Export limit exceeded: 363304 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363304 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45145 | 1 Call-cc | 1 Chicken | 2025-04-23 | 9.8 Critical |
| egg-compile.scm in CHICKEN 5.x before 5.3.1 allows arbitrary OS command execution during package installation via escape characters in a .egg file. | ||||
| CVE-2022-45009 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 7.2 High |
| Online Leave Management System v1.0 was discovered to contain an arbitrary file upload vulnerability at /leave_system/classes/SystemSettings.php?f=update_settings. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-45008 | 1 Online Leave Management System Project | 1 Online Leave Management System | 2025-04-23 | 4.8 Medium |
| Online Leave Management System v1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the component /leave_system/admin/?page=maintenance/department. This vulnerability allows attackers to execute arbitrary web scripts or HTML via crafted payload injected into the Name field under the Create New module. | ||||
| CVE-2022-44942 | 1 Casbin | 1 Casdoor | 2025-04-23 | 8.1 High |
| Casdoor before v1.126.1 was discovered to contain an arbitrary file deletion vulnerability via the uploadFile function. | ||||
| CVE-2022-44849 | 1 Metinfo | 1 Metinfo | 2025-04-23 | 8.8 High |
| A Cross-Site Request Forgery (CSRF) in the Administrator List of MetInfo v7.7 allows attackers to arbitrarily add Super Administrator account. | ||||
| CVE-2022-44637 | 1 Redmine | 1 Redmine | 2025-04-23 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization in Redcloth3 Textile-formatted fields. Depending on the configuration, this may require login as a registered user. | ||||
| CVE-2022-44620 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| Improper authentication vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44608 | 1 Cybozu | 1 Cybozu Remote Service | 2025-04-23 | 7.5 High |
| Uncontrolled resource consumption vulnerability in Cybozu Remote Service 4.0.0 to 4.0.3 allows a remote authenticated attacker to consume huge storage space, which may result in a denial-of-service (DoS) condition. | ||||
| CVE-2022-44606 | 1 Unimo | 6 Udr-ja1604, Udr-ja1604 Firmware, Udr-ja1608 and 3 more | 2025-04-23 | 8.8 High |
| OS command injection vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings. | ||||
| CVE-2022-44393 | 1 Sanitization Management System Project | 1 Sanitization Management System | 2025-04-23 | 7.2 High |
| Sanitization Management System v1.0 is vulnerable to SQL Injection via /php-sms/admin/?page=services/view_service&id=. | ||||
| CVE-2022-44373 | 1 Trendnet | 2 Tew-820ap, Tew-820ap Firmware | 2025-04-23 | 8.8 High |
| A stack overflow vulnerability exists in TrendNet Wireless AC Easy-Upgrader TEW-820AP (Version v1.0R, firmware version 1.01.B01) which may result in remote code execution. | ||||
| CVE-2022-44371 | 1 Hope-boot Project | 1 Hope-boot | 2025-04-23 | 9.8 Critical |
| hope-boot 1.0.0 has a deserialization vulnerability that can cause Remote Code Execution (RCE). | ||||
| CVE-2022-43668 | 1 Typora | 1 Typora | 2025-04-23 | 6.1 Medium |
| Typora versions prior to 1.4.4 fails to properly neutralize JavaScript code, which may result in executing JavaScript code contained in the file when opening a file with the affected product. | ||||
| CVE-2022-43667 | 1 Omron | 1 Cx-programmer | 2025-04-23 | 7.8 High |
| Stack-based buffer overflow vulnerability exists in CX-Programmer v.9.77 and earlier, which may lead to information disclosure and/or arbitrary code execution by having a user to open a specially crafted CXP file. | ||||
| CVE-2022-43660 | 1 Sixapart | 1 Movable Type | 2025-04-23 | 7.2 High |
| Improper neutralization of Server-Side Includes (SSW) within a web page in Movable Type series allows a remote authenticated attacker with Privilege of 'Manage of Content Types' may execute an arbitrary Perl script and/or an arbitrary OS command. Affected products/versions are as follows: Movable Type 7 r.5301 and earlier (Movable Type 7 Series), Movable Type Advanced 7 r.5301 and earlier (Movable Type Advanced 7 Series), Movable Type Premium 1.53 and earlier, and Movable Type Premium Advanced 1.53 and earlier. | ||||
| CVE-2022-3641 | 1 Devolutions | 1 Remote Desktop Manager | 2025-04-23 | 8.8 High |
| Elevation of privilege in the Azure SQL Data Source in Devolutions Remote Desktop Manager 2022.3.13 to 2022.3.24 allows an authenticated user to spoof a privileged account. | ||||
| CVE-2022-40242 | 1 Ami | 1 Megarac Sp-x | 2025-04-23 | 7.5 High |
| MegaRAC Default Credentials Vulnerability | ||||
| CVE-2022-34881 | 3 Hitachi, Linux, Microsoft | 3 Jp1\/automatic Operation, Linux Kernel, Windows | 2025-04-23 | 3.3 Low |
| Generation of Error Message Containing Sensitive Information vulnerability in Hitachi JP1/Automatic Operation allows local users to gain sensitive information. This issue affects JP1/Automatic Operation: from 10-00 through 10-54-03, from 11-00 before 11-51-09, from 12-00 before 12-60-01. | ||||
| CVE-2024-20039 | 1 Mediatek | 80 Lr12a, Lr13, Mt2731 and 77 more | 2025-04-23 | 8.8 High |
| In modem protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01240012; Issue ID: MSV-1215. | ||||
| CVE-2024-20040 | 6 Google, Linux, Linuxfoundation and 3 more | 57 Android, Linux Kernel, Yocto and 54 more | 2025-04-23 | 8.8 High |
| In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08360153 (for MT6XXX chipsets) / WCNCR00363530 (for MT79XX chipsets); Issue ID: MSV-979. | ||||