Total
286780 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-0751 | 1 Freebsd | 1 Freebsd | 2025-03-25 | 6.5 Medium |
| When GELI reads a key file from standard input, it does not reuse the key file to initialize multiple providers at once resulting in the second and subsequent devices silently using a NULL key as the user key file. If a user only uses a key file without a user passphrase, the master key is encrypted with an empty key file allowing trivial recovery of the master key. | ||||
| CVE-2022-48299 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The WMS module lacks the authentication mechanism in some APIs. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-48298 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The geofencing kernel code does not verify the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | ||||
| CVE-2022-48297 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The geofencing kernel code has a vulnerability of not verifying the length of the input data. Successful exploitation of this vulnerability may cause out-of-bounds memory access. | ||||
| CVE-2022-48296 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 5.3 Medium |
| The SystemUI has a vulnerability in permission management. Successful exploitation of this vulnerability may cause users to receive broadcasts from malicious apps, conveying false alarm information about external storage devices. | ||||
| CVE-2022-48295 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The IHwAntiMalPlugin interface lacks permission verification. Successful exploitation of this vulnerability can lead to filling problems (batch installation of applications). | ||||
| CVE-2022-48286 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-25 | 7.5 High |
| The multi-screen collaboration module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality. | ||||
| CVE-2022-47419 | 1 Mayan-edms | 1 Mayan Edms | 2025-03-25 | 5.4 Medium |
| An XSS vulnerability was discovered in the Mayan EDMS DMS. Successful XSS exploitation was observed in the in-product tagging system. | ||||
| CVE-2022-47416 | 1 Logicaldoc | 1 Logicaldoc | 2025-03-25 | 5.4 Medium |
| LogicalDOC Enterprise is vulnerable to a stored (persistent, or "Type II") cross-site scripting (XSS) condition in the in-app chat system. | ||||
| CVE-2022-45982 | 1 Thinkphp | 1 Thinkphp | 2025-03-25 | 9.8 Critical |
| thinkphp 6.0.0~6.0.13 and 6.1.0~6.1.1 contains a deserialization vulnerability. This vulnerability allows attackers to execute arbitrary code via a crafted payload. | ||||
| CVE-2022-44566 | 2 Activerecord Project, Redhat | 2 Activerecord, Satellite | 2025-03-25 | 7.5 High |
| A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. | ||||
| CVE-2022-43550 | 2 Jitsi, Microsoft | 2 Jitsi, Windows | 2025-03-25 | 9.8 Critical |
| A command injection vulnerability exists in Jitsi before commit 8aa7be58522f4264078d54752aae5483bfd854b2 when launching browsers on Windows which could allow an attacker to insert an arbitrary URL which opens up the opportunity to remote execution. | ||||
| CVE-2022-30564 | 1 Dahuasecurity | 194 Ipc-hf5241f-ze, Ipc-hf5241f-ze Firmware, Ipc-hf5442f-ze and 191 more | 2025-03-25 | 5.3 Medium |
| Some Dahua embedded products have a vulnerability of unauthorized modification of the device timestamp. By sending a specially crafted packet to the vulnerable interface, an attacker can modify the device system time. | ||||
| CVE-2022-2094 | 1 Yellowyard | 1 Yellow Yard Searchbar | 2025-03-25 | 6.1 Medium |
| The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting | ||||
| CVE-2022-41312 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-03-25 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="Switch Description", name "switch_description" | ||||
| CVE-2022-41313 | 1 Moxa | 4 Sds-3008, Sds-3008-t, Sds-3008-t Firmware and 1 more | 2025-03-25 | 5.4 Medium |
| A stored cross-site scripting vulnerability exists in the web application functionality of Moxa SDS-3008 Series Industrial Ethernet Switch 2.1. A specially-crafted HTTP request can lead to arbitrary Javascript execution. An attacker can send an HTTP request to trigger this vulnerability.Form field id="switch_contact" | ||||
| CVE-2023-0732 | 1 Oretnom23 | 1 Online Eyewear Shop | 2025-03-25 | 3.5 Low |
| A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the argument firstname/middlename/lastname/email/contact leads to cross site scripting. The attack can be launched remotely. The identifier VDB-220369 was assigned to this vulnerability. | ||||
| CVE-2024-51448 | 1 Ibm | 1 Robotic Process Automation | 2025-03-25 | 6.7 Medium |
| IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | ||||
| CVE-2023-0747 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 5.5 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||
| CVE-2023-0748 | 1 Btcpayserver | 1 Btcpayserver | 2025-03-25 | 6.4 Medium |
| Open Redirect in GitHub repository btcpayserver/btcpayserver prior to 1.7.6. | ||||