Export limit exceeded: 366276 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366276 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40084 1 Opencrx 1 Opencrx 2025-05-08 5.3 Medium
OpenCRX before v5.2.2 was discovered to be vulnerable to password enumeration due to the difference in error messages received during a password reset which could enable an attacker to determine if a username, email or ID is valid.
CVE-2022-38108 1 Solarwinds 1 Orion Platform 2025-05-08 7.2 High
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
CVE-2022-37298 1 Shinken-monitoring 1 Shinken Monitoring 2025-05-08 9.8 Critical
Shinken Solutions Shinken Monitoring Version 2.4.3 affected is vulnerable to Incorrect Access Control. The SafeUnpickler class found in shinken/safepickle.py implements a weak authentication scheme when unserializing objects passed from monitoring nodes to the Shinken monitoring server.
CVE-2022-36122 2 Automox, Microsoft 2 Automox, Windows 2025-05-08 7.8 High
The Automox Agent before 40 on Windows incorrectly sets permissions on key files.
CVE-2022-31678 1 Vmware 2 Cloud Foundation, Nsx Data Center 2025-05-08 9.1 Critical
VMware Cloud Foundation (NSX-V) contains an XML External Entity (XXE) vulnerability. On VCF 3.x instances with NSX-V deployed, this may allow a user to exploit this issue leading to a denial-of-service condition or unintended information disclosure.
CVE-2022-31366 1 Eve-ng 1 Eve-ng 2025-05-08 7.2 High
An arbitrary file upload vulnerability in the apiImportLabs function in api_labs.php of EVE-NG 2.0.3-112 Community allows attackers to execute arbitrary code via a crafted UNL file.
CVE-2025-43967 1 Struktur 1 Libheif 2025-05-08 2.9 Low
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item.
CVE-2025-43966 1 Struktur 1 Libheif 2025-05-08 2.9 Low
libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc.
CVE-2022-2188 2 Mcafee, Microsoft 2 Data Exchange Layer, Windows 2025-05-08 6.5 Medium
Privilege escalation vulnerability in DXL Broker for Windows prior to 6.0.0.280 allows local users to gain elevated privileges by exploiting weak directory controls in the logs directory. This can lead to a denial-of-service attack on the DXL Broker.
CVE-2022-41208 1 Sap 1 Financial Consolidation 2025-05-08 5.4 Medium
Due to insufficient input validation, SAP Financial Consolidation - version 1010, allows an authenticated attacker with user privileges to alter current user session. On successful exploitation, the attacker can view or modify information, causing a limited impact on confidentiality and integrity of the application.
CVE-2024-21376 1 Microsoft 1 Azure Kubernetes Service 2025-05-08 9 Critical
Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability
CVE-2025-43971 1 Osrg 1 Gobgp 2025-05-08 8.6 High
An issue was discovered in GoBGP before 3.35.0. pkg/packet/bgp/bgp.go allows attackers to cause a panic via a zero value for softwareVersionLen.
CVE-2025-43973 1 Osrg 1 Gobgp 2025-05-08 6.8 Medium
An issue was discovered in GoBGP before 3.35.0. pkg/packet/rtr/rtr.go does not verify that the input length corresponds to a situation in which all bytes are available for an RTR message.
CVE-2025-43972 1 Osrg 1 Gobgp 2025-05-08 6.8 Medium
An issue was discovered in GoBGP before 3.35.0. An attacker can cause a crash in the pkg/packet/bgp/bgp.go flowspec parser by sending fewer than 20 bytes in a certain context.
CVE-2024-25642 1 Sap 1 Cloud Connector 2025-05-08 7.4 High
Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system.
CVE-2025-43970 1 Osrg 1 Gobgp 2025-05-08 4.3 Medium
An issue was discovered in GoBGP before 3.35.0. pkg/packet/mrt/mrt.go does not properly check the input length, e.g., by ensuring that there are 12 bytes or 36 bytes (depending on the address family).
CVE-2024-21406 1 Microsoft 13 Windows 10 1607, Windows 10 1809, Windows 10 21h2 and 10 more 2025-05-08 7.5 High
Windows Printing Service Spoofing Vulnerability
CVE-2024-1354 1 Github 1 Enterprise Server 2025-05-08 8 High
A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program.
CVE-2024-24697 1 Zoom 4 Meeting Software Development Kit, Rooms, Vdi Windows Meeting Clients and 1 more 2025-05-08 7.2 High
Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access.
CVE-2023-24481 1 Intel 1 Thunderbolt Dch Driver 2025-05-08 6.3 Medium
Improper access control in some Intel(R) Thunderbolt(TM) DCH drivers for Windows before version 88 may allow an authenticated user to potentially enable escalation of privilege via local access.