Export limit exceeded: 364869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364869 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39019 | 1 M-files | 1 Hubshare | 2025-05-02 | 6.3 Medium |
| Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. | ||||
| CVE-2025-32754 | 1 Jenkins | 1 Ssh-agent | 2025-05-02 | 9.1 Critical |
| In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter. | ||||
| CVE-2022-44624 | 1 Jetbrains | 1 Teamcity | 2025-05-02 | 6.5 Medium |
| In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters | ||||
| CVE-2022-44646 | 1 Jetbrains | 1 Teamcity | 2025-05-02 | 2.2 Low |
| In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings | ||||
| CVE-2024-27684 | 1 Dlink | 2 Go-rt-ac750, Go-rt-ac750 Firmware | 2025-05-02 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter. | ||||
| CVE-2024-57684 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 9.8 Critical |
| An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | ||||
| CVE-2024-57683 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 4.3 Medium |
| An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. | ||||
| CVE-2024-57682 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 6.5 Medium |
| An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. | ||||
| CVE-2024-57681 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. | ||||
| CVE-2024-57680 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. | ||||
| CVE-2024-57679 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 6.5 Medium |
| An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. | ||||
| CVE-2024-57678 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 6.5 Medium |
| An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. | ||||
| CVE-2024-57677 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 6.5 Medium |
| An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. | ||||
| CVE-2024-57676 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 6.5 Medium |
| An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. | ||||
| CVE-2023-34051 | 1 Vmware | 1 Aria Operations For Logs | 2025-05-02 | 9.8 Critical |
| VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | ||||
| CVE-2022-44724 | 1 Stiltsoft | 1 Handy Macros For Confluence | 2025-05-02 | 8.9 High |
| The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2022-44544 | 2 Canonical, Mahara | 2 Ubuntu Linux, Mahara | 2025-05-02 | 9.8 Critical |
| Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript. | ||||
| CVE-2022-42905 | 1 Wolfssl | 1 Wolfssl | 2025-05-02 | 9.1 Critical |
| In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.) | ||||
| CVE-2022-42707 | 1 Mahara | 1 Mahara | 2025-05-02 | 7.5 High |
| In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions. | ||||
| CVE-2022-40284 | 4 Debian, Fedoraproject, Redhat and 1 more | 9 Debian Linux, Fedora, Advanced Virtualization and 6 more | 2025-05-02 | 7.8 High |
| A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device. | ||||