Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10276 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-4129 | 3 Fedoraproject, Linux, Redhat | 5 Fedora, Layer 2 Tunneling Protocol, Enterprise Linux and 2 more | 2025-04-14 | 5.5 Medium |
| A flaw was found in the Linux kernel's Layer 2 Tunneling Protocol (L2TP). A missing lock when clearing sk_user_data can lead to a race condition and NULL pointer dereference. A local user could use this flaw to potentially crash the system causing a denial of service. | ||||
| CVE-2022-45895 | 1 Planetestream | 1 Planet Estream | 2025-04-14 | 6.5 Medium |
| Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure). | ||||
| CVE-2022-4505 | 1 Open-emr | 1 Openemr | 2025-04-14 | 8.8 High |
| Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | ||||
| CVE-2022-4446 | 1 Corebos | 1 Corebos | 2025-04-14 | 9.8 Critical |
| PHP Remote File Inclusion in GitHub repository tsolucio/corebos prior to 8.0. | ||||
| CVE-2022-4409 | 1 Phpmyfaq | 1 Phpmyfaq | 2025-04-14 | 7.5 High |
| Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository thorsten/phpmyfaq prior to 3.1.9. | ||||
| CVE-2022-4293 | 1 Vim | 1 Vim | 2025-04-14 | 5.5 Medium |
| Floating Point Comparison with Incorrect Operator in GitHub repository vim/vim prior to 9.0.0804. | ||||
| CVE-2020-12067 | 1 Pilz | 1 Pmc | 2025-04-14 | 7.5 High |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), a user's password may be changed by an attacker without knowledge of the current password. | ||||
| CVE-2019-9011 | 1 Pilz | 1 Pmc | 2025-04-14 | 5.3 Medium |
| In Pilz PMC programming tool 3.x before 3.5.17 (based on CODESYS Development System), an attacker can identify valid usernames. | ||||
| CVE-2022-41967 | 1 Hypera | 1 Dragonfly | 2025-04-14 | 7 High |
| Dragonfly is a Java runtime dependency management library. Dragonfly v0.3.0-SNAPSHOT does not configure DocumentBuilderFactory to prevent XML external entity (XXE) attacks. This issue is patched in 0.3.1-SNAPSHOT. As a workaround, since Dragonfly only parses XML `SNAPSHOT` versions are being resolved, this vulnerability may be avoided by not trying to resolve `SNAPSHOT` versions. | ||||
| CVE-2022-46179 | 1 Liuos Project | 1 Liuos | 2025-04-14 | 9.2 Critical |
| LiuOS is a small Python project meant to imitate the functions of a regular operating system. Version 0.1.0 and prior of LiuOS allow an attacker to set the GITHUB_ACTIONS environment variable to anything other than null or true and skip authentication checks. This issue is patched in the latest commit (c658b4f3e57258acf5f6207a90c2f2169698ae22) by requiring the var to be set to true, causing a test script to run instead of being able to login. A potential workaround is to check for the GITHUB_ACTIONS environment variable and set it to "" (no quotes) to null the variable and force credential checks. | ||||
| CVE-2021-43395 | 5 Illumos, Joyent, Omniosce and 2 more | 5 Illumos, Smartos, Omnios and 2 more | 2025-04-14 | 5.5 Medium |
| An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected. | ||||
| CVE-2023-36238 | 1 Webkul | 1 Bagisto | 2025-04-14 | 6.5 Medium |
| Insecure Direct Object Reference (IDOR) in Bagisto v.1.5.1 allows an attacker to obtain sensitive information via the invoice ID parameter. | ||||
| CVE-2024-24478 | 1 Wireshark | 1 Wireshark | 2025-04-14 | 7.5 High |
| An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. | ||||
| CVE-2014-0096 | 2 Apache, Redhat | 10 Tomcat, Enterprise Linux, Jboss Bpms and 7 more | 2025-04-12 | N/A |
| java/org/apache/catalina/servlets/DefaultServlet.java in the default servlet in Apache Tomcat before 6.0.40, 7.x before 7.0.53, and 8.x before 8.0.4 does not properly restrict XSLT stylesheets, which allows remote attackers to bypass security-manager restrictions and read arbitrary files via a crafted web application that provides an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2014-3609 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range values." | ||||
| CVE-2015-7558 | 2 Debian, Gnome | 2 Debian Linux, Librsvg | 2025-04-12 | N/A |
| librsvg before 2.40.12 allows context-dependent attackers to cause a denial of service (infinite loop, stack consumption, and application crash) via cyclic references in an SVG document. | ||||
| CVE-2015-5283 | 2 Linux, Redhat | 3 Linux Kernel, Enterprise Linux, Rhel Extras Rt | 2025-04-12 | N/A |
| The sctp_init function in net/sctp/protocol.c in the Linux kernel before 4.2.3 has an incorrect sequence of protocol-initialization steps, which allows local users to cause a denial of service (panic or memory corruption) by creating SCTP sockets before all of the steps have finished. | ||||
| CVE-2016-3974 | 1 Sap | 1 Netweaver Application Server Java | 2025-04-12 | 9.1 Critical |
| XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. | ||||
| CVE-2014-3242 | 1 Makina-corpus | 1 Soappy | 2025-04-12 | N/A |
| SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. | ||||
| CVE-2016-3948 | 2 Redhat, Squid-cache | 2 Enterprise Linux, Squid | 2025-04-12 | N/A |
| Squid 3.x before 3.5.16 and 4.x before 4.0.8 improperly perform bounds checking, which allows remote attackers to cause a denial of service via a crafted HTTP response, related to Vary headers. | ||||