Search
Search Results (327990 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-46756 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46755 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46754 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2025-46753 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2018-13372 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2017-7740 | 2025-04-29 | N/A | ||
| Not used | ||||
| CVE-2022-34830 | 1 Arm | 1 Utgard Gpu Kernel Driver | 2025-04-28 | 7.5 High |
| An Arm product family through 2022-06-29 has a TOCTOU Race Condition that allows non-privileged user to make improper GPU processing operations to gain access to already freed memory. | ||||
| CVE-2021-46854 | 1 Proftpd | 1 Proftpd | 2025-04-28 | 7.5 High |
| mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. | ||||
| CVE-2021-43258 | 1 Churchdb | 1 Churchinfo | 2025-04-28 | 8.8 High |
| CartView.php in ChurchInfo 1.3.0 allows attackers to achieve remote code execution through insecure uploads. This requires authenticated access tot he ChurchInfo application. Once authenticated, a user can add names to their cart, and compose an email. Uploading an attachment for the email stores the attachment on the site in the /tmp_attach/ folder where it can be accessed with a GET request. There are no limitations on files that can be attached, allowing for malicious PHP code to be uploaded and interpreted by the server. | ||||
| CVE-2021-35284 | 1 Cms-php Project | 1 Cms-php | 2025-04-28 | 9.8 Critical |
| SQL Injection vulnerability in function get_user in login_manager.php in rizalafani cms-php v1. | ||||
| CVE-2022-3737 | 1 Phoenixcontact | 1 Automationworx Software Suite | 2025-04-28 | 7.8 High |
| In PHOENIX CONTACT Automationworx Software Suite up to version 1.89 memory can be read beyond the intended scope due to insufficient validation of input data. Availability, integrity, or confidentiality of an application programming workstation might be compromised by attacks using these vulnerabilities. | ||||
| CVE-2022-40772 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | 6.5 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to a validation bypass that allows users to access sensitive data via the report module. | ||||
| CVE-2022-40771 | 1 Zohocorp | 4 Manageengine Assetexplorer, Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp and 1 more | 2025-04-28 | 4.9 Medium |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to an XML External Entity attack that leads to Information Disclosure. | ||||
| CVE-2022-40770 | 1 Zohocorp | 3 Manageengine Servicedesk Plus, Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-04-28 | 7.2 High |
| Zoho ManageEngine ServiceDesk Plus versions 13010 and prior are vulnerable to authenticated command injection. This can be exploited by high-privileged users. | ||||
| CVE-2022-40304 | 4 Apple, Netapp, Redhat and 1 more | 25 Ipados, Iphone Os, Macos and 22 more | 2025-04-28 | 7.8 High |
| An issue was discovered in libxml2 before 2.10.3. Certain invalid XML entity definitions can corrupt a hash table key, potentially leading to subsequent logic errors. In one case, a double-free can be provoked. | ||||
| CVE-2022-35501 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Stored Cross-site Scripting (XSS) exists in the Amasty Blog Pro 2.10.3 and 2.10.4 plugin for Magento 2 because of the duplicate post function. | ||||
| CVE-2022-35500 | 1 Amasty | 1 Blog Pro | 2025-04-28 | 5.4 Medium |
| Amasty Blog 2.10.3 is vulnerable to Cross Site Scripting (XSS) via leave comment functionality. | ||||
| CVE-2022-42000 | 1 Hallowelt | 1 Bluespice | 2025-04-28 | 3.3 Low |
| Cross-site Scripting (XSS) vulnerability in BlueSpiceSocialProfile extension of BlueSpice allows user with comment permissions to inject arbitrary HTML into the comment section of a wikipage. | ||||
| CVE-2022-4067 | 1 Librenms | 1 Librenms | 2025-04-28 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. | ||||
| CVE-2022-45939 | 4 Debian, Fedoraproject, Gnu and 1 more | 5 Debian Linux, Fedora, Emacs and 2 more | 2025-04-28 | 7.8 High |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the ctags program. For example, a victim may use the "ctags *" command (suggested in the ctags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||