Export limit exceeded: 348500 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35019 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-25183 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier uses the names of Pipeline libraries to create cache directories without any sanitization, allowing attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM using specially crafted library names if a global Pipeline library configured to use caching already exists. | ||||
| CVE-2022-25182 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code on the Jenkins controller JVM using specially crafted library names if a global Pipeline library is already configured. | ||||
| CVE-2022-25181 | 2 Jenkins, Redhat | 2 Pipeline\, Openshift | 2024-11-21 | 8.8 High |
| A sandbox bypass vulnerability in Jenkins Pipeline: Shared Groovy Libraries Plugin 552.vd9cc05b8a2e1 and earlier allows attackers with Item/Configure permission to execute arbitrary code in the context of the Jenkins controller JVM through crafted SCM contents, if a global Pipeline library already exists. | ||||
| CVE-2022-25167 | 1 Apache | 1 Flume | 2024-11-21 | 9.8 Critical |
| Apache Flume versions 1.4.0 through 1.9.0 are vulnerable to a remote code execution (RCE) attack when a configuration uses a JMS Source with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI to allow only the use of the java protocol or no protocol. | ||||
| CVE-2022-25101 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.8 High |
| A vulnerability in the component /templates/install.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25099 | 1 Wbce | 1 Wbce Cms | 2024-11-21 | 7.8 High |
| A vulnerability in the component /languages/index.php of WBCE CMS v1.5.2 allows attackers to execute arbitrary code via a crafted PHP file. | ||||
| CVE-2022-25098 | 1 Ectouch | 1 Ectouch | 2024-11-21 | 9.1 Critical |
| ECTouch v2 suffers from arbitrary file deletion due to insufficient filtering of the filename parameter. | ||||
| CVE-2022-25095 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 9.8 Critical |
| Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request. | ||||
| CVE-2022-25094 | 1 Home Owners Collection Management System Project | 1 Home Owners Collection Management System | 2024-11-21 | 8.8 High |
| Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php. | ||||
| CVE-2022-24974 | 1 Menlosecurity | 1 Email Isolation | 2024-11-21 | 5.3 Medium |
| Links may not be rewritten according to policy in some specially formatted emails. | ||||
| CVE-2022-24961 | 1 Portainer | 1 Portainer | 2024-11-21 | 9.8 Critical |
| In Portainer Agent before 2.11.1, an API server can continue running even if not associated with a Portainer instance in the past few days. | ||||
| CVE-2022-24934 | 1 Wps | 1 Wps Office | 2024-11-21 | 9.8 Critical |
| wpsupdater.exe in Kingsoft WPS Office through 11.2.0.10382 allows remote code execution by modifying HKEY_CURRENT_USER in the registry. | ||||
| CVE-2022-24929 | 1 Google | 1 Android | 2024-11-21 | 4.1 Medium |
| Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | ||||
| CVE-2022-24928 | 1 Google | 1 Android | 2024-11-21 | 5.9 Medium |
| Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. | ||||
| CVE-2022-24916 | 1 Optimism | 1 Eth-optimism\/l2geth | 2024-11-21 | 7.5 High |
| Optimism before @eth-optimism/l2geth@0.5.11 allows economic griefing because a balance is duplicated upon contract self-destruction. | ||||
| CVE-2022-24696 | 1 Mirametrix | 1 Glance | 2024-11-21 | 7.8 High |
| Mirametrix Glance before 5.1.1.42207 (released on 2018-08-30) allows a local attacker to elevate privileges. NOTE: this is unrelated to products from the glance.com and glance.net websites. | ||||
| CVE-2022-24687 | 1 Hashicorp | 1 Consul | 2024-11-21 | 6.5 Medium |
| HashiCorp Consul and Consul Enterprise 1.9.0 through 1.9.14, 1.10.7, and 1.11.2 clusters with at least one Ingress Gateway allow a user with service:write to register a specifically-defined service that can cause Consul servers to panic. Fixed in 1.9.15, 1.10.8, and 1.11.3. | ||||
| CVE-2022-24684 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 6.5 Medium |
| HashiCorp Nomad and Nomad Enterprise 0.9.0 through 1.0.16, 1.1.11, and 1.2.5 allow operators with job-submit capabilities to use the spread stanza to panic server agents. Fixed in 1.0.18, 1.1.12, and 1.2.6. | ||||
| CVE-2022-24683 | 1 Hashicorp | 1 Nomad | 2024-11-21 | 7.5 High |
| HashiCorp Nomad and Nomad Enterprise 0.9.2 through 1.0.17, 1.1.11, and 1.2.5 allow operators with read-fs and alloc-exec (or job-submit) capabilities to read arbitrary files on the host filesystem as root. | ||||
| CVE-2022-24677 | 1 Hyphp | 1 Hybbs2 | 2024-11-21 | 9.8 Critical |
| Admin.php in HYBBS2 through 2.3.2 allows remote code execution because it writes plugin-related configuration information to conf.php. | ||||