Search

Search Results (366310 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-32947 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-05-06 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32946 1 Apple 2 Ipados, Iphone Os 2025-05-06 5.5 Medium
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
CVE-2022-32944 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-06 7.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32941 1 Apple 3 Ipados, Iphone Os, Macos 2025-05-06 9.8 Critical
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.
CVE-2018-20623 1 Gnu 1 Binutils 2025-05-06 5.5 Medium
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
CVE-2024-48622 1 Domainmod 1 Domainmod 2025-05-06 6.6 Medium
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
CVE-2024-48623 1 Domainmod 1 Domainmod 2025-05-06 5.3 Medium
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).
CVE-2023-7235 1 Openvpn 1 Openvpn Gui 2025-05-06 8.4 High
The OpenVPN GUI installer before version 2.6.9 did not set the proper access control restrictions to the installation directory of OpenVPN binaries when using a non-standard installation path, which allows an attacker to replace binaries to run arbitrary executables.
CVE-2024-48624 1 Domainmod 1 Domainmod 2025-05-06 5.3 Medium
In segments\edit.php of DomainMOD below v4.12.0, the segid parameter in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS) vulnerability.
CVE-2024-10297 1 Anujk305 1 Medical Card Generation System 2025-05-06 4.7 Medium
A vulnerability was found in PHPGurukul Medical Card Generation System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/changeimage.php of the component Managecard Edit Image Page. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-49380 1 Plenti 2 Plenti, Plentico 2025-05-06 7.5 High
Plenti, a static site generator, has an arbitrary file write vulnerability in versions prior to 0.7.2. The `/postLocal` endpoint is vulnerable to an arbitrary file write vulnerability when a plenti user serves their website. This issue may lead to Remote Code Execution. Version 0.7.2 fixes the vulnerability.
CVE-2024-20325 1 Cisco 1 Unified Intelligence Center 2025-05-06 5.1 Medium
A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device.
CVE-2022-3337 1 Cloudflare 1 Warp Mobile Client 2025-05-06 6.7 Medium
It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch  feature being enabled on Zero Trust Platform. This led to bypassing policies and restrictions enforced for enrolled devices by the Zero Trust platform.
CVE-2023-50975 2 Td, Tdbank 2 Advanced Dashboard, Td-advanced-dashboard 2025-05-06 8.4 High
The TD Bank TD Advanced Dashboard client through 3.0.3 for macOS allows arbitrary code execution because of the lack of electron::fuses::IsRunAsNodeEnabled (i.e., ELECTRON_RUN_AS_NODE can be used in production). This makes it easier for a compromised process to access banking information.
CVE-2024-25381 2 Emlog, Emlog Pro Project 2 Emlog, Emlog Pro 2025-05-06 6.1 Medium
There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content.
CVE-2024-25461 1 Creatio 1 Crm Creatio 2025-05-06 7.5 High
Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component.
CVE-2024-27283 1 Veritas 1 Ediscovery Platform 2025-05-06 7.2 High
A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed.
CVE-2025-2362 1 Phpgurukul 1 Pre-school Enrollment System 2025-05-06 7.3 High
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
CVE-2024-0220 1 Br-automation 2 Automation Studio, Technology Guarding 2025-05-06 8.3 High
B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data.
CVE-2025-2379 1 Phpgurukul 1 Apartment Visitors Management System 2025-05-06 7.3 High
A vulnerability was found in PHPGurukul Apartment Visitors Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /create-pass.php. The manipulation of the argument visname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.