Export limit exceeded: 25200 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25200 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-0022 | 1 Google | 1 Android | 2025-03-27 | 5.5 Medium |
| In multiple functions of CompanionDeviceManagerService.java, there is a possible launch NotificationAccessConfirmationActivity of another user profile due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2023-0284 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2025-03-27 | 6.8 Medium |
| Improper Input Validation of LDAP user IDs in Tribe29 Checkmk allows attackers that can control LDAP user IDs to manipulate files on the server. Checkmk <= 2.1.0p19, Checkmk <= 2.0.0p32, and all versions of Checkmk 1.6.0 (EOL) are affected. | ||||
| CVE-2023-0321 | 1 Campbellsci | 10 Cr1000, Cr1000 Firmware, Cr300 and 7 more | 2025-03-27 | 9.1 Critical |
| Campbell Scientific dataloggers CR6, CR300, CR800, CR1000 and CR3000 may allow an attacker to download configuration files, which may contain sensitive information about the internal network. From factory defaults, the mentioned datalogges have HTTP and PakBus enabled. The devices, with the default configuration, allow this situation via the PakBus port. The exploitation of this vulnerability may allow an attacker to download, modify, and upload new configuration files. | ||||
| CVE-2022-32984 | 1 Btcpayserver | 1 Btcpay Server | 2025-03-27 | 7.5 High |
| BTCPay Server 1.3.0 through 1.5.3 allows a remote attacker to obtain sensitive information when a public Point of Sale app is exposed. The sensitive information, found in the HTML source code, includes the xpub of the store. Also, if the store isn't using the internal lightning node, the credentials of a lightning node are exposed. | ||||
| CVE-2022-34885 | 1 Motorola | 2 Mr2600, Mr2600 Firmware | 2025-03-27 | 7.2 High |
| An improper input sanitization vulnerability in the Motorola MR2600 router could allow a local user with elevated permissions to execute arbitrary code. | ||||
| CVE-2022-39060 | 1 Changingtec | 1 Megaservisignadapter | 2025-03-27 | 9.8 Critical |
| ChangingTech MegaServiSignAdapter component has a vulnerability of improper input validation. An unauthenticated remote attacker can exploit this vulnerability to access and modify HKEY_CURRENT_USER subkey (ex: AutoRUN) in Registry where malicious scripts can be executed to take control of the system or to terminate the service. | ||||
| CVE-2024-31310 | 1 Google | 1 Android | 2025-03-27 | 7.8 High |
| In newServiceInfoLocked of AutofillManagerServiceImpl.java, there is a possible way to hide an enabled Autofill service app in the Autofill service settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | ||||
| CVE-2023-7060 | 1 Zephyrproject | 1 Zephyr | 2025-03-27 | 8.6 High |
| Zephyr OS IP packet handling does not properly drop IP packets arriving on an external interface with a source address equal to 127.0.01 or the destination address. | ||||
| CVE-2023-21833 | 1 Oracle | 1 Zfs Storage Appliance Kit | 2025-03-27 | 4.3 Medium |
| Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). | ||||
| CVE-2022-4206 | 1 Gitlab | 1 Dast Api Scanner | 2025-03-27 | 5 Medium |
| A sensitive information leak issue has been discovered in all versions of DAST API scanner from 1.6.50 prior to 2.0.102, exposing the Authorization header in the vulnerability report | ||||
| CVE-2022-44644 | 1 Apache | 1 Linkis | 2025-03-27 | 6.5 Medium |
| In Apache Linkis <=1.3.0 when used with the MySQL Connector/J in the data source module, an authenticated attacker could read arbitrary local files by connecting a rogue MySQL server, By adding allowLoadLocalInfile to true in the JDBC parameter. Therefore, the parameters in the JDBC URL should be blacklisted. Versions of Apache Linkis <= 1.3.0 will be affected. We recommend users upgrade the version of Linkis to version 1.3.1 | ||||
| CVE-2025-30344 | 1 Openslides | 1 Openslides | 2025-03-27 | 5.3 Medium |
| An issue was discovered in OpenSlides before 4.2.5. During login at the /system/auth/login/ endpoint, the system's response times differ depending on whether a user exists in the system. The timing discrepancy stems from the omitted hashing of the password (e.g., more than 100 milliseconds). | ||||
| CVE-2022-34443 | 1 Dell | 1 Rugged Control Center | 2025-03-27 | 7.8 High |
| Dell Rugged Control Center, versions prior to 4.5, contain an Improper Input Validation in the Service EndPoint. A Local Low Privilege attacker could potentially exploit this vulnerability, leading to an Escalation of privileges. | ||||
| CVE-2024-0436 | 1 Mintplexlabs | 1 Anythingllm | 2025-03-27 | 5.9 Medium |
| Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute | ||||
| CVE-2022-32482 | 1 Dell | 378 Alienware M15 R6, Alienware M15 R6 Firmware, Alienware M15 R7 and 375 more | 2025-03-26 | 5.6 Medium |
| Dell BIOS contains an improper input validation vulnerability. A local authenticated malicious user with admin privileges may potentially exploit this vulnerability in order to modify a UEFI variable. | ||||
| CVE-2025-2622 | 1 Aizuda | 1 Snail-job | 2025-03-26 | 6.3 Medium |
| A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipulation of the argument nodeExpression leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2024-26309 | 1 Archerirm | 1 Archer | 2025-03-26 | 5.3 Medium |
| Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL. | ||||
| CVE-2022-47070 | 1 Nvs365 | 2 Nvs-365-v01, Nvs-365-v01 Firmware | 2025-03-26 | 7.5 High |
| NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | ||||
| CVE-2023-20606 | 2 Google, Mediatek | 4 Android, Mt6879, Mt6895 and 1 more | 2025-03-26 | 4.4 Medium |
| In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104. | ||||
| CVE-2022-47367 | 2 Google, Unisoc | 14 Android, S8000, Sc7731e and 11 more | 2025-03-26 | 4.8 Medium |
| In bluetooth driver, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. | ||||