Export limit exceeded: 364491 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364491 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-40463 | 1 Sierrawireless | 8 Aleos, Es450, Gx450 and 5 more | 2025-05-29 | 8.1 High |
| When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access. | ||||
| CVE-2022-34746 | 1 Zyxel | 20 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 17 more | 2025-05-29 | 5.9 Medium |
| An insufficient entropy vulnerability caused by the improper use of randomness sources with low entropy for RSA key pair generation was found in Zyxel GS1900 series firmware versions prior to V2.70. This vulnerability could allow an unauthenticated attacker to retrieve a private key by factoring the RSA modulus N in the certificate of the web administration interface. | ||||
| CVE-2023-49293 | 1 Vitejs | 1 Vite | 2025-05-29 | 6.1 Medium |
| Vite is a website frontend framework. When Vite's HTML transformation is invoked manually via `server.transformIndexHtml`, the original request URL is passed in unmodified, and the `html` being transformed contains inline module scripts (`<script type="module">...</script>`), it is possible to inject arbitrary HTML into the transformed output by supplying a malicious URL query string to `server.transformIndexHtml`. Only apps using `appType: 'custom'` and using the default Vite HTML middleware are affected. The HTML entry must also contain an inline script. The attack requires a user to click on a malicious URL while running the dev server. Restricted files aren't exposed to the attacker. This issue has been addressed in vite@5.0.5, vite@4.5.1, and vite@4.4.12. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-2924 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2025-05-29 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.3. | ||||
| CVE-2023-49290 | 1 Lestrrat-go | 1 Jwx | 2025-05-29 | 5.3 Medium |
| lestrrat-go/jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. A p2c parameter set too high in JWE's algorithm PBES2-* could lead to a denial of service. The JWE key management algorithms based on PBKDF2 require a JOSE Header Parameter called p2c (PBES2 Count). This parameter dictates the number of PBKDF2 iterations needed to derive a CEK wrapping key. Its primary purpose is to intentionally slow down the key derivation function, making password brute-force and dictionary attacks more resource- intensive. Therefore, if an attacker sets the p2c parameter in JWE to a very large number, it can cause a lot of computational consumption, resulting in a denial of service. This vulnerability has been addressed in commit `64f2a229b` which has been included in release version 1.2.27 and 2.0.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. | ||||
| CVE-2022-3000 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2025-05-29 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository yetiforcecompany/yetiforcecrm prior to 6.4.0. | ||||
| CVE-2023-42561 | 1 Samsung | 1 Android | 2025-05-29 | 7.1 High |
| Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | ||||
| CVE-2025-26817 | 1 Netwrix | 1 Password Secure | 2025-05-29 | 9.8 Critical |
| Netwrix Password Secure 9.2.0.32454 allows OS command injection. | ||||
| CVE-2021-28423 | 1 Phpgurukul | 1 Teachers Record Management System | 2025-05-28 | 8.8 High |
| Multiple SQL Injection vulnerabilities in Teachers Record Management System 1.0 thru 2.1 allow remote authenticated users to execute arbitrary SQL commands via the 'editid' GET parameter in edit-subjects-detail.php, edit-teacher-detail.php, or the 'searchdata' POST parameter in search.php. | ||||
| CVE-2023-51756 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-51753 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-50338 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-49904 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-49604 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-49139 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-49137 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2023-48726 | 2025-05-28 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is Unused | ||||
| CVE-2022-23126 | 1 Teslamate | 1 Teslamate | 2025-05-28 | 9.8 Critical |
| TeslaMate before 1.25.1 (when using the default Docker configuration) allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls. | ||||
| CVE-2023-29857 | 1 Teslamate | 1 Teslamate | 2025-05-28 | 5.3 Medium |
| An issue in Teslamate v1.27.1 allows attackers to obtain sensitive information via directly accessing the teslamate link. | ||||
| CVE-2022-44581 | 1 Wpmudev | 1 Defender | 2025-05-28 | 5 Medium |
| Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. | ||||