Search

Search Results (363530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-24309 1 Mendix 1 Mendix 2025-05-02 6.8 Medium
A vulnerability has been identified in Mendix Runtime V7 (All versions < V7.23.29), Mendix Runtime V8 (All versions < V8.18.16), Mendix Runtime V9 (All versions < V9.13 only with Runtime Custom Setting *DataStorage.UseNewQueryHandler* set to False). If an entity has an association readable by the user, then in some cases, Mendix Runtime may not apply checks for XPath constraints that parse said associations, within apps running on affected versions. A malicious user could use this to dump and manipulate sensitive data.
CVE-2016-1585 1 Canonical 1 Apparmor 2025-05-02 9.8 Critical
In all versions of AppArmor mount rules are accidentally widened when compiled.
CVE-2022-44622 1 Jetbrains 1 Teamcity 2025-05-02 2.7 Low
In JetBrains TeamCity version between 2021.2 and 2022.10 access permissions for secure token health items were excessive
CVE-2022-3023 1 Pingcap 1 Tidb 2025-05-02 9.8 Critical
Use of Externally-Controlled Format String in GitHub repository pingcap/tidb prior to 6.4.0, 6.1.3.
CVE-2024-36742 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
An issue in the oneflow.scatter_nd parameter OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when index parameter exceeds the range of shape.
CVE-2022-39393 1 Bytecodealliance 1 Wasmtime 2025-05-02 8.6 High
Wasmtime is a standalone runtime for WebAssembly. Prior to versions 2.0.2 and 1.0.2, there is a bug in Wasmtime's implementation of its pooling instance allocator where when a linear memory is reused for another instance the initial heap snapshot of the prior instance can be visible, erroneously to the next instance. This bug has been patched and users should upgrade to Wasmtime 2.0.2 and 1.0.2. Other mitigations include disabling the pooling allocator and disabling the `memory-init-cow`.
CVE-2024-36737 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the oneflow.full parameter.
CVE-2024-36743 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.dot.
CVE-2024-36732 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
An issue in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) when an empty array is processed with oneflow.tensordot.
CVE-2024-36734 1 Oneflow 1 Oneflow 2025-05-02 7.5 High
Improper input validation in OneFlow-Inc. Oneflow v0.9.1 allows attackers to cause a Denial of Service (DoS) via inputting a negative value into the dim parameter.
CVE-2024-5032 1 Toolstack 1 Sully 2025-05-02 4.7 Medium
The SULly WordPress plugin before 4.3.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-5033 1 Toolstack 1 Sully 2025-05-02 5.9 Medium
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-5034 1 Toolstack 1 Sully 2025-05-02 8.8 High
The SULly WordPress plugin before 4.3.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
CVE-2024-5074 1 Tipsandtricks-hq 1 Wp Emember 2025-05-02 5.4 Medium
The wp-eMember WordPress plugin before 10.6.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2006-5175 1 Buffalo-technology 1 Terastation Hd-htgl Firmware 2025-05-02 N/A
Cross-site request forgery (CSRF) vulnerability in the administrative interface for the TeraStation HD-HTGL firmware 2.05 beta 1 and earlier allows remote attackers to modify configurations or delete arbitrary data via unspecified vectors.
CVE-2024-48510 3 Dotnetzip.semverd Project, Mihula, Nuget 3 Dotnetzip.semverd, Prodotnetzip, Dotnetzip 2025-05-02 9.1 Critical
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-33265 1 Hazelcast 2 Hazelcast, Imdg 2025-05-02 8.8 High
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
CVE-2022-49816 2025-05-02 5.5 Medium
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
CVE-2023-5168 2 Microsoft, Mozilla 4 Windows, Firefox, Firefox Esr and 1 more 2025-05-01 9.8 Critical
A compromised content process could have provided malicious data to `FilterNodeD2D1` resulting in an out-of-bounds write, leading to a potentially exploitable crash in a privileged process. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 118, Firefox ESR < 115.3, and Thunderbird < 115.3.
CVE-2022-3463 1 Fluentforms 1 Contact Form 2025-05-01 9.8 Critical
The Contact Form Plugin WordPress plugin before 4.3.13 does not validate and escape fields when exporting form entries as CSV, leading to a CSV injection