Export limit exceeded: 364863 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364863 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41669 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists in the SGIUtility component that allows adversaries with local user privileges to load a malicious DLL which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41668 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-704: Incorrect Project Conversion vulnerability exists that allows adversaries with local user privileges to load a project file from an adversary-controlled network share which could result in execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41667 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-41666 | 1 Schneider-electric | 2 Ecostruxure Operator Terminal Expert, Pro-face Blue | 2025-05-02 | 7 High |
| A CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that allows adversaries with local user privileges to load a malicious DLL which could lead to execution of malicious code. Affected Products: EcoStruxure Operator Terminal Expert(V3.3 Hotfix 1 or prior), Pro-face BLUE(V3.3 Hotfix1 or prior). | ||||
| CVE-2022-43571 | 1 Splunk | 2 Splunk, Splunk Cloud Platform | 2025-05-02 | 8.8 High |
| In Splunk Enterprise versions below 8.2.9, 8.1.12, and 9.0.2, an authenticated user can execute arbitrary code through the dashboard PDF generation component. | ||||
| CVE-2023-4620 | 1 Wpbookingcalendar | 1 Booking Calendar | 2025-05-02 | 6.1 Medium |
| The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators | ||||
| CVE-2023-4294 | 1 Kaizencoders | 1 Url Shortify | 2025-05-02 | 6.1 Medium |
| The URL Shortify WordPress plugin before 1.7.6 does not properly escape the value of the referer header, thus allowing an unauthenticated attacker to inject malicious javascript that will trigger in the plugins admin panel with statistics of the created short link. | ||||
| CVE-2023-39434 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2025-05-02 | 8.8 High |
| A use-after-free issue was addressed with improved memory management. This issue is fixed in iOS 17 and iPadOS 17, watchOS 10, macOS Sonoma 14. Processing web content may lead to arbitrary code execution. | ||||
| CVE-2023-28211 | 1 Apple | 1 Macos | 2025-05-02 | 7.8 High |
| A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Ventura 13.3. An app may be able to cause unexpected system termination or write kernel memory. | ||||
| CVE-2022-3821 | 3 Fedoraproject, Redhat, Systemd Project | 4 Fedora, Enterprise Linux, Rhel Eus and 1 more | 2025-05-02 | 5.5 Medium |
| An off-by-one Error issue was discovered in Systemd in format_timespan() function of time-util.c. An attacker could supply specific values for time and accuracy that leads to buffer overrun in format_timespan(), leading to a Denial of Service. | ||||
| CVE-2022-34823 | 1 Nec | 2 Expresscluster X, Expresscluster X Singleserversafe | 2025-05-02 | 9.8 Critical |
| Buffer overflow vulnerability in CLUSTERPRO X 5.0 for Windows and earlier, EXPRESSCLUSTER X 5.0 for Windows and earlier, CLUSTERPRO X 5.0 SingleServerSafe for Windows and earlier, EXPRESSCLUSTER X 5.0 SingleServerSafe for Windows and earlier allows a remote unauthenticated attacker to overwrite existing files on the file system and to potentially execute arbitrary code. | ||||
| CVE-2022-41212 | 1 Sap | 1 Netweaver Application Server Abap | 2025-05-02 | 4.9 Medium |
| Due to insufficient input validation, SAP NetWeaver Application Server ABAP and ABAP Platform allows an attacker with high level privileges to use a remote enabled function to read a file which is otherwise restricted. On successful exploitation an attacker can completely compromise the confidentiality of the application. | ||||
| CVE-2022-41259 | 1 Sap | 1 Sql Anywhere | 2025-05-02 | 6.5 Medium |
| SAP SQL Anywhere - version 17.0, allows an authenticated attacker to prevent legitimate users from accessing a SQL Anywhere database server by crashing the server with some queries that use an ARRAY constructor. | ||||
| CVE-2022-3765 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-05-02 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.8. | ||||
| CVE-2024-13102 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13103 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13104 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13105 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13106 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-13107 | 1 Dlink | 2 Dir-816, Dir-816 Firmware | 2025-05-02 | 5.3 Medium |
| A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | ||||