Export limit exceeded: 366291 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (366291 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-32870 | 1 Apple | 3 Iphone Os, Macos, Watchos | 2025-05-06 | 2.4 Low |
| A logic issue was addressed with improved state management. This issue is fixed in iOS 16, macOS Ventura 13, watchOS 9. A user with physical access to a device may be able to use Siri to obtain some call history information. | ||||
| CVE-2022-31777 | 2 Apache, Redhat | 2 Spark, Camel Spring Boot | 2025-05-06 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. | ||||
| CVE-2022-2572 | 1 Octopus | 1 Octopus Server | 2025-05-06 | 9.8 Critical |
| In affected versions of Octopus Server where access is managed by an external authentication provider, it was possible that the API key/keys of a disabled/deleted user were still valid after the access was revoked. | ||||
| CVE-2021-43069 | 2025-05-06 | N/A | ||
| Not used | ||||
| CVE-2022-3872 | 1 Qemu | 1 Qemu | 2025-05-05 | 8.6 High |
| An off-by-one read/write issue was found in the SDHCI device of QEMU. It occurs when reading/writing the Buffer Data Port Register in sdhci_read_dataport and sdhci_write_dataport, respectively, if data_count == block_size. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. | ||||
| CVE-2022-2711 | 1 Soflyy | 1 Wp All Import | 2025-05-05 | 7.2 High |
| The Import any XML or CSV File to WordPress plugin before 3.6.9 is not validating the paths of files contained in uploaded zip archives, allowing highly privileged users, such as admins, to write arbitrary files to any part of the file system accessible by the web server via a path traversal vector. | ||||
| CVE-2022-2387 | 1 Awesomemotive | 1 Easy Digital Downloads | 2025-05-05 | 4.3 Medium |
| The Easy Digital Downloads WordPress plugin before 3.0 does not have CSRF check in place when deleting payment history, and does not ensure that the post to be deleted is actually a payment history. As a result, attackers could make a logged in admin delete arbitrary post via a CSRF attack | ||||
| CVE-2024-25065 | 1 Apache | 1 Ofbiz | 2025-05-05 | 9.1 Critical |
| Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. | ||||
| CVE-2023-51747 | 1 Apache | 1 James | 2025-05-05 | 7.1 High |
| Apache James prior to versions 3.8.1 and 3.7.5 is vulnerable to SMTP smuggling. A lenient behaviour in line delimiter handling might create a difference of interpretation between the sender and the receiver which can be exploited by an attacker to forge an SMTP envelop, allowing for instance to bypass SPF checks. The patch implies enforcement of CRLF as a line delimiter as part of the DATA transaction. We recommend James users to upgrade to non vulnerable versions. | ||||
| CVE-2023-51518 | 1 Apache | 1 James | 2025-05-05 | 9.8 Critical |
| Apache James prior to version 3.7.5 and 3.8.0 exposes a JMX endpoint on localhost subject to pre-authentication deserialisation of untrusted data. Given a deserialisation gadjet, this could be leveraged as part of an exploit chain that could result in privilege escalation. Note that by default JMX endpoint is only bound locally. We recommend users to: - Upgrade to a non-vulnerable Apache James version - Run Apache James isolated from other processes (docker - dedicated virtual machine) - If possible turn off JMX | ||||
| CVE-2023-50379 | 1 Apache | 1 Ambari | 2025-05-05 | 8.8 High |
| Malicious code injection in Apache Ambari in prior to 2.7.8. Users are recommended to upgrade to version 2.7.8, which fixes this issue. Impact: A Cluster Operator can manipulate the request by adding a malicious code injection and gain a root over the cluster main host. | ||||
| CVE-2024-22393 | 2 Apache, Apache Software Foundation | 2 Answer, Apache Answer | 2025-05-05 | 9.1 Critical |
| Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. | ||||
| CVE-2021-28656 | 1 Apache | 1 Zeppelin | 2025-05-05 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Credential page of Apache Zeppelin allows an attacker to submit malicious request. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions. | ||||
| CVE-2022-47894 | 1 Apache | 1 Zeppelin | 2025-05-05 | 5.3 Medium |
| Improper Input Validation vulnerability in Apache Zeppelin SAP.This issue affects Apache Zeppelin SAP: from 0.8.0 before 0.11.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. For more information, the fix already was merged in the source code but Zeppelin decided to retire the SAP component NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | ||||
| CVE-2024-31862 | 1 Apache | 1 Zeppelin | 2025-05-05 | 5.3 Medium |
| Improper Input Validation vulnerability in Apache Zeppelin when creating a new note from Zeppelin's UI.This issue affects Apache Zeppelin: from 0.10.1 before 0.11.0. Users are recommended to upgrade to version 0.11.0, which fixes the issue. | ||||
| CVE-2022-43562 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 3 Low |
| In Splunk Enterprise versions below 8.1.12, 8.2.9, and 9.0.2, Splunk Enterprise fails to properly validate and escape the Host header, which could let a remote authenticated user conduct various attacks against the system, including cross-site scripting and cache poisoning. | ||||
| CVE-2022-43563 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 8.1 High |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the rex search command handles field names lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2022-43565 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 8.1 High |
| In Splunk Enterprise versions below 8.2.9 and 8.1.12, the way that the ‘tstats command handles Javascript Object Notation (JSON) lets an attacker bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards . The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. | ||||
| CVE-2022-43566 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 7.3 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run risky commands using a more privileged user’s permissions to bypass SPL safeguards for risky commands https://docs.splunk.com/Documentation/SplunkCloud/latest/Security/SPLsafeguards in the Analytics Workspace. The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The attacker cannot exploit the vulnerability at will. | ||||
| CVE-2022-43567 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-05 | 8.8 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can run arbitrary operating system commands remotely through the use of specially crafted requests to the mobile alerts feature in the Splunk Secure Gateway app. | ||||