Export limit exceeded: 363853 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363853 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-32837 | 2 Google, Mediatek | 7 Android, Mt6883, Mt6885 and 4 more | 2025-04-25 | 7.8 High |
| In video, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08250357. | ||||
| CVE-2023-32836 | 2 Google, Mediatek | 7 Android, Mt6893, Mt6895 and 4 more | 2025-04-25 | 6.7 Medium |
| In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725. | ||||
| CVE-2023-32832 | 2 Google, Mediatek | 10 Android, Mt6883, Mt6885 and 7 more | 2025-04-25 | 7 High |
| In video, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08235273; Issue ID: ALPS08235273. | ||||
| CVE-2022-45329 | 1 Aerocms Project | 1 Aerocms | 2025-04-25 | 7.5 High |
| AeroCMS v0.0.1 was discovered to contain a SQL Injection vulnerability via the Search parameter. This vulnerability allows attackers to access database information. | ||||
| CVE-2022-44937 | 1 Bosscms | 1 Bosscms | 2025-04-25 | 6.5 Medium |
| Bosscms v2.0.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Add function under the Administrator List module. | ||||
| CVE-2022-44354 | 1 Contec | 2 Solarview Compact, Solarview Compact Firmware | 2025-04-25 | 9.8 Critical |
| SolarView Compact 4.0 and 5.0 is vulnerable to Unrestricted File Upload via a crafted php file. | ||||
| CVE-2022-44279 | 1 Garage Management System Project | 1 Garage Management System | 2025-04-25 | 6.1 Medium |
| Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. | ||||
| CVE-2022-44038 | 1 Russound | 2 Xsourceplayer 777d, Xsourceplayer 777d Firmware | 2025-04-25 | 9.8 Critical |
| Russound XSourcePlayer 777D v06.08.03 was discovered to contain a remote code execution vulnerability via the scriptRunner.cgi component. | ||||
| CVE-2022-44037 | 1 Apsystems | 2 Ecu-c, Ecu-c Firmware | 2025-04-25 | 8.8 High |
| An access control issue in APsystems ENERGY COMMUNICATION UNIT (ECU-C) Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple attacks, such as attacking wireless network in the product's range. | ||||
| CVE-2022-3828 | 1 Video Thumbnails Project | 1 Video Thumbnails | 2025-04-25 | 4.8 Medium |
| The Video Thumbnails WordPress plugin through 2.12.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3768 | 1 Wpsmartcontracts | 1 Wpsmartcontracts | 2025-04-25 | 8.8 High |
| The WPSmartContracts WordPress plugin before 1.3.12 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as author | ||||
| CVE-2022-3610 | 1 Jeeng Push Notifications Project | 1 Jeeng Push Notifications | 2025-04-25 | 4.8 Medium |
| The Jeeng Push Notifications WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3490 | 1 Themehigh | 1 Checkout Field Editor For Woocommerce | 2025-04-25 | 7.2 High |
| The Checkout Field Editor (Checkout Manager) for WooCommerce WordPress plugin before 1.8.0 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present | ||||
| CVE-2022-2983 | 1 Salat Times Project | 1 Salat Times | 2025-04-25 | 4.8 Medium |
| The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | ||||
| CVE-2022-0564 | 2 Microsoft, Qlik | 2 Windows, Qlik Sense | 2025-04-25 | 5.3 Medium |
| A vulnerability in Qlik Sense Enterprise on Windows could allow an remote attacker to enumerate domain user accounts. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow the attacker to compare the response time that are returned by the affected system to determine which accounts are valid user accounts. Affected systems are only vulnerable if they have LDAP configured. The affected URI is /internal_forms_authentication/ the response time of the form is longer if the supplied user does not exists and shorter if the user exists. | ||||
| CVE-2021-32601 | 2025-04-25 | N/A | ||
| Not used | ||||
| CVE-2022-39240 | 1 Mygraph Project | 1 Mygraph | 2025-04-25 | 5.4 Medium |
| MyGraph is a permission management system. Versions prior to 1.0.4 are vulnerable to a storage XSS vulnerability leading to Remote Code Execution. This issue is patched in version 1.0.4. There is no known workaround. | ||||
| CVE-2022-45307 | 1 Chocolatey | 1 Chocolatey Php | 2025-04-25 | 4.3 Medium |
| Insecure permissions in Chocolatey PHP package v8.1.12 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\tools\php81 and all files located in that folder. | ||||
| CVE-2022-45306 | 1 Chocolatey | 1 Chocolatey Azure-pipelines-agent | 2025-04-25 | 4.3 Medium |
| Insecure permissions in Chocolatey Azure-Pipelines-Agent package v2.211.1 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\agent and all files located in that folder. | ||||
| CVE-2022-45305 | 1 Chocolatey | 1 Chocolatey Python3 | 2025-04-25 | 4.3 Medium |
| Insecure permissions in Chocolatey Python3 package v3.11.0 and below grants all users in the Authenticated Users group write privileges for the subfolder C:\Python311 and all files located in that folder. | ||||