Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10619 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-24339 | 2025-05-02 | 5 Medium | ||
| A vulnerability in the web application of ctrlX OS allows a remote unauthenticated attacker to conduct various attacks against users of the vulnerable system, including web cache poisoning or Man-in-the-Middle (MitM), via a crafted HTTP request. | ||||
| CVE-2022-3486 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 4.7 Medium |
| An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. | ||||
| CVE-2022-3280 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 3.5 Low |
| An open redirect in GitLab CE/EE affecting all versions from 10.1 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick users into visiting a trustworthy URL and being redirected to arbitrary content. | ||||
| CVE-2022-32610 | 2 Google, Mediatek | 33 Android, Mt6762, Mt6768 and 30 more | 2025-05-01 | 6.4 Medium |
| In vcu, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203476; Issue ID: ALPS07203476. | ||||
| CVE-2022-27516 | 1 Citrix | 3 Application Delivery Controller, Application Delivery Controller Firmware, Gateway | 2025-05-01 | 5.3 Medium |
| User login brute force protection functionality bypass | ||||
| CVE-2022-45196 | 1 Hyperledger | 1 Fabric | 2025-05-01 | 7.5 High |
| Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. | ||||
| CVE-2022-26446 | 1 Mediatek | 56 Lr12a, Lr13, Mt2731 and 53 more | 2025-05-01 | 7.5 High |
| In Modem 4G RRC, there is a possible system crash due to improper input validation. This could lead to remote denial of service, when concatenating improper SIB12 (CMAS message), with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00867883; Issue ID: ALPS07274118. | ||||
| CVE-2022-3866 | 1 Hashicorp | 1 Nomad | 2025-05-01 | 5 Medium |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 workload identity token can list non-sensitive metadata for paths under nomad/ that belong to other jobs in the same namespace. Fixed in 1.4.2. | ||||
| CVE-2022-3867 | 1 Hashicorp | 1 Nomad | 2025-05-01 | 2.7 Low |
| HashiCorp Nomad and Nomad Enterprise 1.4.0 up to 1.4.1 event stream subscribers using a token with TTL receive updates until token garbage is collected. Fixed in 1.4.2. | ||||
| CVE-2022-44747 | 1 Acronis | 1 Cyber Protect Home Office | 2025-05-01 | 7.8 High |
| Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40107. | ||||
| CVE-2022-3413 | 1 Gitlab | 1 Gitlab | 2025-05-01 | 4.3 Medium |
| Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above. | ||||
| CVE-2022-37927 | 1 Hpe | 1 Oneview Global Dashboard | 2025-05-01 | 6.1 Medium |
| URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Hewlett Packard Enterprise HPE OneView Global Dashboard (OVGD). | ||||
| CVE-2022-41207 | 1 Sap | 1 Biller Direct | 2025-05-01 | 6.1 Medium |
| SAP Biller Direct allows an unauthenticated attacker to craft a legitimate looking URL. When clicked by an unsuspecting victim, it will use an unsensitized parameter to redirect the victim to a malicious site of the attacker's choosing which can result in disclosure or modification of the victim's information. | ||||
| CVE-2023-7198 | 2 Jeroensormani, Wp-dashboard-notes | 2 Wp Dashboard Notes, Wp Dashboard Notes | 2025-05-01 | 4.3 Medium |
| The WP Dashboard Notes WordPress plugin before 1.0.11 is vulnerable to Insecure Direct Object References (IDOR) in post_id= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises the integrity and privacy of user data. | ||||
| CVE-2022-45194 | 1 Bruhn-newtech | 1 Cbrn-analysis | 2025-05-01 | 3.8 Low |
| CBRN-Analysis before 22 allows XXE attacks via am mws XML document, leading to NTLMv2-SSP hash disclosure. | ||||
| CVE-2022-44560 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 5.3 Medium |
| The launcher module has an Intent redirection vulnerability. Successful exploitation of this vulnerability may cause launcher module data to be modified. | ||||
| CVE-2022-42129 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | 4.3 Medium |
| An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | ||||
| CVE-2022-45386 | 1 Jenkins | 1 Violations | 2025-04-30 | 5.5 Medium |
| Jenkins Violations Plugin 0.7.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-3362 | 1 Ikus-soft | 1 Rdiffweb | 2025-04-30 | 9.8 Critical |
| Insufficient Session Expiration in GitHub repository ikus060/rdiffweb prior to 2.5.0. | ||||
| CVE-2022-45395 | 1 Jenkins | 1 Cccc | 2025-04-30 | 9.8 Critical |
| Jenkins CCCC Plugin 0.6 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||