Export limit exceeded: 366888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40295 1 Phppointofsale 1 Php Point Of Sale 2026-02-25 4.9 Medium
The application was vulnerable to an authenticated information disclosure, allowing administrators to view unsalted user passwords, which could lead to the compromise of plaintext passwords via offline attacks.
CVE-2025-69247 1 Free5gc 2 Go-upf, Upf 2026-02-25 7.5 High
free5GC go-upf is the User Plane Function (UPF) implementation for 5G networks that is part of the free5GC project. Versions prior to 1.2.8 have a Heap-based Buffer Overflow (CWE-122) vulnerability leading to Denial of Service. Remote attackers can crash the UPF network element by sending a specially crafted PFCP Session Modification Request with an invalid SDF Filter length field. This causes a heap buffer overflow, resulting in complete service disruption for all connected UEs and potential cascading failures affecting the SMF. All deployments of free5GC using the UPF component may be affected. Version 1.2.8 of go-upf contains a fix.
CVE-2022-3423 1 Nocodb 1 Nocodb 2026-02-25 7.3 High
Allocation of Resources Without Limits or Throttling in GitHub repository nocodb/nocodb prior to 0.92.0.
CVE-2022-3225 1 Budibase 1 Budibase 2026-02-25 8.8 High
Improper Control of Dynamically-Managed Code Resources in GitHub repository budibase/budibase prior to 1.3.20.
CVE-2022-3214 1 Deltaww 1 Diaenergie 2026-02-25 9.8 Critical
Delta Industrial Automation's DIAEnergy, an industrial energy management system, is vulnerable to CWE-798, Use of Hard-coded Credentials. Versions prior to  1.9.03.009 have this vulnerability. Executable files could be uploaded to certain directories using hard-coded bearer authorization, allowing remote code execution.
CVE-2022-39808 1 Sap 1 3d Visual Enterprise Author 2026-02-25 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated Wavefront Object (.obj, ObjTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2022-39806 1 Sap 1 3d Visual Enterprise Author 2026-02-25 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Drawing (.slddrw, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2022-39805 1 Sap 1 3d Visual Enterprise Author 2026-02-25 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated Computer Graphics Metafile (.cgm, CgmTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2022-39804 1 Sap 1 3d Visual Enterprise Author 2026-02-25 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated SolidWorks Part (.sldprt, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2022-39803 1 Sap 1 3d Visual Enterprise Author 2026-02-25 7.8 High
Due to lack of proper memory management, when a victim opens a manipulated ACIS Part and Assembly (.sat, CoreCadTranslator.exe) file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a stack-based overflow or a re-use of dangling pointer which refers to overwritten space in memory.
CVE-2022-38106 1 Solarwinds 1 Serv-u 2026-02-25 5.4 Medium
This vulnerability happens in the web client versions 15.3.0 to Serv-U 15.3.1. This vulnerability affects the directory creation function.
CVE-2025-69232 1 Free5gc 3 Go-upf, Smf, Upf 2026-02-25 7.5 High
free5GC is an open-source project for 5th generation (5G) mobile core networks. free5GC go-upf versions up to and including 1.2.6, corresponding to free5gc smf up to and including 1.4.0, have an Improper Input Validation and Protocol Compliance vulnerability leading to Denial of Service. Remote attackers can disrupt core network functionality by sending a malformed PFCP Association Setup Request. The UPF incorrectly accepts it, entering an inconsistent state that causes subsequent legitimate requests to trigger SMF reconnection loops and service degradation. All deployments of free5GC using the UPF and SMF components may be affected. As of time of publication, a fix is in development but not yet available. No direct workaround is available at the application level. Applying the official patch, once released, is recommended.
CVE-2022-35226 1 Sap 1 Data Services 2026-02-25 6.1 Medium
SAP Data Services Management allows an attacker to copy the data from a request and echoed into the application's immediate response, it will lead to a Cross-Site Scripting vulnerability. The attacker would have to log in to the management console to perform such as an attack, only few of the pages are vulnerable in the DS management console.
CVE-2022-34883 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2026-02-25 7.2 High
OS Command Injection vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to execute arbitrary OS commands. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-34882 3 Docker, Hitachi, Microsoft 3 Docker, Raid Manager Storage Replication Adapter, Windows 2026-02-25 9 Critical
Information Exposure Through an Error Message vulnerability in Hitachi RAID Manager Storage Replication Adapter allows remote authenticated users to gain sensitive information. This issue affects: Hitachi RAID Manager Storage Replication Adapter 02.01.04 versions prior to 02.03.02 on Windows; 02.05.00 versions prior to 02.05.01 on Windows and Docker.
CVE-2022-32156 1 Splunk 2 Splunk, Universal Forwarder 2026-02-25 8.1 High
In Splunk Enterprise and Universal Forwarder versions before 9.0, the Splunk command-line interface (CLI) did not validate TLS certificates while connecting to a remote Splunk platform instance by default. After updating to version 9.0, see Configure TLS host name validation for the Splunk CLI https://docs.splunk.com/Documentation/Splunk/9.0.0/Security/EnableTLSCertHostnameValidation#Configure_TLS_host_name_validation_for_the_Splunk_CLI to enable the remediation. The vulnerability does not affect the Splunk Cloud Platform. At the time of publishing, we have no evidence of exploitation of this vulnerability by external parties. The issue requires conditions beyond the control of a potential bad actor such as a machine-in-the-middle attack. Hence, Splunk rates the complexity of the attack as High.
CVE-2023-48782 1 Fortinet 1 Fortiwlm 2026-02-25 8.6 High
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiWLM version 8.6.0 through 8.6.5 allows attacker to execute unauthorized code or commands via specifically crafted http get request parameters
CVE-2023-41678 1 Fortinet 2 Fortios, Fortipam 2026-02-25 8.3 High
A double free in Fortinet FortiOS versions 7.0.0 through 7.0.5, FortiPAM version 1.0.0 through 1.0.3, 1.1.0 through 1.1.1 allows attacker to execute unauthorized code or commands via specifically crafted request.
CVE-2022-30206 1 Microsoft 21 Windows 10, Windows 10 1507, Windows 10 1607 and 18 more 2026-02-25 7.8 High
Windows Print Spooler Elevation of Privilege Vulnerability
CVE-2023-47041 3 Adobe, Apple, Microsoft 3 Media Encoder, Macos, Windows 2026-02-25 7.8 High
Adobe Media Encoder version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.