Search

Search Results (366361 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-28161 1 Jenkins 1 Delphix 2025-05-07 5.3 Medium
In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default.
CVE-2024-51023 1 Dlink 3 Dir-823g, Dir-823g Firmware, Dir 823g Firmware 2025-05-07 8.8 High
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the Address parameter in the SetNetworkTomographySettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
CVE-2024-28160 1 Jenkins 1 Icescrum 2025-05-07 8.8 High
Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs.
CVE-2024-51024 1 Dlink 3 Dir-823g, Dir-823g Firmware, Dir 823g Firmware 2025-05-07 8 High
D-Link DIR_823G 1.0.2B05 was discovered to contain a command injection vulnerability via the HostName parameter in the SetWanSettings function. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request.
CVE-2024-51186 1 Dlink 2 Dir-820l, Dir-820l Firmware 2025-05-07 8 High
D-Link DIR-820L 1.05b03 was discovered to contain a remote code execution (RCE) vulnerability via the ping_addr parameter in the ping_v4 and ping_v6 functions.
CVE-2022-44022 1 Pwndoc Project 1 Pwndoc 2025-05-07 5.3 Medium
PwnDoc through 0.5.3 might allow remote attackers to identify valid user account names by leveraging response timings for authentication attempts.
CVE-2022-44020 3 Fedoraproject, Opendev, Redhat 4 Fedora, Sushy-tools, Virtualbmc and 1 more 2025-05-07 5.5 Medium
An issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. NOTE: this only affects an "unsupported, production-like configuration."
CVE-2022-44019 1 Totaljs 1 Total.js 2025-05-07 8.8 High
In Total.js 4 before 0e5ace7, /api/common/ping can achieve remote command execution via shell metacharacters in the host parameter.
CVE-2022-43776 1 Metabase 1 Metabase 2025-05-07 6.5 Medium
The url parameter of the /api/geojson endpoint in Metabase versions <44.5 can be used to perform Server Side Request Forgery attacks. Previously implemented blacklists could be circumvented by leveraging 301 and 302 redirects.
CVE-2022-43775 1 Deltaww 1 Diaenergie 2025-05-07 9.8 Critical
The HICT_Loop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43774 1 Deltaww 1 Diaenergie 2025-05-07 9.8 Critical
The HandlerPageP_KID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system.
CVE-2022-43766 1 Apache 1 Iotdb 2025-05-07 7.5 High
Apache IoTDB version 0.12.2 to 0.12.6, 0.13.0 to 0.13.2 are vulnerable to a Denial of Service attack when accepting untrusted patterns for REGEXP queries with Java 8. Users should upgrade to 0.13.3 which addresses this issue or use a later version of Java to avoid it.
CVE-2022-43750 3 Debian, Linux, Redhat 6 Debian Linux, Linux Kernel, Enterprise Linux and 3 more 2025-05-07 6.7 Medium
drivers/usb/mon/mon_bin.c in usbmon in the Linux kernel before 5.19.15 and 6.x before 6.0.1 allows a user-space client to corrupt the monitor's internal memory.
CVE-2022-43286 1 F5 1 Njs 2025-05-07 9.8 Critical
Nginx NJS v0.7.2 was discovered to contain a heap-use-after-free bug caused by illegal memory copy in the function njs_json_parse_iterator_call at njs_json.c.
CVE-2022-43285 1 F5 1 Njs 2025-05-07 7.5 High
Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job. NOTE: the vendor disputes the significance of this report because NJS does not operate on untrusted input.
CVE-2022-43280 1 Webassembly 1 Wabt 2025-05-07 7.1 High
wasm-interp v1.0.29 was discovered to contain an out-of-bounds read via the component OnReturnCallExpr->GetReturnCallDropKeepCount.
CVE-2022-43276 1 Canteen Management System Project 1 Canteen Management System 2025-05-07 7.2 High
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the productId parameter at /php_action/fetchSelectedfood.php.
CVE-2022-43275 1 Canteen Management System Project 1 Canteen Management System 2025-05-07 7.2 High
Canteen Management System v1.0 was discovered to contain an arbitrary file upload vulnerability via /youthappam/php_action/editProductImage.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.
CVE-2022-43233 1 Canteen Management System Project 1 Canteen Management System 2025-05-07 7.2 High
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchSelectedUser.php.
CVE-2022-43232 1 Canteen Management System Project 1 Canteen Management System 2025-05-07 7.2 High
Canteen Management System v1.0 was discovered to contain a SQL injection vulnerability via the userid parameter at /php_action/fetchOrderData.php.