Export limit exceeded: 25189 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (25189 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-45060 | 5 Debian, Fedoraproject, Redhat and 2 more | 11 Debian Linux, Fedora, Enterprise Linux and 8 more | 2025-05-01 | 7.5 High |
| An HTTP Request Forgery issue was discovered in Varnish Cache 5.x and 6.x before 6.0.11, 7.x before 7.1.2, and 7.2.x before 7.2.1. An attacker may introduce characters through HTTP/2 pseudo-headers that are invalid in the context of an HTTP/1 request line, causing the Varnish server to produce invalid HTTP/1 requests to the backend. This could, in turn, be used to exploit vulnerabilities in a server behind the Varnish server. Note: the 6.0.x LTS series (before 6.0.11) is affected. | ||||
| CVE-2022-27674 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | 7.5 High |
| Insufficient validation in the IOCTL input/output buffer in AMD μProf may allow an attacker to bypass bounds checks potentially leading to a Windows kernel crash resulting in denial of service. | ||||
| CVE-2022-23831 | 4 Amd, Freebsd, Linux and 1 more | 4 Amd Uprof, Freebsd, Linux Kernel and 1 more | 2025-05-01 | 7.5 High |
| Insufficient validation of the IOCTL input buffer in AMD μProf may allow an attacker to send an arbitrary buffer leading to a potential Windows kernel crash resulting in denial of service. | ||||
| CVE-2022-44553 | 1 Huawei | 2 Emui, Harmonyos | 2025-05-01 | 5.3 Medium |
| The HiView module has a vulnerability of not filtering third-party apps out when the HiView module traverses to invoke the system provider. Successful exploitation of this vulnerability may cause third-party apps to start periodically. | ||||
| CVE-2022-40773 | 1 Zohocorp | 2 Manageengine Servicedesk Plus Msp, Manageengine Supportcenter Plus | 2025-05-01 | 8.8 High |
| Zoho ManageEngine ServiceDesk Plus MSP before 10609 and SupportCenter Plus before 11025 are vulnerable to privilege escalation. This allows users to obtain sensitive data during an exportMickeyList export of requests from the list view. | ||||
| CVE-2022-38385 | 2 Ibm, Linux | 2 Cloud Pak For Security, Linux Kernel | 2025-05-01 | 7.1 High |
| IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.2.0 could allow an authenticated user to obtain highly sensitive information or perform unauthorized actions due to improper input validation. IBM X-Force ID: 233777. | ||||
| CVE-2022-31772 | 5 Hp, Ibm, Linux and 2 more | 8 Hp-ux, Aix, I and 5 more | 2025-05-01 | 5.3 Medium |
| IBM MQ 8.0, 9.0 LTS, 9.1 CD, 9.1 LTS, 9.2 CD, and 9.2 LTS could allow an authenticated and authorized user to cause a denial of service to the MQTT channels. IBM X-Force ID: 228335. | ||||
| CVE-2021-22939 | 6 Debian, Netapp, Nodejs and 3 more | 11 Debian Linux, Nextgen Api, Node.js and 8 more | 2025-04-30 | 5.3 Medium |
| If the Node.js https API was used incorrectly and "undefined" was in passed for the "rejectUnauthorized" parameter, no error was returned and connections to servers with an expired certificate would have been accepted. | ||||
| CVE-2021-22931 | 5 Netapp, Nodejs, Oracle and 2 more | 13 Active Iq Unified Manager, Nextgen Api, Oncommand Insight and 10 more | 2025-04-30 | 9.8 Critical |
| Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. | ||||
| CVE-2021-22884 | 6 Fedoraproject, Netapp, Nodejs and 3 more | 16 Fedora, Active Iq Unified Manager, E-series Performance Analyzer and 13 more | 2025-04-30 | 7.5 High |
| Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6” is not present in /etc/hosts, it is just an ordinary domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or can spoof its responses, the DNS rebinding protection can be bypassed by using the “localhost6” domain. As long as the attacker uses the “localhost6” domain, they can still apply the attack described in CVE-2018-7160. | ||||
| CVE-2019-15606 | 5 Debian, Nodejs, Opensuse and 2 more | 9 Debian Linux, Node.js, Leap and 6 more | 2025-04-30 | 9.8 Critical |
| Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons | ||||
| CVE-2021-44155 | 1 Reprisesoftware | 1 Reprise License Manager | 2025-04-30 | 5.3 Medium |
| An issue was discovered in /goform/login_process in Reprise RLM 14.2. When an attacker attempts to login, the response if a username is valid includes Login Failed, but does not include this string if the username is invalid. This allows an attacker to enumerate valid users. | ||||
| CVE-2022-27949 | 1 Apache | 1 Airflow | 2025-04-30 | 7.5 High |
| A vulnerability in UI of Apache Airflow allows an attacker to view unmasked secrets in rendered template values for tasks which were not executed (for example when they were depending on past and previous instances of the task failed). This issue affects Apache Airflow prior to 2.3.1. | ||||
| CVE-2022-34312 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4 Medium |
| IBM CICS TX 11.1 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: 229447. | ||||
| CVE-2024-26470 | 1 Fullstackhero | 1 .net 9 Starter Kit | 2025-04-30 | 8.1 High |
| A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. | ||||
| CVE-2024-20056 | 4 Google, Mediatek, Openwrt and 1 more | 30 Android, Mt6739, Mt6761 and 27 more | 2025-04-30 | 6.7 Medium |
| In preloader, there is a possible escalation of privilege due to an insecure default value. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528185; Issue ID: ALPS08528185. | ||||
| CVE-2022-45163 | 1 Nxp | 46 I.mx 6, I.mx 6 Firmware, I.mx 6dual and 43 more | 2025-04-30 | 5.3 Medium |
| An information-disclosure vulnerability exists on select NXP devices when configured in Serial Download Protocol (SDP) mode: i.MX RT 1010, i.MX RT 1015, i.MX RT 1020, i.MX RT 1050, i.MX RT 1060, i.MX 6 Family, i.MX 7Dual/Solo, i.MX 7ULP, i.MX 8M Quad, i.MX 8M Mini, and Vybrid. In a device security-enabled configuration, memory contents could potentially leak to physically proximate attackers via the respective SDP port in cold and warm boot attacks. (The recommended mitigation is to completely disable the SDP mode by programming a one-time programmable eFUSE. Customers can contact NXP for additional information.) | ||||
| CVE-2022-42132 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2025-04-30 | 5.9 Medium |
| The Test LDAP Users functionality in Liferay Portal 7.0.0 through 7.4.3.4, and Liferay DXP 7.0 fix pack 102 and earlier, 7.1 before fix pack 27, 7.2 before fix pack 17, 7.3 before update 4, and DXP 7.4 GA includes the LDAP credential in the page URL when paginating through the list of users, which allows man-in-the-middle attackers or attackers with access to the request logs to see the LDAP credential. | ||||
| CVE-2022-20459 | 1 Google | 1 Android | 2025-04-30 | 6.7 Medium |
| In (TBD) of (TBD), there is a possible way to redirect code execution due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-239556260References: N/A | ||||
| CVE-2022-34314 | 1 Ibm | 1 Cics Tx | 2025-04-30 | 4 Medium |
| IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450. | ||||