Export limit exceeded: 366888 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366888 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-43018 1 Opencats 1 Opencats 2025-09-24 6.1 Medium
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the email parameter in the Check Email function.
CVE-2022-43019 1 Opencats 1 Opencats 2025-09-24 9.8 Critical
OpenCATS v0.9.6 was discovered to contain a remote code execution (RCE) vulnerability via the getDataGridPager's ajax functionality.
CVE-2022-43020 1 Opencats 1 Opencats 2025-09-24 6.5 Medium
OpenCATS v0.9.6 was discovered to contain a SQL injection vulnerability via the tag_id variable in the Tag update function.
CVE-2022-36923 1 Zohocorp 7 Manageengine Firewall Analyzer, Manageengine Netflow Analyzer, Manageengine Network Configuration Manager and 4 more 2025-09-24 5.4 Medium
Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager, NetFlow Analyzer, Firewall Analyzer, and OpUtils before 2022-07-27 through 2022-07-28 (125657, 126002, 126104, and 126118) allow unauthenticated attackers to obtain a user's API key, and then access external APIs.
CVE-2022-38129 1 Keysight 1 Sensor Management Server 2025-09-24 8.1 High
A path traversal vulnerability exists in the com.keysight.tentacle.licensing.LicenseManager.addLicenseFile() method in the Keysight Sensor Management Server (SMS). This allows an unauthenticated remote attacker to upload arbitrary files to the SMS host.
CVE-2022-36934 1 Whatsapp 2 Whatsapp, Whatsapp Business 2025-09-24 9.8 Critical
An integer overflow in WhatsApp could result in remote code execution in an established video call.
CVE-2022-43014 1 Opencats 1 Opencats 2025-09-24 6.1 Medium
OpenCATS v0.9.6 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the joborderID parameter.
CVE-2022-34112 1 Dataease 1 Dataease 2025-09-24 6.5 Medium
An access control issue in the component /api/plugin/uninstall Dataease v1.11.1 allows attackers to arbitrarily uninstall the plugin, a right normally reserved for the administrator.
CVE-2022-34114 1 Dataease 1 Dataease 2025-09-24 8.8 High
Dataease v1.11.1 was discovered to contain a SQL injection vulnerability via the parameter dataSourceId.
CVE-2022-2355 1 Easy Username Updater Project 1 Easy Username Updater 2025-09-24 5.7 Medium
The Easy Username Updater WordPress plugin before 1.0.5 does not implement CSRF checks, which could allow attackers to make a logged in admin change any user's username includes the admin
CVE-2022-2457 1 Redhat 1 Process Automation Manager 2025-09-24 6.5 Medium
A flaw was found in Red Hat Process Automation Manager 7 where an attacker can benefit from a brute force attack against Administration Console as the application does not limit the number of unsuccessful login attempts.
CVE-2021-47524 1 Linux 1 Linux Kernel 2025-09-24 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: serial: liteuart: fix minor-number leak on probe errors Make sure to release the allocated minor number before returning on probe errors.
CVE-2024-53041 1 Siemens 2 Teamcenter Visualization, Tecnomatix Plant Simulation 2025-09-24 7.8 High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000)
CVE-2024-53242 1 Siemens 2 Teamcenter Visualization, Tecnomatix Plant Simulation 2025-09-24 7.8 High
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206)
CVE-2024-11358 2 Google, Mattermost 3 Android, Mattermost, Mattermost Mobile 2025-09-24 5.7 Medium
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider.
CVE-2021-47523 1 Linux 1 Linux Kernel 2025-09-24 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix leak of rcvhdrtail_dummy_kvaddr This buffer is currently allocated in hfi1_init(): if (reinit) ret = init_after_reset(dd); else ret = loadtime_init(dd); if (ret) goto done; /* allocate dummy tail memory for all receive contexts */ dd->rcvhdrtail_dummy_kvaddr = dma_alloc_coherent(&dd->pcidev->dev, sizeof(u64), &dd->rcvhdrtail_dummy_dma, GFP_KERNEL); if (!dd->rcvhdrtail_dummy_kvaddr) { dd_dev_err(dd, "cannot allocate dummy tail memory\n"); ret = -ENOMEM; goto done; } The reinit triggered path will overwrite the old allocation and leak it. Fix by moving the allocation to hfi1_alloc_devdata() and the deallocation to hfi1_free_devdata().
CVE-2021-47515 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2025-09-24 5.5 Medium
In the Linux kernel, the following vulnerability has been resolved: seg6: fix the iif in the IPv6 socket control block When an IPv4 packet is received, the ip_rcv_core(...) sets the receiving interface index into the IPv4 socket control block (v5.16-rc4, net/ipv4/ip_input.c line 510): IPCB(skb)->iif = skb->skb_iif; If that IPv4 packet is meant to be encapsulated in an outer IPv6+SRH header, the seg6_do_srh_encap(...) performs the required encapsulation. In this case, the seg6_do_srh_encap function clears the IPv6 socket control block (v5.16-rc4 net/ipv6/seg6_iptunnel.c line 163): memset(IP6CB(skb), 0, sizeof(*IP6CB(skb))); The memset(...) was introduced in commit ef489749aae5 ("ipv6: sr: clear IP6CB(skb) on SRH ip4ip6 encapsulation") a long time ago (2019-01-29). Since the IPv6 socket control block and the IPv4 socket control block share the same memory area (skb->cb), the receiving interface index info is lost (IP6CB(skb)->iif is set to zero). As a side effect, that condition triggers a NULL pointer dereference if commit 0857d6f8c759 ("ipv6: When forwarding count rx stats on the orig netdev") is applied. To fix that issue, we set the IP6CB(skb)->iif with the index of the receiving interface once again.
CVE-2023-23356 1 Qnap 1 Qufirewall 2025-09-24 5.5 Medium
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later
CVE-2024-50389 1 Qnap 1 Qurouter 2025-09-24 9.8 Critical
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later
CVE-2024-49421 2 Google, Samsung 2 Android, Quick Share 2025-09-24 4.3 Medium
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.