Export limit exceeded: 366658 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366658 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3338 | 1 Mcafee | 1 Epolicy Orchestrator | 2025-05-13 | 5.4 Medium |
| An External XML entity (XXE) vulnerability in ePO prior to 5.10 Update 14 can lead to an unauthenticated remote attacker to potentially trigger a Server Side Request Forgery attack. This can be exploited by mimicking the Agent Handler call to ePO and passing the carefully constructed XML file through the API. | ||||
| CVE-2024-25180 | 1 Pdfmake Project | 1 Pdfmake | 2025-05-13 | 9.8 Critical |
| An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the /pdf endpoint. NOTE: this is disputed because the behavior of the /pdf endpoint is intentional. The /pdf endpoint is only available after installing a test framework (that lives outside of the pdfmake applicaton). Anyone installing this is responsible for ensuring that it is only available to authorized testers. | ||||
| CVE-2024-22532 | 1 Xnview | 1 Nconvert | 2025-05-13 | 6.5 Medium |
| Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. | ||||
| CVE-2024-26476 | 2 Mpdf Project, Open-emr | 2 Mpdf, Openemr | 2025-05-13 | 3.5 Low |
| An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. | ||||
| CVE-2024-25293 | 1 Mjml | 1 Mjml App | 2025-05-13 | 9.3 Critical |
| mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. | ||||
| CVE-2024-22891 | 1 Nteract | 1 Nteract | 2025-05-13 | 9.8 Critical |
| Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. | ||||
| CVE-2024-26548 | 1 Vivotek | 3 Camera, Camera Firmware, Network Camera | 2025-05-13 | 9.8 Critical |
| An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. | ||||
| CVE-2024-24035 | 1 Setorinformatica | 1 S.i.l. | 2025-05-13 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. | ||||
| CVE-2020-36845 | 1 Knowbe4 | 1 Security Awareness Training | 2025-05-13 | 5.3 Medium |
| The KnowBe4 Security Awareness Training application before 2020-01-10 contains a redirect function that does not validate the destination URL before redirecting. The response has a SCRIPT element that sets window.location.href to an arbitrary https URL. | ||||
| CVE-2020-36844 | 1 Knowbe4 | 1 Security Awareness Training | 2025-05-13 | 6.1 Medium |
| The KnowBe4 Security Awareness Training application before 2020-01-10 allows reflected XSS. The response has a SCRIPT element that sets window.location.href to a JavaScript URL. | ||||
| CVE-2025-43955 | 1 Convertigo | 1 Convertigo | 2025-05-13 | 2.2 Low |
| TwsCachedXPathAPI in Convertigo through 8.3.4 does not restrict the use of commons-jxpath APIs. | ||||
| CVE-2025-25997 | 1 Feminer Wms Project | 1 Feminer Wms | 2025-05-13 | 7.5 High |
| Directory Traversal vulnerability in FeMiner wms v.1.0 allows a remote attacker to obtain sensitive information via the databak.php component. | ||||
| CVE-2024-39722 | 1 Ollama | 1 Ollama | 2025-05-13 | 7.5 High |
| An issue was discovered in Ollama before 0.1.46. It exposes which files exist on the server on which it is deployed via path traversal in the api/push route. | ||||
| CVE-2024-26469 | 1 Prestalife | 1 Product Designer | 2025-05-13 | 8.1 High |
| Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method. | ||||
| CVE-2022-3540 | 1 Hunter2 Project | 1 Hunter2 | 2025-05-13 | 6.5 Medium |
| An issue has been discovered in hunter2 affecting all versions before 2.1.0. Improper handling of auto-completion input allows an authenticated attacker to extract other users email addresses | ||||
| CVE-2022-3517 | 4 Debian, Fedoraproject, Minimatch Project and 1 more | 9 Debian Linux, Fedora, Minimatch and 6 more | 2025-05-13 | 7.5 High |
| A vulnerability was found in the minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) when calling the braceExpand function with specific arguments, resulting in a Denial of Service. | ||||
| CVE-2023-52555 | 1 Mongo-express Project | 1 Mongo-express | 2025-05-13 | 6.1 Medium |
| In mongo-express 1.0.2, /admin allows CSRF, as demonstrated by deletion of a Collection. | ||||
| CVE-2024-38888 | 1 Horizoncloud | 1 Caterease | 2025-05-13 | 6.8 Medium |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform a Password Brute Forcing attack due to improper restriction of excessive authentication attempts. | ||||
| CVE-2024-38885 | 1 Horizoncloud | 1 Caterease | 2025-05-13 | 7.5 High |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a remote attacker to perform unauthorized access using known operating system credentials due to hardcoded SQL user credentials in the client application. | ||||
| CVE-2024-38884 | 1 Horizoncloud | 1 Caterease | 2025-05-13 | 7.8 High |
| An issue in Horizon Business Services Inc. Caterease 16.0.1.1663 through 24.0.1.2405 and possibly later versions, allows a local attacker to perform an Authentication Bypass attack due to improperly implemented security checks for standard authentication mechanisms | ||||