Export limit exceeded: 364869 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (364869 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-43928 | 1 Infodraw | 2 Pmrs-102, Pmrs-102 Firmware | 2025-04-24 | 5.8 Medium |
| In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing. | ||||
| CVE-2024-1267 | 1 Codeastro | 1 Restaurant Pos System | 2025-04-24 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability. | ||||
| CVE-2024-23447 | 1 Elastic | 1 Network Drive Connector | 2025-04-24 | 5.3 Medium |
| An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. | ||||
| CVE-2024-24091 | 1 Yealink | 2 Meeting Server, Yealink Meeting Server | 2025-04-24 | 9.8 Critical |
| Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. | ||||
| CVE-2024-22464 | 1 Dell | 1 Emc Appsync | 2025-04-24 | 6.2 Medium |
| Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. | ||||
| CVE-2024-20810 | 1 Samsung | 1 Android | 2025-04-24 | 3.3 Low |
| Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2024-20822 | 1 Samsung | 1 Galaxy Store | 2025-04-24 | 5.5 Medium |
| Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||
| CVE-2024-1246 | 1 Concretecms | 1 Concrete Cms | 2025-04-24 | 2 Low |
| Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. | ||||
| CVE-2025-43929 | 1 Kovidgoyal | 1 Kitty | 2025-04-24 | 4.1 Medium |
| open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter). | ||||
| CVE-2023-50957 | 1 Ibm | 1 Storage Defender Resiliency Service | 2025-04-24 | 8 High |
| IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783. | ||||
| CVE-2024-25718 | 2 Dropbox, Samly | 2 Samly, Elixr | 2025-04-24 | 9.1 Critical |
| In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. | ||||
| CVE-2024-1433 | 1 Kde | 1 Plasma-workspace | 2025-04-24 | 3.1 Low |
| A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes. | ||||
| CVE-2025-3821 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 2.4 Low |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file add-admin.php. The manipulation of the argument txtpassword/txtfullname/txtemail leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-34310 | 2 Ibm, Linux | 2 Cics Tx, Linux Kernel | 2025-04-24 | 5.9 Medium |
| IBM CICS TX Standard and Advanced 11.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 229441. | ||||
| CVE-2024-0169 | 1 Dell | 1 Unity Operating Environment | 2025-04-24 | 5.7 Medium |
| Dell Unity, version(s) 5.3 and prior, contain(s) an Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure. | ||||
| CVE-2023-42374 | 1 Mystenlabs | 2 Sui, Sui Blockchain | 2025-04-24 | 9.8 Critical |
| An issue in mystenlabs Sui Blockchain before v.1.6.3 allow a remote attacker to execute arbitrary code and cause a denial of service via a crafted compressed script to the Sui node component. | ||||
| CVE-2023-52431 | 2 Plack\, Plack Middleware | 2 \, Xsrf Block Package For Perl | 2025-04-24 | 8.8 High |
| The Plack::Middleware::XSRFBlock package before 0.0.19 for Perl allows attackers to bypass a CSRF protection mechanism via an empty form value and an empty cookie (if signed cookies are disabled). | ||||
| CVE-2025-3822 | 1 Senior-walter | 1 Web-based Pharmacy Product Management System | 2025-04-24 | 2.4 Low |
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file changepassword.php. The manipulation of the argument txtconfirm_password/txtnew_password/txtold_password leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-22132 | 1 Sap | 1 Ides Ecc | 2025-04-24 | 7.4 High |
| SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. | ||||
| CVE-2023-6072 | 1 Trellix | 1 Central Management System | 2025-04-24 | 4.6 Medium |
| A cross-site scripting vulnerability in Trellix Central Management (CM) prior to 9.1.3.97129 allows a remote authenticated attacker to craft CM dashboard internal requests causing arbitrary content to be injected into the response when accessing the CM dashboard. | ||||