Export limit exceeded: 359534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359534 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29948 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-39057 | 1 Changingtec | 1 Rava Certificate Validation System | 2025-05-08 | 7.2 High |
| RAVA certificate validation system has insufficient filtering for special parameter of the web page input field. A remote attacker with administrator privilege can exploit this vulnerability to perform arbitrary system command and disrupt service. | ||||
| CVE-2022-43435 | 1 Jenkins | 1 360 Fireline | 2025-05-08 | 5.3 Medium |
| Jenkins 360 FireLine Plugin 1.7.2 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. | ||||
| CVE-2022-36454 | 1 Mitel | 1 Micollab | 2025-05-07 | 6.5 Medium |
| A vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to impersonate another user's name. | ||||
| CVE-2022-36453 | 1 Mitel | 1 Micollab | 2025-05-07 | 8.8 High |
| A vulnerability in the MiCollab Client API of Mitel MiCollab 9.1.3 through 9.5.0.101 could allow an authenticated attacker to modify their profile parameters due to improper authorization controls. A successful exploit could allow the authenticated attacker to control another extension number. | ||||
| CVE-2025-31173 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 8.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-58112 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.5 High |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2024-58111 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.5 High |
| Exception capture failure vulnerability in the SVG parsing module of the ArkUI framework Impact: Successful exploitation of this vulnerability may affect availability. | ||||
| CVE-2025-31172 | 1 Huawei | 1 Harmonyos | 2025-05-07 | 7.8 High |
| Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-22388 | 1 Hidglobal | 16 Iclass Se Cp1000 Encoder, Iclass Se Cp1000 Encoder Firmware, Iclass Se Processors and 13 more | 2025-05-07 | 5.9 Medium |
| Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. | ||||
| CVE-2022-3363 | 1 Ikus-soft | 1 Rdiffweb | 2025-05-07 | 9.8 Critical |
| Business Logic Errors in GitHub repository ikus060/rdiffweb prior to 2.5.0a7. | ||||
| CVE-2022-41799 | 1 Weseek | 1 Growi | 2025-05-07 | 6.5 Medium |
| Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to private by the other users. | ||||
| CVE-2024-29900 | 1 Openjsf | 1 Packager | 2025-05-07 | 7.5 High |
| Electron Packager bundles Electron-based application source code with a renamed Electron executable and supporting files into folders ready for distribution. A random segment of ~1-10kb of Node.js heap memory allocated either side of a known buffer will be leaked into the final executable. This memory _could_ contain sensitive information such as environment variables, secrets files, etc. This issue is patched in 18.3.1. | ||||
| CVE-2025-4269 | 1 Totolink | 2 A720r, A720r Firmware | 2025-05-07 | 6.5 Medium |
| A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-44776 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 6.5 Medium |
| A broken access control vulnerability in the SubNet_handler_func function of spx_restservice allows an attacker to arbitrarily change the security access rights to KVM and Virtual Media functionalities. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-44467 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 5.3 Medium |
| A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26733 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 5.3 Medium |
| A broken access control vulnerability in the FirstReset_handler_func function of spx_restservice allows an attacker to arbitrarily send reboot commands to the BMC, causing a Denial-of-Service (DoS) condition. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2021-26732 | 1 Lannerinc | 2 Iac-ast2500a, Iac-ast2500a Firmware | 2025-05-07 | 6.5 Medium |
| A broken access control vulnerability in the First_network_func function of spx_restservice allows an attacker to arbitrarily change the network configuration of the BMC. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0. | ||||
| CVE-2024-28214 | 1 Naver | 1 Ngrinder | 2025-05-07 | 2.7 Low |
| nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. | ||||
| CVE-2022-27583 | 1 Sick | 4 Flx3-cpuc1, Flx3-cpuc1 Firmware, Flx3-cpuc2 and 1 more | 2025-05-07 | 9.1 Critical |
| A remote unprivileged attacker can interact with the configuration interface of a Flexi-Compact FLX3-CPUC1 or FLX3-CPUC2 running an affected firmware version to potentially impact the availability of the FlexiCompact. | ||||
| CVE-2022-3304 | 1 Google | 1 Chrome | 2025-05-06 | 8.8 High |
| Use after free in CSS in Google Chrome prior to 106.0.5249.62 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | ||||