Export limit exceeded: 365359 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (365359 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-40662 1 Nikon 1 Nis-elements Viewer 2025-04-30 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.
CVE-2022-27896 1 Palantir 1 Foundry Code-workbooks 2025-04-30 4.2 Medium
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
CVE-2025-27189 1 Adobe 1 Commerce B2b 2025-04-30 4.3 Medium
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
CVE-2022-43495 1 Openharmony 1 Openharmony 2025-04-30 6.5 Medium
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
CVE-2022-3340 1 Trellix 1 Intrusion Prevention System Manager 2025-04-30 5.9 Medium
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
CVE-2022-45383 1 Jenkins 1 Support Core 2025-04-30 6.5 Medium
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
CVE-2022-45382 1 Jenkins 1 Naginator 2025-04-30 5.4 Medium
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
CVE-2022-44378 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2025-04-30 7.2 High
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
CVE-2022-44204 1 Dlink 2 Dir-3060, Dir-3060 Firmware 2025-04-30 9.8 Critical
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
CVE-2022-44005 1 Backclick 1 Backclick 2025-04-30 5.3 Medium
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent.
CVE-2022-44004 1 Backclick 1 Backclick 2025-04-30 9.8 Critical
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.
CVE-2022-44003 1 Backclick 1 Backclick 2025-04-30 9.8 Critical
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.
CVE-2022-43673 1 Wire 1 Wire 2025-04-30 4.7 Medium
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
CVE-2022-43308 1 Intelbras 4 Sg 2404 Mr, Sg 2404 Mr Firmware, Sg 2404 Poe and 1 more 2025-04-30 7.8 High
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
CVE-2022-43140 1 Keking 1 Kkfileview 2025-04-30 7.5 High
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
CVE-2022-43138 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-30 9.8 Critical
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
CVE-2022-42982 1 Bund 1 Bkg Professional Ntripcaster 2025-04-30 7.5 High
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
CVE-2022-42904 1 Zohocorp 1 Manageengine Admanager Plus 2025-04-30 7.2 High
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.
CVE-2022-3600 1 Awesomemotive 1 Easy Digital Downloads 2025-04-30 9.8 Critical
The Easy Digital Downloads WordPress plugin before 3.1.0.2 does not validate data when its output in a CSV file, which could lead to CSV injection.
CVE-2022-3336 1 Awplife 1 Event Monster 2025-04-30 4.3 Medium
The Event Monster WordPress plugin before 1.2.0 does not have CSRF check when deleting visitors, which could allow attackers to make logged in admin delete arbitrary visitors via a CSRF attack