Search Results (366528 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-25681 1 Qualcomm 196 Aqt1000, Aqt1000 Firmware, Ar8035 and 193 more 2025-04-22 8.4 High
Possible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caches in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-25679 1 Qualcomm 134 Aqt1000, Aqt1000 Firmware, Qca6390 and 131 more 2025-04-22 6.2 Medium
Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25677 1 Qualcomm 286 Apq8096au, Apq8096au Firmware, Aqt1000 and 283 more 2025-04-22 6.7 Medium
Memory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CVE-2022-25676 1 Qualcomm 214 Aqt1000, Aqt1000 Firmware, Qam8295p and 211 more 2025-04-22 6.8 Medium
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CVE-2022-25675 1 Qualcomm 98 Aqt1000, Aqt1000 Firmware, Qca6310 and 95 more 2025-04-22 5.5 Medium
Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
CVE-2022-25673 1 Qualcomm 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion while processing configuration from network in Snapdragon Mobile
CVE-2022-25672 1 Qualcomm 48 Ar8035, Ar8035 Firmware, Qca8081 and 45 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion while processing SIB1 with invalid Bandwidth in Snapdragon Mobile
CVE-2022-25671 1 Qualcomm 28 Ar8035, Ar8035 Firmware, Qca8081 and 25 more 2025-04-22 7.5 High
Denial of service in MODEM due to reachable assertion in Snapdragon Mobile
CVE-2022-25667 1 Qualcomm 138 Ar9380, Ar9380 Firmware, Csr8811 and 135 more 2025-04-22 7.5 High
Information disclosure in kernel due to improper handling of ICMP requests in Snapdragon Wired Infrastructure and Networking
CVE-2022-23741 1 Github 1 Enterprise Server 2025-04-22 7.2 High
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in versions 3.3.17, 3.4.12, 3.5.9, and 3.6.5. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2023-51393 1 Silabs 2 Emberznet, Emberznet Sdk 2025-04-22 5.3 Medium
Due to an allocation of resources without limits, an uncontrolled resource consumption vulnerability exists in Silicon Labs Ember ZNet SDK prior to v7.4.0.0 (delivered as part of Silicon Labs Gecko SDK v4.4.0) which may enable attackers to trigger a bus fault and crash of the device, requiring a reboot in order to rejoin the network.
CVE-2024-33305 1 Sourcecodester 1 Laboratory Management System 2025-04-22 6.1 Medium
SourceCodester Laboratory Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via "Middle Name" parameter in Create User.
CVE-2024-0243 2 Langchain, Langchain-ai 2 Langchain, Langchain-ai\/langchain 2025-04-22 8.1 High
With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559
CVE-2022-30002 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 7.2 High
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editNominee.php?nominee_id=.
CVE-2022-30000 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 9.8 Critical
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editPayment.php?recipt_no=.
CVE-2022-30001 1 Angeljudesuarez 1 Insurance Management System 2025-04-22 9.8 Critical
Insurance Management System 1.0 is vulnerable to SQL Injection via /insurance/editAgent.php?agent_id=.
CVE-2022-39381 2 Muhammarajs Project, Pdfhummus 2 Muhammarajs, Hummusjs 2025-04-22 7.5 High
Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.
CVE-2022-39262 1 Glpi-project 1 Glpi 2025-04-22 5.2 Medium
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package, GLPI administrator can define rich-text content to be displayed on login page. The displayed content is can contains malicious code that can be used to steal credentials. This issue has been patched, please upgrade to version 10.0.4.
CVE-2022-39276 1 Glpi-project 1 Glpi 2025-04-22 3.5 Low
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote script returns a redirect response, the redirect target URL is not checked against the URL allow list defined by administrator. This issue has been patched, please upgrade to 10.0.4. There are currently no known workarounds.
CVE-2024-1926 1 Mayurik 1 Free And Open Source Inventory Management System 2025-04-22 6.3 Medium
A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability.