Export limit exceeded: 345237 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (29894 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-34458 | 1 Dell | 3 Alienware Update, Command Update, Update | 2025-03-27 | 6.6 Medium |
| Dell Command | Update, Dell Update, and Alienware Update versions prior to 4.7 contain a Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in download operation component. A local malicious user could potentially exploit this vulnerability leading to the disclosure of confidential data. | ||||
| CVE-2022-45097 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-27 | 6.3 Medium |
| Dell PowerScale OneFS 9.0.0.x-9.4.0.x contains an Incorrect User Management vulnerability. A low privileged network attacker could potentially exploit this vulnerability, leading to escalation of privileges, and information disclosure. | ||||
| CVE-2022-48164 | 1 Wavlink | 2 Wl-wn533a8, Wl-wn533a8 Firmware | 2025-03-26 | 7.5 High |
| An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. | ||||
| CVE-2022-46679 | 1 Dell | 1 Emc Powerscale Onefs | 2025-03-26 | 6.5 Medium |
| Dell PowerScale OneFS 8.2.x, 9.0.0.x - 9.4.0.x, contain an insufficient resource pool vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. | ||||
| CVE-2022-33323 | 1 Mitsubishielectric | 102 Rh-12fh55, Rh-12fh55 Firmware, Rh-12fh70 and 99 more | 2025-03-26 | 7.5 High |
| Active Debug Code vulnerability in robot controller of Mitsubishi Electric Corporation industrial robot MELFA SD/SQ Series and MELFA F-Series allows a remote unauthenticated attacker to gain unauthorized access by authentication bypass through an unauthorized telnet login. As for the affected model names, controller types and firmware versions, see the Mitsubishi Electric's advisory which is listed in [References] section. | ||||
| CVE-2022-25338 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 6.8 Medium |
| ownCloud owncloud/android before 2.20 has Incorrect Access Control for physically proximate attackers. | ||||
| CVE-2022-25339 | 1 Owncloud | 1 Owncloud Client | 2025-03-26 | 5.5 Medium |
| ownCloud owncloud/android 2.20 has Incorrect Access Control for local attackers. | ||||
| CVE-2022-47070 | 1 Nvs365 | 2 Nvs-365-v01, Nvs-365-v01 Firmware | 2025-03-26 | 7.5 High |
| NVS365 V01 is vulnerable to Incorrect Access Control. After entering a wrong password, the url will be sent to the server twice. In the second package, the server will return the correct password information. | ||||
| CVE-2022-34446 | 1 Dell | 1 Powerpath Management Appliance | 2025-03-26 | 8.8 High |
| PowerPath Management Appliance with versions 3.3 & 3.2* contains Authorization Bypass vulnerability. An authenticated remote user with limited privileges (e.g., of role Monitoring) can exploit this issue and gain access to sensitive information, and modify the configuration. | ||||
| CVE-2022-43665 | 1 Estsoft | 1 Alyac | 2025-03-26 | 5.5 Medium |
| A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can lead to killing target process. An attacker can provide a malicious file to trigger this vulnerability. | ||||
| CVE-2022-25855 | 1 Create-choo-app3 Project | 1 Create-choo-app3 | 2025-03-25 | 7.4 High |
| All versions of the package create-choo-app3 are vulnerable to Command Injection via the devInstall function due to improper user-input sanitization. | ||||
| CVE-2022-25853 | 1 Semver-tags Project | 1 Semver-tags | 2025-03-25 | 7.4 High |
| All versions of the package semver-tags are vulnerable to Command Injection via the getGitTagsRemote function due to improper input sanitization. | ||||
| CVE-2023-51712 | 1 Arm | 1 Trusted Firmware-m | 2025-03-25 | 4.7 Medium |
| An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function. | ||||
| CVE-2024-6201 | 1 Haloservicesolutions | 1 Haloitsm | 2025-03-25 | 5.3 Medium |
| HaloITSM versions up to 2.146.1 are affected by a Template Injection vulnerability within the engine used to generate emails. This can lead to the leakage of potentially sensitive information. HaloITSM versions past 2.146.1 (and patches starting from 2.143.61 ) fix the mentioned vulnerability. | ||||
| CVE-2022-46663 | 3 Fedoraproject, Gnu, Redhat | 3 Fedora, Less, Enterprise Linux | 2025-03-25 | 7.5 High |
| In GNU Less before 609, crafted data can result in "less -R" not filtering ANSI escape sequences sent to the terminal. | ||||
| CVE-2020-4316 | 1 Ibm | 1 Engineering Lifecycle Optimization - Publishing | 2025-03-25 | 4.7 Medium |
| IBM Publishing Engine 6.0.6, 6.0.6.1, and 7.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 177354. | ||||
| CVE-2023-0744 | 1 Answer | 1 Answer | 2025-03-25 | 9.8 Critical |
| Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4. | ||||
| CVE-2021-39017 | 3 Ibm, Linux, Microsoft | 4 Engineering Lifecycle Optimization - Publishing, Engineering Lifecycle Optimization Publishing, Linux Kernel and 1 more | 2025-03-25 | 6.5 Medium |
| IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to upload arbitrary files, caused by improper access controls. IBM X-Force ID: 213725. | ||||
| CVE-2022-44566 | 2 Activerecord Project, Redhat | 2 Activerecord, Satellite | 2025-03-25 | 7.5 High |
| A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | ||||
| CVE-2023-0002 | 2 Microsoft, Paloaltonetworks | 2 Windows, Cortex Xdr Agent | 2025-03-25 | 5.5 Medium |
| A problem with a protection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices allows a local user to execute privileged cytool commands that disable or uninstall the agent. | ||||