Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-40512 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMReporting.asmx function. | ||||
| CVE-2024-40506 | 1 Openpetra | 1 Openpetra | 2025-04-23 | 7.3 High |
| Cross Site Scripting vulnerability in openPetra v.2023.02 allows a remote attacker to obtain sensitive information via the serverMHospitality.asmx function. | ||||
| CVE-2025-3679 | 1 Pcman | 1 Ftp Server | 2025-04-23 | 7.3 High |
| A vulnerability, which was classified as critical, was found in PCMan FTP Server 2.0.7. Affected is an unknown function of the component HOST Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-3591 | 1 Vim | 1 Vim | 2025-04-23 | 7.8 High |
| Use After Free in GitHub repository vim/vim prior to 9.0.0789. | ||||
| CVE-2022-38754 | 1 Microfocus | 2 Operations Bridge, Operations Bridge Manager | 2025-04-23 | 8 High |
| A potential vulnerability has been identified in Micro Focus Operations Bridge - Containerized. The vulnerability could be exploited by a malicious authenticated OBM (Operations Bridge Manager) user to run Java Scripts in the browser context of another OBM user. Please note: The vulnerability is only applicable if the Operations Bridge Manager capability is deployed. A potential vulnerability has been identified in Micro Focus Operations Bridge Manager (OBM). The vulnerability could be exploited by a malicious authenticated OBM user to run Java Scripts in the browser context of another OBM user. This issue affects: Micro Focus Micro Focus Operations Bridge Manager versions prior to 2022.11. Micro Focus Micro Focus Operations Bridge- Containerized versions prior to 2022.11. | ||||
| CVE-2022-43557 | 1 Bd | 14 Bodyguard 121 Twins, Bodyguard 121 Twins Firmware, Bodyguard 323 Colorvision and 11 more | 2025-04-23 | 5.3 Medium |
| The BD BodyGuard™ infusion pumps specified allow for access through the RS-232 (serial) port interface. If exploited, threat actors with physical access, specialized equipment and knowledge may be able to configure or disable the pump. No electronic protected health information (ePHI), protected health information (PHI) or personally identifiable information (PII) is stored in the pump. | ||||
| CVE-2022-39894 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | ||||
| CVE-2025-1054 | 2025-04-23 | 6.4 Medium | ||
| The UiCore Elements – Free Elementor widgets and templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the UI Counter, UI Icon Box, UI Testimonial Slider, UI Testimonial Grid, and UI Testimonial Carousel widgets in all versions up to, and including, 1.0.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2022-39895 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent. | ||||
| CVE-2022-39896 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent. | ||||
| CVE-2022-39897 | 1 Google | 1 Android | 2025-04-23 | 4.4 Medium |
| Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log. | ||||
| CVE-2022-39898 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim. | ||||
| CVE-2022-39899 | 1 Google | 1 Android | 2025-04-23 | 5.7 Medium |
| Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture. | ||||
| CVE-2022-39900 | 1 Google | 1 Android | 2025-04-23 | 4.6 Medium |
| Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch. | ||||
| CVE-2022-39901 | 1 Samsung | 2 Exynos, Exynos Firmware | 2025-04-23 | 6.5 Medium |
| Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | ||||
| CVE-2022-39904 | 1 Google | 1 Android | 2025-04-23 | 3.3 Low |
| Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log. | ||||
| CVE-2025-3163 | 1 Internlm | 1 Lmdeploy | 2025-04-23 | 5.3 Medium |
| A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2022-39905 | 1 Google | 1 Android | 2025-04-23 | 4 Medium |
| Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent. | ||||
| CVE-2025-42600 | 2025-04-23 | N/A | ||
| This vulnerability exists in Meon KYC solutions due to missing restrictions on the number of incorrect One-Time Password (OTP) attempts through certain API endpoints of login process. A remote attacker could exploit this vulnerability by performing a brute force attack on OTP, which could lead to gain unauthorized access to other user accounts. | ||||
| CVE-2025-43013 | 1 Jetbrains | 1 Toolbox | 2025-04-23 | 6.9 Medium |
| In JetBrains Toolbox App before 2.6 unencrypted credential transmission during SSH authentication was possible | ||||