Export limit exceeded: 364869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (364869 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-39019 1 M-files 1 Hubshare 2025-05-02 6.3 Medium
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server.
CVE-2025-32754 1 Jenkins 1 Ssh-agent 2025-05-02 9.1 Critical
In jenkins/ssh-agent Docker images 6.11.1 and earlier, SSH host keys are generated on image creation for images based on Debian, causing all containers based on images of the same version use the same SSH host keys, allowing attackers able to insert themselves into the network path between the SSH client (typically the Jenkins controller) and SSH build agent to impersonate the latter.
CVE-2022-44624 1 Jetbrains 1 Teamcity 2025-05-02 6.5 Medium
In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special characters
CVE-2022-44646 1 Jetbrains 1 Teamcity 2025-05-02 2.2 Low
In JetBrains TeamCity version before 2022.10, no audit items were added upon editing a user's settings
CVE-2024-27684 1 Dlink 2 Go-rt-ac750, Go-rt-ac750 Firmware 2025-05-02 6.1 Medium
A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2024-57684 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 9.8 Critical
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request.
CVE-2024-57683 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 4.3 Medium
An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request.
CVE-2024-57682 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 6.5 Medium
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request.
CVE-2024-57681 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 5.3 Medium
An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request.
CVE-2024-57680 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 5.3 Medium
An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request.
CVE-2024-57679 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 6.5 Medium
An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request.
CVE-2024-57678 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 6.5 Medium
An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request.
CVE-2024-57677 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 6.5 Medium
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request.
CVE-2024-57676 1 Dlink 2 Dir-816, Dir-816 Firmware 2025-05-02 6.5 Medium
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request.
CVE-2023-34051 1 Vmware 1 Aria Operations For Logs 2025-05-02 9.8 Critical
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
CVE-2022-44724 1 Stiltsoft 1 Handy Macros For Confluence 2025-05-02 8.9 High
The Handy Tip macro in Stiltsoft Handy Macros for Confluence Server/Data Center 3.x before 3.5.5 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
CVE-2022-44544 2 Canonical, Mahara 2 Ubuntu Linux, Mahara 2025-05-02 9.8 Critical
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
CVE-2022-42905 1 Wolfssl 1 Wolfssl 2025-05-02 9.1 Critical
In wolfSSL before 5.5.2, if callback functions are enabled (via the WOLFSSL_CALLBACKS flag), then a malicious TLS 1.3 client or network attacker can trigger a buffer over-read on the heap of 5 bytes. (WOLFSSL_CALLBACKS is only intended for debugging.)
CVE-2022-42707 1 Mahara 1 Mahara 2025-05-02 7.5 High
In Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0, embedded images are accessible without a sufficient permission check under certain conditions.
CVE-2022-40284 4 Debian, Fedoraproject, Redhat and 1 more 9 Debian Linux, Fedora, Advanced Virtualization and 6 more 2025-05-02 7.8 High
A buffer overflow was discovered in NTFS-3G before 2022.10.3. Crafted metadata in an NTFS image can cause code execution. A local attacker can exploit this if the ntfs-3g binary is setuid root. A physically proximate attacker can exploit this if NTFS-3G software is configured to execute upon attachment of an external storage device.