Export limit exceeded: 365292 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (8864 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-23466 | 1 Mediacp | 1 Media Control Panel | 2025-03-19 | 6.5 Medium |
| Media CP Media Control Panel latest version. Insufficiently protected credential change. | ||||
| CVE-2023-23463 | 1 Sunellsecurity | 14 Sn-adr3804e1, Sn-adr3804e1 Firmware, Sn-adr3808e1 and 11 more | 2025-03-19 | 5.3 Medium |
| Sunell DVR, latest version, Insufficiently Protected Credentials (CWE-522) may be exposed through an unspecified request. | ||||
| CVE-2022-43969 | 1 Ricoh | 154 Im 2500, Im 2500 Firmware, Im 2702 and 151 more | 2025-03-19 | 9.1 Critical |
| Ricoh mp_c4504ex devices with firmware 1.06 mishandle credentials. | ||||
| CVE-2025-26473 | 1 Outbackpower | 2 Mojave Inverter Oghi8048a, Mojave Inverter Oghi8048a Firmware | 2025-03-19 | 7.5 High |
| The Mojave Inverter uses the GET method for sensitive information. | ||||
| CVE-2022-38714 | 1 Ibm | 2 Cloud Pak For Data, Datastage | 2025-03-18 | 4.9 Medium |
| IBM DataStage on Cloud Pak for Data 4.0.6 to 4.5.2 stores sensitive credential information that can be read by a privileged user. IBM X-Force ID: 235060. | ||||
| CVE-2022-47503 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47504 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2022-47507 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2024-40596 | 1 Mediawiki | 1 Mediawiki | 2025-03-18 | 4.3 Medium |
| An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.) | ||||
| CVE-2023-23836 | 1 Solarwinds | 1 Orion Platform | 2025-03-18 | 7.2 High |
| SolarWinds Platform version 2022.4.1 was found to be susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to the SolarWinds Web Console to execute arbitrary commands. | ||||
| CVE-2023-24498 | 1 Netgear | 2 Prosafe Fs726tp, Prosafe Fs726tp Firmware | 2025-03-18 | 7.5 High |
| An uspecified endpoint in the web server of the switch does not properly authenticate the user identity, and may allow downloading a config page with the password to the switch in clear text. | ||||
| CVE-2023-26234 | 1 Jd-gui Project | 1 Jd-gui | 2025-03-17 | 6.6 Medium |
| JD-GUI 1.6.6 allows deserialization via UIMainWindowPreferencesProvider.singleInstance. | ||||
| CVE-2022-45599 | 1 Aztech | 2 Wmb250ac, Wmb250ac Firmware | 2025-03-17 | 9.8 Critical |
| Aztech WMB250AC Mesh Routers Firmware Version 016 2020 is vulnerable to PHP Type Juggling in file /var/www/login.php, allows attackers to gain escalated privileges only when specific conditions regarding a given accounts hashed password. | ||||
| CVE-2022-37936 | 1 Hpe | 1 Serviceguard For Linux | 2025-03-17 | 9.8 Critical |
| Unauthenticated Java deserialization vulnerability in Serviceguard Manager | ||||
| CVE-2024-7421 | 1 Devolutions | 1 Remote Desktop Manager | 2025-03-17 | 5.5 Medium |
| An information exposure in Devolutions Remote Desktop Manager 2024.2.20.0 and earlier on Windows allows local attackers with access to system logs to obtain session credentials via passwords included in command-line arguments when launching WinSCP sessions | ||||
| CVE-2023-52360 | 1 Huawei | 2 Emui, Harmonyos | 2025-03-17 | 7.5 High |
| Logic vulnerabilities in the baseband.Successful exploitation of this vulnerability may affect service integrity. | ||||
| CVE-2024-57957 | 1 Huawei | 1 Harmonyos | 2025-03-17 | 6.6 Medium |
| Vulnerability of improper log information control in the UI framework module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | ||||
| CVE-2024-46943 | 1 Opendaylight | 2 Aaa, Authentication\, Authorization And Accounting | 2025-03-14 | 9.1 Critical |
| An issue was discovered in OpenDaylight Authentication, Authorization and Accounting (AAA) through 0.19.3. A rogue controller can join a cluster to impersonate an offline peer, even if this rogue controller does not possess the complete cluster configuration information. | ||||
| CVE-2023-41916 | 1 Apache | 1 Linkis | 2025-03-14 | 6.5 Medium |
| In Apache Linkis =1.4.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will trigger arbitrary file reading. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis = 1.4.0 will be affected. We recommend users upgrade the version of Linkis to version 1.5.0. | ||||
| CVE-2024-47805 | 1 Jenkins | 1 Credentials | 2025-03-14 | 7.5 High |
| Jenkins Credentials Plugin 1380.va_435002fa_924 and earlier, except 1371.1373.v4eb_fa_b_7161e9, does not redact encrypted values of credentials using the `SecretBytes` type when accessing item `config.xml` via REST API or CLI. | ||||