Export limit exceeded: 346915 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10837 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10837 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-41971 | 1 Nextcloud | 1 Nextcloud Talk | 2025-04-23 | 4.8 Medium |
| Nextcould Talk android is a video and audio conferencing app for Nextcloud. Prior to versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0, guests can continue to receive video streams from a call after being removed from a conversation. An attacker would be able to see videos on a call in a public conversation after being removed from that conversation, provided that they were removed while being in the call. Versions 12.2.8, 13.0.10, 14.0.6, and 15.0.0 contain patches for the issue. No known workarounds are available. | ||||
| CVE-2022-46164 | 1 Nodebb | 1 Nodebb | 2025-04-23 | 9.4 Critical |
| NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised to upgrade. Users unable to upgrade may cherry-pick commit `48d143921753914da45926cca6370a92ed0c46b8` into their codebase to patch the exploit. | ||||
| CVE-2022-44488 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2025-04-23 | 3.5 Low |
| Adobe Experience Manager version 6.5.14 (and earlier) is affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. A low-privilege authenticated attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | ||||
| CVE-2022-46683 | 1 Jenkins | 1 Google Login | 2025-04-23 | 6.1 Medium |
| Jenkins Google Login Plugin 1.4 through 1.6 (both inclusive) improperly determines that a redirect URL after login is legitimately pointing to Jenkins. | ||||
| CVE-2022-46682 | 1 Jenkins | 1 Plot | 2025-04-23 | 9.8 Critical |
| Jenkins Plot Plugin 2.1.11 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks. | ||||
| CVE-2022-38765 | 1 Canon | 1 Vitrea View | 2025-04-23 | 6.5 Medium |
| Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. An authenticated user is able to gain unauthorized access to imaging records by tampering with the vitrea-view/studies/search patientId parameter. | ||||
| CVE-2022-38599 | 1 Goteleport | 1 Teleport | 2025-04-23 | 6.5 Medium |
| Teleport v3.2.2, Teleport v3.5.6-rc6, and Teleport v3.6.3-b2 was discovered to contain an information leak via the /user/get-role-list web interface. | ||||
| CVE-2022-43901 | 1 Ibm | 1 Websphere Automation For Ibm Cloud Pak For Watson Aiops | 2025-04-23 | 5.7 Medium |
| IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps 1.4.3 could disclose sensitive information. An authenticated local attacker could exploit this vulnerability to possibly gain information to other IBM WebSphere Automation for IBM Cloud Pak for Watson AIOps components. IBM X-Force ID: 240829. | ||||
| CVE-2022-45326 | 1 Kwoksys | 1 Information Server | 2025-04-23 | 4.9 Medium |
| An XML external entity (XXE) injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery (SSRF) attacks. | ||||
| CVE-2022-42329 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-23 | 5.5 Medium |
| Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | ||||
| CVE-2022-42328 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-04-23 | 6.2 Medium |
| Guests can trigger deadlock in Linux netback driver T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] The patch for XSA-392 introduced another issue which might result in a deadlock when trying to free the SKB of a packet dropped due to the XSA-392 handling (CVE-2022-42328). Additionally when dropping packages for other reasons the same deadlock could occur in case of netpoll being active for the interface the xen-netback driver is connected to (CVE-2022-42329). | ||||
| CVE-2021-38997 | 1 Ibm | 1 Api Connect | 2025-04-23 | 5.4 Medium |
| IBM API Connect V10.0.0.0 through V10.0.5.0, V10.0.1.0 through V10.0.1.7, and V2018.4.1.0 through 2018.4.1.19 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 213212. | ||||
| CVE-2024-35048 | 2 Javahuang, Surveyking | 2 Surveyking, Surveyking | 2025-04-23 | 4.3 Medium |
| An issue in SurveyKing v1.3.1 allows attackers to execute a session replay attack after a user changes their password. | ||||
| CVE-2024-35049 | 1 Surveyking | 1 Surveyking | 2025-04-23 | 9.1 Critical |
| SurveyKing v1.3.1 was discovered to keep users' sessions active after logout. Related to an incomplete fix for CVE-2022-25590. | ||||
| CVE-2024-35050 | 1 Surveyking | 1 Surveyking | 2025-04-23 | 8.8 High |
| An issue in SurveyKing v1.3.1 allows attackers to escalate privileges via re-using the session ID of a user that was deleted by an Admin. | ||||
| CVE-2022-45292 | 1 Funkwhale | 1 Funkwhale | 2025-04-23 | 5.3 Medium |
| User invites for Funkwhale v1.2.8 do not permanently expire after being used for signup and can be used again after an account has been deleted. | ||||
| CVE-2022-41559 | 1 Tibco | 1 Nimbus | 2025-04-22 | 9.3 Critical |
| The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains an easily exploitable vulnerability that allows an unauthenticated attacker with network access to exploit an open redirect on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: version 10.5.0. | ||||
| CVE-2022-3259 | 1 Redhat | 1 Openshift | 2025-04-22 | 7.4 High |
| Openshift 4.9 does not use HTTP Strict Transport Security (HSTS) which may allow man-in-the-middle (MITM) attacks. | ||||
| CVE-2022-46828 | 2 Apple, Jetbrains | 2 Macos, Intellij Idea | 2025-04-22 | 5.2 Medium |
| In JetBrains IntelliJ IDEA before 2022.3 a DYLIB injection on macOS was possible. | ||||
| CVE-2022-23582 | 1 Google | 1 Tensorflow | 2025-04-22 | 6.5 Medium |
| Tensorflow is an Open Source Machine Learning Framework. A malicious user can cause a denial of service by altering a `SavedModel` such that `TensorByteSize` would trigger `CHECK` failures. `TensorShape` constructor throws a `CHECK`-fail if shape is partial or has a number of elements that would overflow the size of an `int`. The `PartialTensorShape` constructor instead does not cause a `CHECK`-abort if the shape is partial, which is exactly what this function needs to be able to return `-1`. The fix will be included in TensorFlow 2.8.0. We will also cherrypick this commit on TensorFlow 2.7.1, TensorFlow 2.6.3, and TensorFlow 2.5.3, as these are also affected and still in supported range. | ||||