Export limit exceeded: 363437 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363437 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-44174 | 1 Tenda | 2 Ac18, Ac18 Firmware | 2025-04-29 | 9.8 Critical |
| Tenda AC18 V15.03.05.05 is vulnerable to Buffer Overflow via function formSetDeviceName. | ||||
| CVE-2022-43709 | 1 Mybb | 1 Mybb | 2025-04-29 | 4.9 Medium |
| MyBB 1.8.31 has a SQL injection vulnerability in the Admin CP's Users module allows remote authenticated users to modify the query string via direct user input or stored search filter settings. | ||||
| CVE-2022-40954 | 1 Apache | 2 Airflow, Apache-airflow-providers-apache-spark | 2025-04-29 | 5.5 Medium |
| Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Apache Airflow Spark Provider, Apache Airflow allows an attacker to read arbtrary files in the task execution context, without write access to DAG files. This issue affects Spark Provider versions prior to 4.0.0. It also impacts any Apache Airflow versions prior to 2.3.0 in case Spark Provider is installed (Spark Provider 4.0.0 can only be installed for Airflow 2.3.0+). Note that you need to manually install the Spark Provider version 4.0.0 in order to get rid of the vulnerability on top of Airflow 2.3.0+ version that has lower version of the Spark Provider installed). | ||||
| CVE-2022-3980 | 1 Sophos | 1 Mobile | 2025-04-29 | 9.8 Critical |
| An XML External Entity (XEE) vulnerability allows server-side request forgery (SSRF) and potential code execution in Sophos Mobile managed on-premises between versions 5.0.0 and 9.7.4. | ||||
| CVE-2022-36785 | 1 Dlink | 2 G Integrated Access Device4, G Integrated Access Device4 Firmware | 2025-04-29 | 7.5 High |
| D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass. *Information Disclosure – file contains a URL with private IP at line 15 "login.asp" A. The window.location.href = http://192.168.1.1/setupWizard.asp" http://192.168.1.1/setupWizard.asp" ; "admin" – contains default username value "login.asp" B. While accessing the web interface, the login form at *Authorization Bypass – URL by "setupWizard.asp' while it blocks direct access to – the web interface does not properly validate user identity variables values located at the client side, it is available to access it without a "login_glag" and "login_status" checking browser and to read the admin user credentials for the web interface. | ||||
| CVE-2022-24999 | 4 Debian, Openjsf, Qs Project and 1 more | 12 Debian Linux, Express, Qs and 9 more | 2025-04-29 | 7.5 High |
| qs before 6.10.3, as used in Express before 4.17.3 and other products, allows attackers to cause a Node process hang for an Express application because an __ proto__ key can be used. In many typical Express use cases, an unauthenticated remote attacker can place the attack payload in the query string of the URL that is used to visit the application, such as a[__proto__]=b&a[__proto__]&a[length]=100000000. The fix was backported to qs 6.9.7, 6.8.3, 6.7.3, 6.6.1, 6.5.3, 6.4.1, 6.3.3, and 6.2.4 (and therefore Express 4.17.3, which has "deps: qs@6.9.7" in its release description, is not vulnerable). | ||||
| CVE-2022-24190 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | 7.5 High |
| The /device/acceptBind end-point for Ourphoto App version 1.4.1 does not require authentication or authorization. The user_token header is not implemented or present on this end-point. An attacker can send a request to bind their account to any users picture frame, then send a POST request to accept their own bind request, without the end-users approval or interaction. | ||||
| CVE-2022-24189 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | 6.5 Medium |
| The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly. Removing the value causes all requests to succeed, bypassing authorization and session management. The impact of this vulnerability allows an attacker POST api calls with other users unique identifiers and enumerate information of all other end-users. | ||||
| CVE-2022-24188 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | 7.5 High |
| The /device/signin end-point for the Ourphoto App version 1.4.1 discloses clear-text password information for functionality within the picture frame devices. The deviceVideoCallPassword and mqttPassword are returned in clear-text. The lack of sessions management and presence of insecure direct object references allows to return password information for other end-users devices. Many of the picture frame devices offer video calling, and it is likely this information can be used to abuse that functionality. | ||||
| CVE-2022-24187 | 1 Sz-fujia | 1 Ourphoto | 2025-04-29 | 7.5 High |
| The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users. | ||||
| CVE-2025-31720 | 1 Jenkins | 1 Jenkins | 2025-04-29 | 4.3 Medium |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration. | ||||
| CVE-2025-31721 | 1 Jenkins | 1 Jenkins | 2025-04-29 | 4.3 Medium |
| A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration. | ||||
| CVE-2025-22924 | 1 Os4ed | 1 Opensis | 2025-04-29 | 8.8 High |
| OS4ED openSIS v7.0 through v9.1 contains a SQL injection vulnerability via the stu_id parameter at /modules/students/Student.php. | ||||
| CVE-2022-38390 | 1 Ibm | 1 Business Automation Workflow | 2025-04-29 | 5.4 Medium |
| Multiple IBM Business Automation Workflow versions are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 233978. | ||||
| CVE-2025-22925 | 1 Os4ed | 1 Opensis | 2025-04-29 | 7.5 High |
| OS4ED openSIS v7.0 to v9.1 was discovered to contain a SQL injection vulnerability via the table parameter at /attendance/AttendanceCodes.php. The remote, authenticated attacker requires the admin role to successfully exploit this vulnerability. | ||||
| CVE-2025-29062 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2025-04-29 | 9.8 Critical |
| An issue in BL-AC2100 <=V1.0.4 allows a remote attacker to execute arbitrary code via the time1 and time2 parameters in the set_LimitClient_cfg of the goahead webservice. | ||||
| CVE-2025-29063 | 1 Lb-link | 2 Bl-ac2100, Bl-ac2100 Firmware | 2025-04-29 | 9.8 Critical |
| An issue in BL-AC2100 V1.0.4 and before allows a remote attacker to execute arbitrary code via the enable parameter passed to /goform/set_hidessid_cfg is not handled properly. | ||||
| CVE-2022-31608 | 1 Nvidia | 4 Geforce, Gpu Display Driver, Rtx and 1 more | 2025-04-29 | 7.8 High |
| NVIDIA GPU Display Driver for Linux contains a vulnerability in an optional D-Bus configuration file, where a local user with basic capabilities can impact protected D-Bus endpoints, which may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | ||||
| CVE-2025-31477 | 1 Tauri | 1 Plugin-shell | 2025-04-29 | 9.8 Critical |
| The Tauri shell plugin allows access to the system shell. Prior to 2.2.1, the Tauri shell plugin exposes functionality to execute code and open programs on the system. The open endpoint of this plugin is designed to allow open functionality with the system opener (e.g. xdg-open on Linux). This was meant to be restricted to a reasonable number of protocols like https or mailto by default. This default restriction was not functional due to improper validation of the allowed protocols, allowing for potentially dangerous protocols like file://, smb://, or nfs:// and others to be opened by the system registered protocol handler. By passing untrusted user input to the open endpoint these potentially dangerous protocols can be abused to gain remote code execution on the system. This either requires direct exposure of the endpoint to application users or code execution in the frontend of a Tauri application. This vulnerability is fixed in 2.2.1. | ||||
| CVE-2020-29385 | 3 Canonical, Fedoraproject, Gnome | 3 Ubuntu Linux, Fedora, Gdk-pixbuf | 2025-04-29 | 5.5 Medium |
| GNOME gdk-pixbuf (aka GdkPixbuf) before 2.42.2 allows a denial of service (infinite loop) in lzw.c in the function write_indexes. if c->self_code equals 10, self->code_table[10].extends will assign the value 11 to c. The next execution in the loop will assign self->code_table[11].extends to c, which will give the value of 10. This will make the loop run infinitely. This bug can, for example, be triggered by calling this function with a GIF image with LZW compression that is crafted in a special way. | ||||