Search
Search Results (328883 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-37795 | 2025-05-10 | 7.1 High | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2024-50016 | 2025-05-10 | 5.5 Medium | ||
| This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | ||||
| CVE-2025-4175 | 2025-05-10 | 6.3 Medium | ||
| A vulnerability, which was classified as critical, was found in AlanBinu007 Spring-Boot-Advanced-Projects up to 3.1.3. This affects the function uploadUserProfileImage of the file /Spring-Boot-Advanced-Projects-main/Project-4.SpringBoot-AWS-S3/backend/src/main/java/com/urunov/profile/UserProfileController.java of the component Upload Profile API Endpoint. The manipulation of the argument File leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2025-47770 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47769 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47768 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47767 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47766 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47765 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47764 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47763 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2025-47762 | 2025-05-10 | N/A | ||
| Not used | ||||
| CVE-2022-42983 | 1 Anji-plus | 1 Aj-report | 2025-05-10 | 8.8 High |
| anji-plus AJ-Report 0.9.8.6 allows remote attackers to bypass login authentication by spoofing JWT Tokens. | ||||
| CVE-2022-42980 | 1 Go-admin | 1 Go-admin | 2025-05-10 | 9.8 Critical |
| go-admin (aka GO Admin) 2.0.12 uses the string go-admin as a production JWT key. | ||||
| CVE-2022-42975 | 1 Phoenixframework | 1 Phoenix | 2025-05-10 | 7.5 High |
| socket/transport.ex in Phoenix before 1.6.14 mishandles check_origin wildcarding. NOTE: LiveView applications are unaffected by default because of the presence of a LiveView CSRF token. | ||||
| CVE-2022-42237 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2025-05-10 | 9.8 Critical |
| A SQL Injection issue in Merchandise Online Store v.1.0 allows an attacker to log in to the admin account. | ||||
| CVE-2022-42114 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-10 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the Role module's edit role assignees page in Liferay Portal 7.4.0 through 7.4.3.36, and Liferay DXP 7.4 before update 37 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2022-42113 | 1 Liferay | 2 Dxp, Liferay Portal | 2025-05-10 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in Document Library module in Liferay Portal 7.4.3.30 through 7.4.3.36, and Liferay DXP 7.4 update 30 through update 36 allows remote attackers to inject arbitrary web script or HTML via the `redirect` parameter. | ||||
| CVE-2022-41547 | 1 Opensecurity | 1 Mobile Security Framework | 2025-05-10 | 7.5 High |
| Mobile Security Framework (MobSF) v0.9.2 and below was discovered to contain a local file inclusion (LFI) vulnerability in the StaticAnalyzer/views.py script. This vulnerability allows attackers to read arbitrary files via a crafted HTTP request. | ||||
| CVE-2022-3368 | 1 Avira | 1 Avira Security | 2025-05-10 | 7.3 High |
| A vulnerability within the Software Updater functionality of Avira Security for Windows allowed an attacker with write access to the filesystem, to escalate his privileges in certain scenarios. The issue was fixed with Avira Security version 1.1.72.30556. | ||||