Export limit exceeded: 366043 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366043 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34311 | 1 Ibm | 1 Cics Tx | 2025-05-06 | 4.3 Medium |
| IBM CICS TX Standard and Advanced 11.1 could allow a user with physical access to the web browser to gain access to the user's session due to insufficiently protected credentials. IBM X-Force ID: 229446. | ||||
| CVE-2021-4437 | 1 Dbartholomae | 1 Lambda-middleware | 2025-05-06 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages/json-deserializer/src/JsonDeserializer.ts of the component JSON Mime-Type Handler. The manipulation leads to inefficient regular expression complexity. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as f689404d830cbc1edd6a1018d3334ff5f44dc6a6. It is recommended to upgrade the affected component. VDB-253406 is the identifier assigned to this vulnerability. | ||||
| CVE-2023-51458 | 1 Adobe | 1 Experience Manager | 2025-05-06 | 5.4 Medium |
| Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2024-1557 | 1 Mozilla | 1 Firefox | 2025-05-06 | 8.1 High |
| Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123. | ||||
| CVE-2022-24669 | 1 Forgerock | 1 Access Management | 2025-05-06 | 6.5 Medium |
| It may be possible to gain some details of the deployment through a well-crafted attack. This may allow that data to be used to probe internal network services. | ||||
| CVE-2024-34535 | 1 Joinmastodon | 1 Mastodon | 2025-05-06 | 5.9 Medium |
| In Mastodon 4.1.6, API endpoint rate limiting can be bypassed by setting a crafted HTTP request header. | ||||
| CVE-2024-23526 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 7.5 High |
| An out-of-bounds read vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3, in certain conditions can allow an unauthenticated remote attacker to read sensitive information in memory. | ||||
| CVE-2024-24994 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-24992 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-24991 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 6.5 Medium |
| A Null Pointer Dereference vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows an authenticated remote attacker to perform denial of service attacks. | ||||
| CVE-2024-24998 | 1 Ivanti | 1 Avalanche | 2025-05-06 | 8.8 High |
| A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to execute arbitrary commands as SYSTEM. | ||||
| CVE-2024-5968 | 1 10web | 1 Photo Gallery | 2025-05-06 | 4.8 Medium |
| The Photo Gallery by 10Web WordPress plugin before 1.8.28 does not properly sanitise and escape some of its Gallery settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | ||||
| CVE-2022-3304 | 1 Google | 1 Chrome | 2025-05-06 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2022-32947 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-06 | 7.8 High |
| The issue was addressed with improved memory handling. This issue is fixed in iOS 16.1 and iPadOS 16, macOS Ventura 13, watchOS 9.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32946 | 1 Apple | 2 Ipados, Iphone Os | 2025-05-06 | 5.5 Medium |
| This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods. | ||||
| CVE-2022-32944 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2025-05-06 | 7.8 High |
| A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 16.1, iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. An app may be able to execute arbitrary code with kernel privileges. | ||||
| CVE-2022-32941 | 1 Apple | 3 Ipados, Iphone Os, Macos | 2025-05-06 | 9.8 Critical |
| The issue was addressed with improved bounds checks. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, macOS Ventura 13, iOS 16.1 and iPadOS 16, macOS Monterey 12.6.1, macOS Big Sur 11.7.1. A buffer overflow may result in arbitrary code execution. | ||||
| CVE-2018-20623 | 1 Gnu | 1 Binutils | 2025-05-06 | 5.5 Medium |
| In GNU Binutils 2.31.1, there is a use-after-free in the error function in elfcomm.c when called from the process_archive function in readelf.c via a crafted ELF file. | ||||
| CVE-2024-48622 | 1 Domainmod | 1 Domainmod | 2025-05-06 | 6.6 Medium |
| A cross-site scripting (XSS) issue in DomainMOD below v4.12.0 allows remote attackers to inject JavaScript code via admin/domain-fields/edit.php and the cdfid parameter. | ||||
| CVE-2024-48623 | 1 Domainmod | 1 Domainmod | 2025-05-06 | 5.3 Medium |
| In queue\index.php of DomainMOD below v4.12.0, the list_id and domain_id parameters in the GET request can be exploited to cause a reflected Cross Site Scripting (XSS). | ||||