Export limit exceeded: 363530 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363530 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34320 1 Ibm 1 Cics Tx 2025-04-29 5.9 Medium
IBM CICS TX 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229464.
CVE-2024-13885 1 Webtechglobal 1 Wp E-customers Beta 2025-04-29 7.1 High
The WP e-Customers Beta WordPress plugin through 0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2022-40751 1 Ibm 1 Urbancode Deploy 2025-04-29 4.9 Medium
IBM UrbanCode Deploy (UCD) 6.2.7.0 through 6.2.7.17, 7.0.0.0 through 7.0.5.12, 7.1.0.0 through 7.1.2.8, and 7.2.0.0 through 7.2.3.1 could allow a user with administrative privileges including "Manage Security" permissions may be able to recover a credential previously saved for performing authenticated LDAP searches.  IBM X-Force ID:   236601.
CVE-2024-13891 1 Scheduler 1 Schedule 2025-04-29 7.1 High
The Schedule WordPress plugin through 1.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-31606 2 Microsoft, Nvidia 7 Windows, Cloud Gaming Guest, Geforce and 4 more 2025-04-29 7.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a failure to properly validate data might allow an attacker with basic user capabilities to cause an out-of-bounds access in kernel mode, which could lead to denial of service, information disclosure, escalation of privileges, or data tampering.
CVE-2022-31607 2 Linux, Nvidia 6 Linux Kernel, Cloud Gaming Guest, Geforce and 3 more 2025-04-29 7.8 High
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer (nvidia.ko), where a local user with basic capabilities can cause improper input validation, which may lead to denial of service, escalation of privileges, data tampering, and limited information disclosure.
CVE-2022-31610 2 Microsoft, Nvidia 7 Windows, Cloud Gaming Guest, Geforce and 4 more 2025-04-29 7.8 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys), where a local user with basic capabilities can cause an out-of-bounds write, which may lead to code execution, denial of service, escalation of privileges, information disclosure, or data tampering.
CVE-2025-1401 1 S-a 1 Wp Click Info 2025-04-29 7.1 High
The WP Click Info WordPress plugin through 2.7.4 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2022-31612 2 Microsoft, Nvidia 7 Windows, Cloud Gaming Guest, Geforce and 4 more 2025-04-29 7.1 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to a system crash or a leak of internal kernel information.
CVE-2022-31613 2 Microsoft, Nvidia 7 Windows, Cloud Gaming Guest, Geforce and 4 more 2025-04-29 7.1 High
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer, where any local user can cause a null-pointer dereference, which may lead to a kernel panic.
CVE-2022-31615 1 Nvidia 4 Geforce, Gpu Display Driver, Rtx and 1 more 2025-04-29 5.5 Medium
NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer, where a local user with basic capabilities can cause a null-pointer dereference, which may lead to denial of service.
CVE-2022-31616 2 Microsoft, Nvidia 7 Windows, Cloud Gaming Guest, Geforce and 4 more 2025-04-29 6.1 Medium
NVIDIA GPU Display Driver for Windows contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where a local user with basic capabilities can cause an out-of-bounds read, which may lead to denial of service, or information disclosure.
CVE-2025-29208 1 Codezips 1 Gym Management System 2025-04-29 6.5 Medium
CodeZips Gym Management System v1.0 is vulnerable to SQL injection in the name parameter within /dashboard/admin/deleteroutine.php.
CVE-2025-30356 1 Nasa 1 Cryptolib 2025-04-29 9.8 Critical
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In 1.3.3 and earlier, a heap buffer overflow vulnerability persists in the Crypto_TC_ApplySecurity function due to an incomplete validation check on the fl (frame length) field. Although CVE-2025-29912 addressed an underflow issue involving fl, the patch fails to fully prevent unsafe calculations. As a result, an attacker can still craft malicious frames that cause a negative tf_payload_len, which is then interpreted as a large unsigned value, leading to a heap buffer overflow in a memcpy call.
CVE-2022-45934 5 Debian, Fedoraproject, Linux and 2 more 14 Debian Linux, Fedora, Linux Kernel and 11 more 2025-04-29 7.8 High
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
CVE-2022-45933 1 Kubeview Project 1 Kubeview 2025-04-29 9.8 Critical
KubeView through 0.1.31 allows attackers to obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication, and retrieves certificate files that can be used for authentication as kube-admin. NOTE: the vendor's position is that KubeView was a "fun side project and a learning exercise," and not "very secure."
CVE-2022-45932 1 Linuxfoundation 1 Opendaylight 2025-04-29 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/RoleStore.java deleteRole function is affected when the API interface /auth/v1/roles/ is used.
CVE-2022-45931 1 Linuxfoundation 1 Opendaylight 2025-04-29 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/UserStore.java deleteUser function is affected when the API interface /auth/v1/users/ is used.
CVE-2022-45930 1 Linuxfoundation 1 Opendaylight 2025-04-29 7.5 High
A SQL injection issue was discovered in AAA in OpenDaylight (ODL) before 0.16.5. The aaa-idm-store-h2/src/main/java/org/opendaylight/aaa/datastore/h2/DomainStore.java deleteDomain function is affected for the /auth/v1/domains/ API interface.
CVE-2022-45914 1 Electronic Shelf Label Protocol Project 1 Electronic Shelf Label Protocol 2025-04-29 6.5 Medium
The ESL (Electronic Shelf Label) protocol, as implemented by (for example) the OV80e934802 RF transceiver on the ETAG-2130-V4.3 20190629 board, does not use authentication, which allows attackers to change label values via 433 MHz RF signals, as demonstrated by disrupting the organization of a hospital storage unit, or changing retail pricing.