Export limit exceeded: 363555 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363555 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41560 | 1 Tibco | 1 Nimbus | 2025-04-22 | 6.5 Medium |
| The Statement Set Upload via the Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows a low privileged attacker with network access to execute a Denial of Service Attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | ||||
| CVE-2025-3402 | 1 Seeyon | 1 Fe Collaborative Office Platform | 2025-04-22 | 6.3 Medium |
| A vulnerability was found in Seeyon Zhiyuan Interconnect FE Collaborative Office Platform 5.5.2 and classified as critical. This issue affects some unknown processing of the file /sysform/042/check.js%70. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2022-46904 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | 5.4 Medium |
| Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Self-XSS. | ||||
| CVE-2022-46903 | 1 Websoft | 1 Websoft Hcm | 2025-04-22 | 5.4 Medium |
| Insufficient processing of user input in WebSoft HCM 2021.2.3.327 allows an authenticated attacker to inject arbitrary HTML tags into the page processed by the user's browser, including scripts in the JavaScript programming language, which leads to Stored XSS. | ||||
| CVE-2022-45997 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | 7.2 High |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Buffer Overflow. | ||||
| CVE-2022-45996 | 1 Tenda | 2 W15e, W20e Firmware | 2025-04-22 | 7.2 High |
| Tenda W20E V16.01.0.6(3392) is vulnerable to Command injection via cmd_get_ping_output. | ||||
| CVE-2022-45980 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | 8.8 High |
| Tenda AX12 V22.03.01.21_CN was discovered to contain a Cross-Site Request Forgery (CSRF) via /goform/SysToolRestoreSet . | ||||
| CVE-2022-45979 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | 7.5 High |
| Tenda AX12 v22.03.01.21_CN was discovered to contain a stack overflow via the ssid parameter at /goform/fast_setting_wifi_set . | ||||
| CVE-2022-45977 | 1 Tenda | 2 Ax12, Ax12 Firmware | 2025-04-22 | 8.8 High |
| Tenda AX12 V22.03.01.21_CN was found to have a command injection vulnerability via /goform/setMacFilterCfg function. | ||||
| CVE-2020-18243 | 1 Enricozab | 1 Cms | 2025-04-22 | 6.5 Medium |
| SQL injection vulnerability found in Enricozab CMS v.1.0 allows a remote attacker to execute arbitrary code via /hdo/hdo-view-case.php. | ||||
| CVE-2025-24948 | 1 Joturl | 1 Joturl | 2025-04-22 | 6.5 Medium |
| In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records. | ||||
| CVE-2022-39903 | 1 Google | 1 Android | 2025-04-22 | 4 Medium |
| Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number. | ||||
| CVE-2021-39143 | 1 Linuxfoundation | 1 Spinnaker | 2025-04-22 | 6.6 Medium |
| Spinnaker is an open source, multi-cloud continuous delivery platform. A path traversal vulnerability was discovered in uses of TAR files by AppEngine for deployments. This uses a utility to extract files locally for deployment without validating the paths in that deployment don't override system files. This would allow an attacker to override files on the container, POTENTIALLY introducing a MITM type attack vector by replacing libraries or injecting wrapper files. Users are advised to update as soon as possible. For users unable to update disable Google AppEngine deployments and/or disable artifacts that provide TARs. | ||||
| CVE-2021-43850 | 1 Discourse | 1 Discourse | 2025-04-22 | 6.8 Medium |
| Discourse is an open source platform for community discussion. In affected versions admins users can trigger a Denial of Service attack via the `/message-bus/_diagnostics` path. The impact of this vulnerability is greater on multisite Discourse instances (where multiple forums are served from a single application server) where any admin user on any of the forums are able to visit the `/message-bus/_diagnostics` path. The problem has been patched. Please upgrade to 2.8.0.beta10 or 2.7.12. No workarounds for this issue exist. | ||||
| CVE-2022-21650 | 1 Convos | 1 Convos | 2025-04-22 | 7.6 High |
| Convos is an open source multi-user chat that runs in a web browser. You can't use SVG extension in Convos' chat window, but you can upload a file with an .html extension. By uploading an SVG file with an html extension the upload filter can be bypassed. This causes Stored XSS. Also, after uploading a file the XSS attack is triggered upon a user viewing the file. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. | ||||
| CVE-2022-21649 | 1 Convos | 1 Convos | 2025-04-22 | 7.6 High |
| Convos is an open source multi-user chat that runs in a web browser. Characters starting with "https://" in the chat window create an <a> tag. Stored XSS vulnerability using onfocus and autofocus occurs because escaping exists for "<" or ">" but escaping for double quotes does not exist. Through this vulnerability, an attacker is capable to execute malicious scripts. Users are advised to update as soon as possible. | ||||
| CVE-2021-43816 | 3 Fedoraproject, Linuxfoundation, Redhat | 3 Fedora, Containerd, Acm | 2025-04-22 | 8 High |
| containerd is an open source container runtime. On installations using SELinux, such as EL8 (CentOS, RHEL), Fedora, or SUSE MicroOS, with containerd since v1.5.0-beta.0 as the backing container runtime interface (CRI), an unprivileged pod scheduled to the node may bind mount, via hostPath volume, any privileged, regular file on disk for complete read/write access (sans delete). Such is achieved by placing the in-container location of the hostPath volume mount at either `/etc/hosts`, `/etc/hostname`, or `/etc/resolv.conf`. These locations are being relabeled indiscriminately to match the container process-label which effectively elevates permissions for savvy containers that would not normally be able to access privileged host files. This issue has been resolved in version 1.5.9. Users are advised to upgrade as soon as possible. | ||||
| CVE-2022-21653 | 1 Typelevel | 1 Jawn | 2025-04-22 | 5.9 Medium |
| Jawn is an open source JSON parser. Extenders of the `org.typelevel.jawn.SimpleFacade` and `org.typelevel.jawn.MutableFacade` who don't override `objectContext()` are vulnerable to a hash collision attack which may result in a denial of service. Most applications do not implement these traits directly, but inherit from a library. `jawn-parser-1.3.1` fixes this issue and users are advised to upgrade. For users unable to upgrade override `objectContext()` to use a collision-safe collection. | ||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-22 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
| CVE-2022-21663 | 3 Debian, Fedoraproject, Wordpress | 3 Debian Linux, Fedora, Wordpress | 2025-04-22 | 6.6 Medium |
| WordPress is a free and open-source content management system written in PHP and paired with a MariaDB database. On a multisite, users with Super Admin role can bypass explicit/additional hardening under certain conditions through object injection. This has been patched in WordPress version 5.8.3. Older affected versions are also fixed via security release, that go back till 3.7.37. We strongly recommend that you keep auto-updates enabled. There are no known workarounds for this issue. | ||||