conversion may occur for an EPS document that is disguised as a PDF document.
CVE-2022-27583 1 Sick 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more 2025-05-07 9.1 Critical
A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact.
CVE-2021-42777 1 Stimulsoft 1 Reports 2025-05-07 9.8 Critical
Stimulsoft (aka Stimulsoft Reports) 2013.1.1600.0, when Compilation Mode is used, allows an attacker to execute arbitrary C# code on any machine that renders a report, including the application server or a user's local machine, as demonstrated by System.Diagnostics.Process.Start.
CVE-2021-40661 1 Mt 2 Ind780, Ind780 Firmware 2025-05-07 7.5 High
A remote, unauthenticated, directory traversal vulnerability was identified within the web interface used by IND780 Advanced Weighing Terminals Build 8.0.07 March 19, 2018 (SS Label 'IND780_8.0.07'), Version 7.2.10 June 18, 2012 (SS Label 'IND780_7.2.10'). It was possible to traverse the folders of the affected host by providing a traversal path to the 'webpage' parameter in AutoCE.ini This could allow a remote unauthenticated adversary to access additional files on the affected system. This could also allow the adversary to perform further enumeration against the affected host to identify the versions of the systems in use, in order to launch further attacks in future.
CVE-2021-40241 1 Xfig Project 1 Xfig 2025-05-07 9.8 Critical
xfig 3.2.7 is vulnerable to Buffer Overflow.
CVE-2021-38728 1 Sem-cms 1 Semcms 2025-05-07 6.1 Medium
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
CVE-2020-21016 1 Dlink 2 Dir-846, Dir-846 Firmware 2025-05-07 9.8 Critical
D-Link DIR-846 devices with firmware 100A35 allow remote attackers to execute arbitrary code as root via HNAP1/control/SetGuestWLanSettings.php.
CVE-2024-52553 1 Jenkins 2 Openid, Openid Connect Authentication 2025-05-07 8.8 High
Jenkins OpenId Connect Authentication Plugin 4.418.vccc7061f5b_6d and earlier does not invalidate the previous session on login.
CVE-2024-49362 2 Joplin Project, Joplinapp 2 Joplin, Joplin 2025-05-07 7.7 High
Joplin is a free, open source note taking and to-do application. Joplin-desktop has a vulnerability that leads to remote code execution (RCE) when a user clicks on an <a> link within untrusted notes. The issue arises due to insufficient sanitization of <a> tag attributes introduced by the Mermaid. This vulnerability allows the execution of untrusted HTML content within the Electron window, which has full access to Node.js APIs, enabling arbitrary shell command execution.
CVE-2022-3203 1 Oringnet 4 Iap-420, Iap-420\+, Iap-420\+ Firmware and 1 more 2025-05-07 9.8 Critical
On ORing net IAP-420(+) with FW version 2.0m a telnet server is enabled by default and cannot permanently be disabled. You can connect to the device via LAN or WiFi with hardcoded credentials and get an administrative shell. These credentials are reset to defaults with every reboot.
CVE-2022-34439 1 Dell 1 Emc Powerscale Onefs 2025-05-07 5.3 Medium
Dell PowerScale OneFS, versions 8.2.0.x-9.4.0.x contain allocation of Resources Without Limits or Throttling vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service and performance issue on that node.