Export limit exceeded: 366043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (366043 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34311 1 Ibm 1 Cics Tx 2025-05-06 4.3 Medium
IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446.
CVE-2021-4437 1 Dbartholomae 1 Lambda-middleware 2025-05-06 3.5 Low
A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability.
CVE-2023-51458 1 Adobe 1 Experience Manager 2025-05-06 5.4 Medium
Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2024-1557 1 Mozilla 1 Firefox 2025-05-06 8.1 High
Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123.
CVE-2022-24669 1 Forgerock 1 Access Management 2025-05-06 6.5 Medium
It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services.
CVE-2024-34535 1 Joinmastodon 1 Mastodon 2025-05-06 5.9 Medium
In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header.
CVE-2024-23526 1 Ivanti 1 Avalanche 2025-05-06 7.5 High
An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory.
CVE-2024-24994 1 Ivanti 1 Avalanche 2025-05-06 8.8 High
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24992 1 Ivanti 1 Avalanche 2025-05-06 8.8 High
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-24991 1 Ivanti 1 Avalanche 2025-05-06 6.5 Medium
A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks.
CVE-2024-24998 1 Ivanti 1 Avalanche 2025-05-06 8.8 High
A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM.
CVE-2024-5968 1 10web 1 Photo Gallery 2025-05-06 4.8 Medium
The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
CVE-2022-3304 1 Google 1 Chrome 2025-05-06 8.8 High
Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2022-32947 1 Apple 4 Ipados, Iphone Os, Macos and 1 more 2025-05-06 7.8 High
The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32946 1 Apple 2 Ipados, Iphone Os 2025-05-06 5.5 Medium
This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.
CVE-2022-32944 1 Apple 5 Ipados, Iphone Os, Macos and 2 more 2025-05-06 7.8 High
A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges.
CVE-2022-32941 1 Apple 3 Ipados, Iphone Os, Macos 2025-05-06 9.8 Critical
The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution.
CVE-2018-20623 1 Gnu 1 Binutils 2025-05-06 5.5 Medium
In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file.
CVE-2024-48622 1 Domainmod 1 Domainmod 2025-05-06 6.6 Medium
A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter.
CVE-2024-48623 1 Domainmod 1 Domainmod 2025-05-06 5.3 Medium
In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS).