Export limit exceeded: 367181 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (367181 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2023-43042 1 Ibm 1 Storage Virtualize 2025-05-22 7.5 High
IBM SAN Volume Controller, IBM Storwize, IBM FlashSystem and IBM Storage Virtualize 8.3 products use default passwords for a privileged user. IBM X-Force ID: 266874.
CVE-2025-4860 1 Dlink 2 Dap-2695, Dap-2695 Firmware 2025-05-22 2.4 Low
A vulnerability classified as problematic has been found in D-Link DAP-2695 120b36r137_ALL_en_20210528. Affected is an unknown function of the file /adv_dhcps.php of the component Static Pool Settings Page. The manipulation of the argument f_mac leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.
CVE-2023-25644 1 Zte 4 Mc801a, Mc801a1, Mc801a1 Firmware and 1 more 2025-05-22 6.5 Medium
There is a denial of service vulnerability in some ZTE mobile internet products. Due to insufficient validation of Web interface parameter, an attacker could use the vulnerability to perform a denial of service attack.
CVE-2023-6569 1 H2o 1 H2o 2025-05-22 8.2 High
External Control of File Name or Path in h2oai/h2o-3
CVE-2023-6572 1 Gradio Project 1 Gradio 2025-05-22 8.1 High
Command Injection in GitHub repository gradio-app/gradio prior to main.
CVE-2023-46143 1 Phoenixcontact 31 Automationworx Software Suite, Axc 1050, Axc 1050 Firmware and 28 more 2025-05-22 7.5 High
Download of Code Without Integrity Check vulnerability in PHOENIX CONTACT classic line PLCs allows an unauthenticated remote attacker to modify some or all applications on a PLC.
CVE-2024-52701 1 Piwigo 1 Piwigo 2025-05-22 5.4 Medium
A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter.
CVE-2024-51094 1 Snipeitapp 1 Snipe-it 2025-05-22 8 High
An issue in Snipe-IT v.7.0.13 build 15514 allows a low-privileged attacker to modify their profile name and inject a malicious payload into the "Name" field. When an administrator later accesses the People Management page, exports the data as a CSV file, and opens it, the injected payload will be executed, allowing the attacker to exfiltrate internal system data from the CSV file to a remote server.
CVE-2024-48311 1 Piwigo 1 Piwigo 2025-05-22 8.8 High
Piwigo v14.5.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Edit album function.
CVE-2024-46606 1 Piwigo 1 Piwigo 2025-05-22 5.4 Medium
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=photo of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVE-2024-46605 1 Piwigo 1 Piwigo 2025-05-22 6.1 Medium
A cross-site scripting (XSS) vulnerability in the component /admin.php?page=album of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Description field.
CVE-2018-18984 1 Medtronic 6 29901 Encore Programmer, 29901 Encore Programmer Firmware, Carelink 2090 Programmer and 3 more 2025-05-22 4.6 Medium
Medtronic CareLink and Encore Programmers do not encrypt or do not sufficiently encrypt sensitive PII and PHI information while at rest .
CVE-2018-14781 1 Medtronicdiabetes 18 508 Minimed Insulin Pump, 508 Minimed Insulin Pump Firmware, 522 Paradigm Real-time and 15 more 2025-05-22 5.3 Medium
Medtronic MiniMed MMT devices when paired with a remote controller and having the “easy bolus” and “remote bolus” options enabled (non-default), are vulnerable to a capture-replay attack. An attacker can capture the wireless transmissions between the remote controller and the pump and replay them to cause an insulin (bolus) delivery.
CVE-2018-10634 1 Medtronic 18 Minimed 530g Mmt-551, Minimed 530g Mmt-551 Firmware, Minimed 530g Mmt-751 and 15 more 2025-05-22 4.8 Medium
Communications between Medtronic MiniMed MMT pumps and wireless accessories are transmitted in cleartext. A sufficiently skilled attacker could capture these transmissions and extract sensitive information, such as device serial numbers.
CVE-2025-3516 1 Archetyped 1 Simple Lightbox 2025-05-22 5.9 Medium
The Simple Lightbox WordPress plugin before 2.9.4 does not validate and escape some of its attributes before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
CVE-2019-25220 1 Bitcoin 1 Bitcoin Core 2025-05-22 7.5 High
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it.
CVE-2024-55563 1 Bitcoin 1 Bitcoin Core 2025-05-22 5.3 Medium
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions.
CVE-2025-32728 2 Debian, Openbsd 2 Debian Linux, Openssh 2025-05-22 4.3 Medium
In sshd in OpenSSH before 10.0, the DisableForwarding directive does not adhere to the documentation stating that it disables X11 and agent forwarding.
CVE-2024-35202 1 Bitcoin 2 Bitcoin, Bitcoin Core 2025-05-22 7.5 High
Bitcoin Core before 25.0 allows remote attackers to cause a denial of service (blocktxn message-handling assertion and node exit) by including transactions in a blocktxn message that are not committed to in a block's merkle root. FillBlock can be called twice for one PartiallyDownloadedBlock instance.
CVE-2022-40106 1 Tenda 2 I9, I9 Firmware 2025-05-22 7.5 High
Tenda i9 v1.0.0.8(3828) was discovered to contain a buffer overflow via the set_local_time function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted string.