Search

Search Results (364021 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25676 1 Qualcomm 214 Aqt1000, Aqt1000 Firmware, Qam8295p and 211 more 2025-04-22 6.8 Medium
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25675 1 Qualcomm 98 Aqt1000, Aqt1000 Firmware, Qca6310 and 95 more 2025-04-22 5.5 Medium
Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-25673 1 Qualcomm 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
CVE-2022-25672 1 Qualcomm 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile
CVE-2022-25671 1 Qualcomm 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion in Snapdragon Mobile
CVE-2022-25667 1 Qualcomm 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more 2025-04-22 7.5 High
Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking
CVE-2022-23741 1 Github 1 Enterprise Server 2025-04-22 7.2 High
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2023-51393 1 Silabs 2 Emberznet, Emberznet Sdk 2025-04-22 5.3 Medium
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
CVE-2024-33305 1 Sourcecodester 1 Laboratory Management System 2025-04-22 6.1 Medium
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User.
CVE-2024-0243 2 Langchain, Langchain-ai 2 Langchain, Langchain-ai\/langchain 2025-04-22 8.1 High
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559
CVE-2022-30002 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 7.2 High
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.
CVE-2022-30000 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 9.8 Critical
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.
CVE-2022-30001 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 9.8 Critical
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.
CVE-2022-39381 2 Muhammarajs Project, Pdfhummus 2 Muhammarajs, Hummusjs 2025-04-22 7.5 High
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
CVE-2022-39262 1 Glpi-project 1 Glpi 2025-04-22 5.2 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.
CVE-2022-39276 1 Glpi-project 1 Glpi 2025-04-22 3.5 Low
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.
CVE-2024-1926 1 Mayurik 1 Free And Open Source Inventory Management System 2025-04-22 6.3 Medium
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.
CVE-2022-39277 1 Glpi-project 1 Glpi 2025-04-22 4.5 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. External links are not properly sanitized and can therefore be used for a Cross-Site Scripting (XSS) attack. This issue has been patched, please upgrade to GLPI 10.0.4. There are currently no known workarounds.
CVE-2022-39382 1 Keystonejs 1 Keystone 2025-04-22 9.8 Critical
Keystone is a headless CMS for Node.js — built with GraphQL and React.`@keystone-6/core@3.0.0 || 3.0.1` users that use `NODE_ENV` to trigger security-sensitive functionality in their production builds are vulnerable to `NODE_ENV` being inlined to `"development"` for user code, irrespective of what your environment variables. If you do not use `NODE_ENV` in your user code to trigger security-sensitive functionality, you are not impacted by this vulnerability. Any dependencies that use `NODE_ENV` to trigger particular behaviors (optimizations, security or otherwise) should still respect your environment's configured `NODE_ENV` variable. The application's dependencies, as found in `node_modules` (including `@keystone-6/core`), are typically not compiled as part of this process, and thus should be unaffected. We have tested this assumption by verifying that `NODE_ENV=production yarn keystone start` still uses secure cookies when using `statelessSessions`. This vulnerability has been fixed in @keystone-6/core@3.0.2, regression tests have been added for this vulnerability in #8063.
CVE-2022-39344 1 Microsoft 1 Azure Rtos Usbx 2025-04-22 9.8 Critical
Azure RTOS USBX is a USB host, device, and on-the-go (OTG) embedded stack, that is fully integrated with Azure RTOS ThreadX. Prior to version 6.1.12, the USB DFU UPLOAD functionality may be utilized to introduce a buffer overflow resulting in overwrite of memory contents. In particular cases this may allow an attacker to bypass security features or execute arbitrary code. The implementation of `ux_device_class_dfu_control_request` function prevents buffer overflow during handling of DFU UPLOAD command when current state is `UX_SYSTEM_DFU_STATE_DFU_IDLE`. This issue has been patched, please upgrade to version 6.1.12. As a workaround, add the `UPLOAD_LENGTH` check in all possible states.