Export limit exceeded: 343957 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8022 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-27673 | 1 Printerlogic | 2 Vasion Print, Virtual Appliance | 2025-04-01 | 9.1 Critical |
| Vasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.843 Application 20.0.1923 allows Cookie Returned in Response Body OVE-20230524-0017. | ||||
| CVE-2025-25586 | 1 R1bbit | 1 Yimioa | 2025-04-01 | 4.2 Medium |
| yimioa before v2024.07.04 was discovered to contain an information disclosure vulnerability via the component /resources/application.yml. | ||||
| CVE-2025-25211 | 2025-04-01 | 9.8 Critical | ||
| Weak password requirements issue exists in CHOCO TEI WATCHER mini (IB-MCT001) all versions. If this issue is exploited, a brute-force attack may allow an attacker unauthorized access and login. | ||||
| CVE-2025-31129 | 2025-04-01 | 8.8 High | ||
| Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x). | ||||
| CVE-2025-29310 | 1 Opennetworking | 1 Onos | 2025-04-01 | 9.8 Critical |
| An issue in onos v2.7.0 allows attackers to trigger a packet deserialization problem when supplying a crafted LLDP packet. This vulnerability allows attackers to execute arbitrary commands or access network information. | ||||
| CVE-2022-26329 | 1 Netiq | 1 Identity Manager | 2025-04-01 | 1.8 Low |
| File existence disclosure vulnerability in NetIQ Identity Manager plugin prior to version 4.8.5 allows attacker to determine whether a file exists on the filesystem. This issue affects: Micro Focus NetIQ Identity Manager NetIQ Identity Manager versions prior to 4.8.5 on ALL. | ||||
| CVE-2023-27545 | 1 Ibm | 1 Cloud Pak For Data | 2025-04-01 | 4 Medium |
| IBM Watson CloudPak for Data Data Stores information disclosure 4.6.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 248947. | ||||
| CVE-2022-31710 | 1 Vmware | 1 Vrealize Log Insight | 2025-04-01 | 7.5 High |
| vRealize Log Insight contains a deserialization vulnerability. An unauthenticated malicious actor can remotely trigger the deserialization of untrusted data which could result in a denial of service. | ||||
| CVE-2023-6259 | 1 Brivo | 4 Acs100, Acs100 Firmware, Acs300 and 1 more | 2025-04-01 | 7.1 High |
| Insufficiently Protected Credentials, : Improper Access Control vulnerability in Brivo ACS100, ACS300 allows Password Recovery Exploitation, Bypassing Physical Security.This issue affects ACS100, ACS300: from 5.2.4 before 6.2.4.3. | ||||
| CVE-2025-22369 | 2025-04-01 | N/A | ||
| The ReadFile endpoint of the firmware for Mennekes Smart / Premium Chargingpoints can be abused to read arbitrary files from the underlying OS. | ||||
| CVE-2021-39342 | 1 Credova | 1 Financial | 2025-03-31 | 5.3 Medium |
| The Credova_Financial WordPress plugin discloses a site's associated Credova API account username and password in plaintext via an AJAX action whenever a site user goes to checkout on a page that has the Credova Financing option enabled. This affects versions up to, and including, 1.4.8. | ||||
| CVE-2021-39321 | 1 Heateor | 1 Sassy Social Share | 2025-03-31 | 8.8 High |
| Version 3.3.23 of the Sassy Social Share WordPress plugin is vulnerable to PHP Object Injection via the wp_ajax_heateor_sss_import_config AJAX action due to deserialization of unvalidated user supplied inputs via the import_config function found in the ~/admin/class-sassy-social-share-admin.php file. This can be exploited by underprivileged authenticated users due to a missing capability check on the import_config function. | ||||
| CVE-2022-47951 | 3 Debian, Openstack, Redhat | 5 Debian Linux, Cinder, Glance and 2 more | 2025-03-31 | 5.7 Medium |
| An issue was discovered in OpenStack Cinder before 19.1.2, 20.x before 20.0.2, and 21.0.0; Glance before 23.0.1, 24.x before 24.1.1, and 25.0.0; and Nova before 24.1.2, 25.x before 25.0.2, and 26.0.0. By supplying a specially created VMDK flat image that references a specific backing file path, an authenticated user may convince systems to return a copy of that file's contents from the server, resulting in unauthorized access to potentially sensitive data. | ||||
| CVE-2022-46967 | 1 Revenue Collection System Project | 1 Revenue Collection System | 2025-03-31 | 9.8 Critical |
| An access control issue in Revenue Collection System v1.0 allows unauthenticated attackers to view the contents of /admin/DBbackup/ directory. | ||||
| CVE-2015-4715 | 1 Owncloud | 2 Owncloud, Owncloud Server | 2025-03-31 | 4.9 Medium |
| The fetch function in OAuth/Curl.php in Dropbox-PHP, as used in ownCloud Server before 6.0.8, 7.x before 7.0.6, and 8.x before 8.0.4 when an external Dropbox storage has been mounted, allows remote administrators of Dropbox.com to read arbitrary files via an @ (at sign) character in unspecified POST values. | ||||
| CVE-2023-35789 | 2 Rabbitmq-c Project, Redhat | 2 Rabbitmq-c, Enterprise Linux | 2025-03-30 | 5.5 Medium |
| An issue was discovered in the C AMQP client library (aka rabbitmq-c) through 0.13.0 for RabbitMQ. Credentials can only be entered on the command line (e.g., for amqp-publish or amqp-consume) and are thus visible to local attackers by listing a process and its arguments. | ||||
| CVE-2024-23760 | 1 Gambio | 1 Gambio | 2025-03-28 | 2.7 Low |
| Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. | ||||
| CVE-2024-26579 | 2 Apache, Apache Software Foundation | 2 Inlong, Apache Inlong | 2025-03-28 | 9.8 Critical |
| Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.7.0 through 1.11.0, the attackers can bypass using malicious parameters. Users are advised to upgrade to Apache InLong's 1.12.0 or cherry-pick [1], [2] to solve it. [1] https://github.com/apache/inlong/pull/9694 [2] https://github.com/apache/inlong/pull/9707 | ||||
| CVE-2025-2908 | 2025-03-28 | N/A | ||
| The exposure of credentials in the call forwarding configuration module in MeetMe products in versions prior to 2024-09 allows an attacker to gain access to some important assets via configuration files. | ||||
| CVE-2025-25799 | 1 Seacms | 1 Seacms | 2025-03-28 | 6 Medium |
| SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. | ||||