Export limit exceeded: 363169 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363169 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2020-36565 2 Labstack, Microsoft 2 Echo, Windows 2025-04-23 5.3 Medium
Due to improper sanitization of user input on Windows, the static file handler allows for directory traversal, allowing an attacker to read files outside of the target directory that the server has permission to read.
CVE-2019-16905 3 Netapp, Openbsd, Siemens 7 Cloud Backup, Steelstore Cloud Integrated Storage, Openssh and 4 more 2025-04-23 7.8 High
OpenSSH 7.7 through 7.9 and 8.x before 8.1, when compiled with an experimental key type, has a pre-authentication integer overflow if a client or server is configured to use a crafted XMSS key. This leads to memory corruption and local code execution because of an error in the XMSS key parsing algorithm. NOTE: the XMSS implementation is considered experimental in all released OpenSSH versions, and there is no supported way to enable it when building portable OpenSSH.
CVE-2015-8104 6 Canonical, Debian, Linux and 3 more 10 Ubuntu Linux, Debian Linux, Linux Kernel and 7 more 2025-04-23 10 Critical
The KVM subsystem in the Linux kernel through 4.2.6, and Xen 4.3.x through 4.6.x, allows guest OS users to cause a denial of service (host OS panic or hang) by triggering many #DB (aka Debug) exceptions, related to svm.c.
CVE-2025-30305 1 Adobe 1 Xmp Toolkit Software Development Kit 2025-04-23 5.5 Medium
XMP Toolkit versions 2023.12 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
CVE-2022-38123 1 Secomea 1 Gatemanager 2025-04-23 8.7 High
Improper Input Validation of plugin files in Administrator Interface of Secomea GateManager allows a server administrator to inject code into the GateManager interface. This issue affects: Secomea GateManager versions prior to 10.0.
CVE-2022-46332 1 Proofpoint 1 Enterprise Protection 2025-04-23 9.6 Critical
The Admin Smart Search feature in Proofpoint Enterprise Protection (PPS/PoD) contains a stored cross-site scripting vulnerability that enables an anonymous email sender to gain admin privileges within the user interface. This affects all versions 8.19.0 and below.
CVE-2025-43014 1 Jetbrains 1 Toolbox 2025-04-23 6.1 Medium
In JetBrains Toolbox App before 2.6 the SSH plugin established connections without sufficient user confirmation
CVE-2022-46333 1 Proofpoint 1 Enterprise Protection 2025-04-23 7.2 High
The admin user interface in Proofpoint Enterprise Protection (PPS/PoD) contains a command injection vulnerability that enables an admin to execute commands beyond their allowed scope. This affects all versions 8.19.0 and below.
CVE-2023-7094 1 Netentsec 1 Application Security Gateway 2025-04-23 5.3 Medium
A vulnerability classified as problematic was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected by this vulnerability is an unknown functionality of the file /protocol/nsasg6.0.tgz. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-248941 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-40507 1 Openpetra 1 Openpetra 2025-04-23 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMPersonnel.asmx function.
CVE-2024-40508 1 Openpetra 1 Openpetra 2025-04-23 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMConference.asmx function.
CVE-2022-43901 1 Ibm 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops 2025-04-23 5.7 Medium
IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829.
CVE-2024-40511 1 Openpetra 1 Openpetra 2025-04-23 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMServerAdmin.asmx function.
CVE-2024-40512 1 Openpetra 1 Openpetra 2025-04-23 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function.
CVE-2024-40506 1 Openpetra 1 Openpetra 2025-04-23 7.3 High
Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function.
CVE-2025-3679 1 Pcman 1 Ftp Server 2025-04-23 7.3 High
A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2022-3591 1 Vim 1 Vim 2025-04-23 7.8 High
Use After Free in GitHub repository vim/vim prior to 9.0.0789.
CVE-2022-38754 1 Microfocus 2 Operations Bridge, Operations Bridge Manager 2025-04-23 8 High
A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11.
CVE-2022-43557 1 Bd 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more 2025-04-23 5.3 Medium
The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump.
CVE-2022-39894 1 Google 1 Android 2025-04-23 4 Medium
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.