Export limit exceeded: 35583 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (35583 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-26313 | 1 Mendix | 1 Forgot Password | 2024-11-21 | 9.8 Critical |
| A vulnerability has been identified in Mendix Forgot Password Appstore module (All versions >= V3.3.0 < V3.5.1). In certain configurations of the affected product, a threat actor could use the sign up flow to hijack arbitrary user accounts. | ||||
| CVE-2022-26311 | 1 Couchbase | 1 Cloud Native Operator | 2024-11-21 | 7.5 High |
| Couchbase Operator 2.2.x before 2.2.3 exposes Sensitive Information to an Unauthorized Actor. Secrets are not redacted in logs collected from Kubernetes environments. | ||||
| CVE-2022-26296 | 1 Boom-core | 1 Risvc-boom | 2024-11-21 | 5.5 Medium |
| BOOM: The Berkeley Out-of-Order RISC-V Processor commit d77c2c3 was discovered to allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. | ||||
| CVE-2022-26273 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 9.8 Critical |
| EyouCMS v1.5.4 was discovered to lack parameter filtering in \user\controller\shop.php, leading to payment logic vulnerabilities. | ||||
| CVE-2022-26269 | 1 Globalsuzuki | 1 Suzuki Connect | 2024-11-21 | 4.6 Medium |
| Suzuki Connect v1.0.15 allows attackers to tamper with displayed messages via spoofed CAN messages. | ||||
| CVE-2022-26110 | 2 Debian, Wisc | 2 Debian Linux, Htcondor | 2024-11-21 | 8.8 High |
| An issue was discovered in HTCondor 8.8.x before 8.8.16, 9.0.x before 9.0.10, and 9.1.x before 9.6.0. When a user authenticates to an HTCondor daemon via the CLAIMTOBE method, the user can then impersonate any entity when issuing additional commands to that daemon. | ||||
| CVE-2022-26103 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.3 Medium |
| Under certain conditions, SAP NetWeaver (Real Time Messaging Framework) - version 7.50, allows an attacker to access information which could lead to information gathering for further exploits and attacks. | ||||
| CVE-2022-26078 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2024-11-21 | 7.5 High |
| Gallagher Controller 6000 is vulnerable to a Denial of Service attack via conflicting ARP packets with a duplicate IP address. This issue affects: Gallagher Gallagher Controller 6000 vCR8.60 versions prior to 220303a; vCR8.50 versions prior to 220303a; vCR8.40 versions prior to 220303a; vCR8.30 versions prior to 220303a. | ||||
| CVE-2022-25914 | 2 Jib Project, Redhat | 2 Jib, Migration Toolkit Runtimes | 2024-11-21 | 5.6 Medium |
| The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input. | ||||
| CVE-2022-25891 | 1 Containrrr | 1 Shoutrrr | 2024-11-21 | 7.5 High |
| The package github.com/containrrr/shoutrrr/pkg/util before 0.6.0 are vulnerable to Denial of Service (DoS) via the util.PartitionMessage function. Exploiting this vulnerability is possible by sending exactly 2000, 4000, or 6000 characters messages. | ||||
| CVE-2022-25815 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2022-25814 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||||
| CVE-2022-25780 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2024-11-21 | 4.3 Medium |
| Information Exposure vulnerability in web UI of Secomea GateManager allows logged in user to query devices outside own scope. | ||||
| CVE-2022-25641 | 2 Foxit, Microsoft | 4 Pdf Editor, Pdf Reader, Phantompdf and 1 more | 2024-11-21 | 5.5 Medium |
| Foxit PDF Reader before 11.2.2 and PDF Editor before 11.2.2, and PhantomPDF before 10.1.8, mishandle cross-reference information during compressed-object parsing within signed documents. This leads to delivery of incorrect signature information via an Incremental Saving Attack and a Shadow Attack. | ||||
| CVE-2022-25625 | 1 Broadcom | 1 Symantec Privileged Access Management | 2024-11-21 | 8.8 High |
| A malicious unauthorized PAM user can access the administration configuration data and change the values. | ||||
| CVE-2022-25623 | 1 Symantec | 1 Management Agent | 2024-11-21 | 7.8 High |
| The Symantec Management Agent is susceptible to a privilege escalation vulnerability. A low privilege local account can be elevated to the SYSTEM level through registry manipulations. | ||||
| CVE-2022-25594 | 1 Program | 1 Parking Lot Management System | 2024-11-21 | 5.3 Medium |
| Microprogram’s parking lot management system is vulnerable to sensitive information exposure. An unauthorized remote attacker can input specific URLs to acquire partial system configuration information. | ||||
| CVE-2022-25584 | 1 Flexwatch | 2 Fw3170-ps-e, Fw3170-ps-e Firmware | 2024-11-21 | 7.5 High |
| Seyeon Tech Co., Ltd FlexWATCH FW3170-PS-E Network Video System 4.23-3000_GY allows attackers to access sensitive information. | ||||
| CVE-2022-25571 | 1 Bluedon | 1 Internet Access Detector | 2024-11-21 | 7.5 High |
| Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors. | ||||
| CVE-2022-25511 | 1 Freetakserver-ui Project | 1 Freetakserver-ui | 2024-11-21 | 6.5 Medium |
| An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system. | ||||