Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 363284 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (363284 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-45894 | 1 Bluecms Project | 1 Bluecms | 2025-04-23 | 4.9 Medium |
| BlueCMS 1.6 suffers from Arbitrary File Deletion via the file_name parameter in an /admin/database.php?act=del request. | ||||
| CVE-2024-46078 | 2 Adonesevangelista, Sports Management System Project | 2 Sports Management System, Sports Management System | 2025-04-23 | 7.5 High |
| itsourcecode Sports Management System Project 1.0 is vulnerable to SQL Injection in the function delete_category of the file sports_scheduling/player.php via the argument id. | ||||
| CVE-2024-41290 | 1 Flatpress | 1 Flatpress | 2025-04-23 | 8.1 High |
| FlatPress CMS v1.3.1 1.3 was discovered to use insecure methods to store authentication data via the cookie's component. | ||||
| CVE-2024-48454 | 2 Oretnom23, Purchase Order Management System Project | 2 Purchase Order Management System, Purchase Order Management System | 2025-04-23 | 7.2 High |
| An issue in SourceCodester Purchase Order Management System v1.0 allows a remote attacker to execute arbitrary code via the /admin?page=user component | ||||
| CVE-2022-30354 | 1 Ovaledge | 1 Ovaledge | 2025-04-23 | 7.5 High |
| OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserWithTeam. Authentication is required. The information disclosed is associated with all registered user ID numbers. | ||||
| CVE-2025-3441 | 2025-04-22 | N/A | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2022-4123 | 2 Fedoraproject, Podman Project | 2 Fedora, Podman | 2025-04-22 | 3.3 Low |
| A flaw was found in Buildah. The local path and the lowest subdirectory may be disclosed due to incorrect absolute path traversal, resulting in an impact to confidentiality. | ||||
| CVE-2022-4122 | 3 Fedoraproject, Podman Project, Redhat | 4 Fedora, Podman, Enterprise Linux and 1 more | 2025-04-22 | 5.3 Medium |
| A vulnerability was found in buildah. Incorrect following of symlinks while reading .containerignore and .dockerignore results in information disclosure. | ||||
| CVE-2022-45910 | 1 Apache | 1 Manifoldcf | 2025-04-22 | 5.3 Medium |
| Improper neutralization of special elements used in an LDAP query ('LDAP Injection') vulnerability in ActiveDirectory and Sharepoint ActiveDirectory authority connectors of Apache ManifoldCF allows an attacker to manipulate the LDAP search queries (DoS, additional queries, filter manipulation) during user lookup, if the username or the domain string are passed to the UserACLs servlet without validation. This issue affects Apache ManifoldCF version 2.23 and prior versions. | ||||
| CVE-2022-44213 | 1 Zkteco | 1 Automatic Data Master Server | 2025-04-22 | 4.8 Medium |
| ZKTeco Xiamen Information Technology ZKBio ECO ADMS <=3.1-164 is vulnerable to Cross Site Scripting (XSS). | ||||
| CVE-2022-44031 | 1 Redmine | 1 Redmine | 2025-04-22 | 6.1 Medium |
| Redmine before 4.2.9 and 5.0.x before 5.0.4 allows persistent XSS in its Textile formatter due to improper sanitization of the blockquote syntax in Textile-formatted fields. | ||||
| CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2025-04-22 | 9.3 Critical |
| The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | ||||
| CVE-2022-40939 | 1 Secu | 2 Secustation, Secustation Firmware | 2025-04-22 | 4.9 Medium |
| In certain Secustation products the administrator account password can be read. This affects V2.5.5.3116-S50-SMA-B20171107A, V2.3.4.1301-M20-TSA-B20150617A, V2.5.5.3116-S50-RXA-B20180502A, V2.5.5.3116-S50-SMA-B20190723A, V2.5.5.3116-S50-SMB-B20161012A, V2.3.4.2103-S50-NTD-B20170508B, V2.5.5.3116-S50-SMB-B20160601A, V2.5.5.2601-S50-TSA-B20151229A, and V2.5.5.3116-S50-SMA-B20170217. | ||||
| CVE-2022-3906 | 1 Whitestudio | 1 Easy Form Builder | 2025-04-22 | 4.8 Medium |
| The Easy Form Builder WordPress plugin before 3.4.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-3259 | 1 Redhat | 1 Openshift | 2025-04-22 | 7.4 High |
| Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-34297 | 1 Yiiframework | 1 Gii | 2025-04-22 | 5.4 Medium |
| Yii Yii2 Gii through 2.2.4 allows stored XSS by injecting a payload into any field. | ||||
| CVE-2022-25912 | 1 Simple-git Project | 1 Simple-git | 2025-04-22 | 8.1 High |
| The package simple-git before 3.15.0 are vulnerable to Remote Code Execution (RCE) when enabling the ext transport protocol, which makes it exploitable via clone() method. This vulnerability exists due to an incomplete fix of [CVE-2022-24066](https://security.snyk.io/vuln/SNYK-JS-SIMPLEGIT-2434306). | ||||
| CVE-2022-25837 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-04-22 | 7.5 High |
| Bluetooth® Pairing in Bluetooth Core Specification v1.0B through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when at least one device supports BR/EDR Secure Connections pairing and the other BR/EDR Legacy PIN code pairing if the MITM negotiates BR/EDR Secure Simple Pairing in Secure Connections mode using the Passkey association model with the pairing Initiator and BR/EDR Legacy PIN code pairing with the pairing Responder and brute forces the Passkey entered by the user into the Responder as a 6-digit PIN code. The MITM attacker can use the identified PIN code value as the Passkey value to complete authentication with the Initiator via Bluetooth pairing method confusion. | ||||
| CVE-2022-25836 | 1 Bluetooth | 1 Bluetooth Core Specification | 2025-04-22 | 7.5 High |
| Bluetooth® Low Energy Pairing in Bluetooth Core Specification v4.0 through v5.3 may permit an unauthenticated MITM to acquire credentials with two pairing devices via adjacent access when the MITM negotiates Legacy Passkey Pairing with the pairing Initiator and Secure Connections Passkey Pairing with the pairing Responder and brute forces the Passkey entered by the user into the Initiator. The MITM attacker can use the identified Passkey value to complete authentication with the Responder via Bluetooth pairing method confusion. | ||||
| CVE-2021-41943 | 1 Logrhythm | 1 Logrhythm | 2025-04-22 | 6.1 Medium |
| Logrhythm Web Console 7.4.9 allows for HTML tag injection through Contextualize Action -> Create a new Contextualize Action -> Inject your HTML tag in the name field. | ||||