Export limit exceeded: 363878 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (363878 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4111 1 Tooljet 1 Tooljet 2025-04-24 6.5 Medium
Unrestricted file size limit can lead to DoS in tooljet/tooljet <1.27 by allowing a logged in attacker to upload profile pictures over 2MB.
CVE-2022-3270 1 Festo 198 Bus Module Cpx-e-ep, Bus Module Cpx-e-ep Firmware, Bus Node Cpx-fb32 and 195 more 2025-04-24 9.8 Critical
In multiple products by Festo a remote unauthenticated attacker could use functions of an undocumented protocol which could lead to a complete loss of confidentiality, integrity and availability.
CVE-2022-41297 1 Ibm 3 Db2 On Cloud Pak For Data, Db2 Warehouse On Cloud Pak For Data, Db2u 2025-04-24 4.3 Medium
IBM Db2U 3.5, 4.0, and 4.5 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 237212.
CVE-2022-40977 1 Pilz 15 Pasvisu, Pmi V507, Pmi V507 Firmware and 12 more 2025-04-24 7.5 High
A path traversal vulnerability was discovered in Pilz PASvisu Server before 1.12.0. An unauthenticated remote attacker could use a zipped, malicious configuration file to trigger arbitrary file writes ('zip-slip'). File writes do not affect confidentiality or availability.
CVE-2022-41157 2 Microsoft, Webcash 2 Windows, Serp Server 2.0 2025-04-24 8.1 High
A specific file on the sERP server if Kyungrinara(ERP solution) has a fixed password with the SYSTEM authority. This vulnerability could allow attackers to leak or steal sensitive information or execute malicious commands.
CVE-2022-38115 1 Solarwinds 1 Security Event Manager 2025-04-24 5.3 Medium
Insecure method vulnerability in which allowed HTTP methods are disclosed. E.g., OPTIONS, DELETE, TRACE, and PUT
CVE-2023-41425 1 Wondercms 1 Wondercms 2025-04-24 6.1 Medium
Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.
CVE-2022-46338 2 Debian, G810-led Project 2 Debian Linux, G810-led 2025-04-24 6.5 Medium
g810-led 0.4.2, a LED configuration tool for Logitech Gx10 keyboards, contained a udev rule to make supported device nodes world-readable and writable, allowing any process on the system to read traffic from keyboards, including sensitive data.
CVE-2022-45869 2 Linux, Redhat 4 Linux Kernel, Enterprise Linux, Rhel Eus and 1 more 2025-04-24 5.5 Medium
A race condition in the x86 KVM subsystem in the Linux kernel through 6.1-rc6 allows guest OS users to cause a denial of service (host OS crash or host OS memory corruption) when nested virtualisation and the TDP MMU are enabled.
CVE-2022-37926 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 5.5 Medium
A vulnerability within the web-based management interface of EdgeConnect Enterprise could allow a remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface by uploading a specially crafted file. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-37925 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 6.1 Medium
A vulnerability within the web-based management interface of Aruba EdgeConnect Enterprise could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-35120 1 Ixpdata 1 Easyinstall 2025-04-24 8.8 High
IXPdata EasyInstall 6.6.14725 contains an access control issue.
CVE-2022-30528 1 Isic.lk Project 1 Isic.lk 2025-04-24 9.8 Critical
SQL Injection vulnerability in asith-eranga ISIC tour booking through version published on Feb 13th 2018, allows attackers to execute arbitrary commands via the username parameter to /system/user/modules/mod_users/controller.php.
CVE-2022-40746 2 Ibm, Microsoft 2 I Access Client Solutions, Windows 2025-04-24 7.2 High
IBM i Access Family 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.0 could allow a local authenticated attacker to execute arbitrary code on the system, caused by DLL search order hijacking vulnerability. By placing a specially crafted file in a compromised folder, an attacker could exploit this vulnerability to execute arbitrary code on the system. IBM X-Force ID: 236581.
CVE-2022-37923 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 7.2 High
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-37922 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 7.2 High
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-37920 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 7.2 High
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-37921 1 Arubanetworks 1 Edgeconnect Enterprise 2025-04-24 7.2 High
Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise in Aruba EdgeConnect Enterprise Software version(s): ECOS 9.2.1.0 and below; ECOS 9.1.3.0 and below; ECOS 9.0.7.0 and below; ECOS 8.3.7.1 and below.
CVE-2022-41676 1 Raidenmaild 1 Raidenmaild 2025-04-24 5.4 Medium
Raiden MAILD Mail Server website mail field has insufficient filtering for user input. A remote attacker with general user privilege can send email using the website with malicious JavaScript in the input field, which triggers XSS (Reflected Cross-Site Scripting) attack to the mail recipient.
CVE-2022-40265 1 Mitsubishielectric 12 R04encpu, R04encpu Firmware, R08encpu and 9 more 2025-04-24 8.6 High
Improper Input Validation vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series RJ71EN71 Firmware version "65" and prior and Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120ENCPU Network Part Firmware version "65" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition by sending specially crafted packets. A system reset is required for recovery.