Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-24123 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-18 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the wepauth parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-24122 | 1 Heimgardtechnologies | 2 Eagle 1200ac, Eagle 1200ac Firmware | 2025-03-18 | 6.5 Medium |
| Jensen of Scandinavia Eagle 1200AC V15.03.06.33_en was discovered to contain a stack overflow via the ssid_5g parameter at /goform/WifiBasicSet. | ||||
| CVE-2023-23007 | 1 Ecisp | 1 Espcms | 2025-03-18 | 7.2 High |
| An issue was discovered in ESPCMS P8.21120101 after logging in to the background, there is a SQL injection vulnerability in the function node where members are added. | ||||
| CVE-2023-20948 | 1 Google | 1 Android | 2025-03-18 | 7.5 High |
| In dropFramesUntilIframe of AAVCAssembler.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12L Android-13Android ID: A-230630526 | ||||
| CVE-2023-1095 | 2 Linux, Redhat | 7 Linux Kernel, Enterprise Linux, Rhel Aus and 4 more | 2025-03-18 | 5.5 Medium |
| In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. | ||||
| CVE-2023-0482 | 2 Netapp, Redhat | 10 Active Iq Unified Manager, Oncommand Workflow Automation, Amq Broker and 7 more | 2025-03-18 | 5.5 Medium |
| In RESTEasy the insecure File.createTempFile() is used in the DataSourceProvider, FileProvider and Mime4JWorkaround classes which creates temp files with insecure permissions that could be read by a local user. | ||||
| CVE-2022-48339 | 2 Gnu, Redhat | 3 Emacs, Enterprise Linux, Rhel Eus | 2025-03-18 | 7.8 High |
| An issue was discovered in GNU Emacs through 28.2. htmlfontify.el has a command injection vulnerability. In the hfy-istext-command function, the parameter file and parameter srcdir come from external input, and parameters are not escaped. If a file name or directory name contains shell metacharacters, code may be executed. | ||||
| CVE-2022-48338 | 2 Gnu, Redhat | 2 Emacs, Enterprise Linux | 2025-03-18 | 7.3 High |
| An issue was discovered in GNU Emacs through 28.2. In ruby-mode.el, the ruby-find-library-file function has a local command injection vulnerability. The ruby-find-library-file function is an interactive function, and bound to C-c C-f. Inside the function, the external command gem is called through shell-command-to-string, but the feature-name parameters are not escaped. Thus, malicious Ruby source files may cause commands to be executed. | ||||
| CVE-2022-48337 | 3 Debian, Gnu, Redhat | 4 Debian Linux, Emacs, Enterprise Linux and 1 more | 2025-03-18 | 9.8 Critical |
| GNU Emacs through 28.2 allows attackers to execute commands via shell metacharacters in the name of a source-code file, because lib-src/etags.c uses the system C library function in its implementation of the etags program. For example, a victim may use the "etags -u *" command (suggested in the etags documentation) in a situation where the current working directory has contents that depend on untrusted input. | ||||
| CVE-2022-48329 | 1 Misp | 1 Misp | 2025-03-18 | 9.8 Critical |
| MISP before 2.4.166 unsafely allows users to use the order parameter, related to app/Model/Attribute.php, app/Model/GalaxyCluster.php, app/Model/Workflow.php, and app/Plugin/Assets/models/behaviors/LogableBehavior.php. | ||||
| CVE-2022-48115 | 1 Jspreadsheet | 1 Jspreadsheet | 2025-03-18 | 6.1 Medium |
| The dropdown menu in jspreadsheet before v4.6.0 was discovered to be vulnerable to cross-site scripting (XSS). | ||||
| CVE-2022-45701 | 1 Commscope | 6 Arris Sbg10, Arris Sbg10 Firmware, Arris Tg2482a and 3 more | 2025-03-18 | 8.8 High |
| Arris TG2482A firmware through 9.1.103GEM9 allow Remote Code Execution (RCE) via the ping utility feature. | ||||
| CVE-2022-45551 | 1 Zbt | 2 We1626, We1626 Firmware | 2025-03-18 | 9.8 Critical |
| An issue discovered in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to escalate privileges via WGET command to the Network Diagnosis endpoint. | ||||
| CVE-2022-44216 | 1 Sir | 1 Gnuboard | 2025-03-18 | 7.5 High |
| Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. An attacker can change password of all users without knowing victim's original password. | ||||
| CVE-2022-40347 | 1 Intern Record System Project | 1 Intern Record System | 2025-03-18 | 9.8 Critical |
| SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2022-40032 | 1 Simple Task Managing System Project | 1 Simple Task Managing System | 2025-03-18 | 9.8 Critical |
| SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information. | ||||
| CVE-2022-32933 | 2 Apple, Redhat | 2 Macos, Enterprise Linux | 2025-03-18 | 5.3 Medium |
| An information disclosure issue was addressed by removing the vulnerable code. This issue is fixed in macOS Monterey 12.5. A website may be able to track the websites a user visited in Safari private browsing mode. | ||||
| CVE-2022-25978 | 1 Usememos | 1 Memos | 2025-03-18 | 5.4 Medium |
| All versions of the package github.com/usememos/memos/server are vulnerable to Cross-site Scripting (XSS) due to insufficient checks on external resources, which allows malicious actors to introduce links starting with a javascript: scheme. | ||||
| CVE-2021-26344 | 1 Amd | 141 Epyc 7001, Epyc 7001 Firmware, Epyc 7203 and 138 more | 2025-03-18 | 7.2 High |
| An out of bounds memory write when processing the AMD PSP1 Configuration Block (APCB) could allow an attacker with access the ability to modify the BIOS image, and the ability to sign the resulting image, to potentially modify the APCB block resulting in arbitrary code execution. | ||||
| CVE-2025-26940 | 2025-03-18 | 6.3 Medium | ||
| Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2. | ||||