Search

Search Results (364328 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-42982 1 Bund 1 Bkg Professional Ntripcaster 2025-04-30 7.5 High
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
CVE-2022-42904 1 Zohocorp 1 Manageengine Admanager Plus 2025-04-30 7.2 High
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
CVE-2022-3600 1 Awesomemotive 1 Easy Digital Downloads 2025-04-30 9.8 Critical
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
CVE-2022-3336 1 Awplife 1 Event Monster 2025-04-30 4.3 Medium
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack
CVE-2022-38871 1 Free5gc 1 Free5gc 2025-04-30 7.5 High
In Free5gc v3.0.5, the AMF breaks due to malformed NAS messages.
CVE-2022-20427 1 Google 1 Android 2025-04-30 6.7 Medium
In (TBD) of (TBD), there is a possible way to corrupt memory due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239555070References: N/A
CVE-2021-24649 1 Wedevs 1 Wp User Frontend 2025-04-30 9.8 Critical
The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the account to be created with, encrypted via wpuf_encryption(). This could allow an attacker having access to the AUTH_KEY and AUTH_SALT constant (via an arbitrary file access issue for example, or if the blog is using the default keys) to create an account with any role they want, such as admin
CVE-2024-20291 1 Cisco 81 Nexus 3000 In Standalone Nx-os Mode, Nexus 3048, Nexus 31108pc-v and 78 more 2025-04-30 5.8 Medium
A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces.
CVE-2022-44746 1 Acronis 1 Cyber Protect Home Office 2025-04-30 5.5 Medium
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107.
CVE-2024-21682 1 Atlassian 1 Assets Discovery Data Center 2025-04-30 7.2 High
This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program.
CVE-2022-41215 1 Sap 1 Netweaver Application Server Abap 2025-04-30 4.7 Medium
SAP NetWeaver ABAP Server and ABAP Platform allows an unauthenticated attacker to redirect users to a malicious site due to insufficient URL validation. This could lead to the user being tricked to disclose personal information.
CVE-2025-25431 1 Trendnet 2 Tew-929dru, Tew-929dru Firmware 2025-04-30 4.8 Medium
Trendnet TEW-929DRU 1.0.0.10 contains a Stored Cross-site Scripting (XSS) vulnerability via the The ssid key of wifi_data parameter on the /captive_portal.htm page.
CVE-2025-29743 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-04-30 6.5 Medium
D-Link DIR-816 A2V1.1.0B05 was found to contain a command injection in /goform/delRouting.
CVE-2025-45427 1 Tenda 2 Ac9, Ac9 Firmware 2025-04-30 9.8 Critical
In Tenda AC9 v1.0 with firmware V15.03.05.14_multi, the security parameter of /goform/WifiBasicSet has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
CVE-2025-3341 1 Code-projects 1 Online Restaurant Management System 2025-04-30 7.3 High
A vulnerability, which was classified as critical, was found in codeprojects Online Restaurant Management System 1.0. This affects an unknown part of the file /admin/reservation_view.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-34313 1 Ibm 1 Cics Tx 2025-04-30 4.3 Medium
IBM CICS TX 11.1 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. X-Force ID: 229449.
CVE-2025-3342 1 Code-projects 1 Online Restaurant Management System 2025-04-30 7.3 High
A vulnerability has been found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/payment_save.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-0324 1 Linuxfoundation 1 Software For Open Networking In The Cloud 2025-04-30 8.1 High
There is a vulnerability in DHCPv6 packet parsing code that could be explored by remote attacker to craft a packet that could cause buffer overflow in a memcpy call, leading to out-of-bounds memory write that would cause dhcp6relay to crash. Dhcp6relay is a critical process and could cause dhcp relay docker to shutdown. Discovered by Eugene Lim of GovTech Singapore.
CVE-2025-3343 1 Code-projects 1 Online Restaurant Management System 2025-04-30 7.3 High
A vulnerability was found in codeprojects Online Restaurant Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/reservation_update.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-3344 1 Code-projects 1 Online Restaurant Management System 2025-04-30 7.3 High
A vulnerability was found in codeprojects Online Restaurant Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/assign_save.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.