Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 339475 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (339475 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-28233 | 2025-04-22 | 9.1 Critical | ||
| Incorrect access control in BW Broadcast TX600 (14980), TX300 (32990) (31448), TX150, TX1000, TX30, and TX50 Hardware Version: 2, Software Version: 1.6.0, Control Version: 1.0, AIO Firmware Version: 1.7 allows attackers to access log files and extract session identifiers to execute a session hijacking attack. | ||||
| CVE-2025-28231 | 2025-04-22 | 9.1 Critical | ||
| Incorrect access control in Itel Electronics IP Stream v1.7.0.6 allows unauthorized attackers to execute arbitrary commands with Administrator privileges. | ||||
| CVE-2022-4016 | 1 Booster | 1 Booster For Woocommerce | 2025-04-22 | 6.5 Medium |
| The Booster for WooCommerce WordPress plugin before 5.6.7, Booster Plus for WooCommerce WordPress plugin before 5.6.6, Booster Elite for WooCommerce WordPress plugin before 1.1.8 does not properly check for CSRF when creating and deleting Customer roles, allowing attackers to make logged admins create and delete arbitrary custom roles via CSRF attacks | ||||
| CVE-2022-4005 | 1 Donation Button Project | 1 Donation Button | 2025-04-22 | 5.4 Medium |
| The Donation Button WordPress plugin through 4.0.0 does not sanitize and escapes some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | ||||
| CVE-2022-4004 | 1 Donation Button Project | 1 Donation Button | 2025-04-22 | 4.3 Medium |
| The Donation Button WordPress plugin through 4.0.0 does not properly check for privileges and nonce tokens in its "donation_button_twilio_send_test_sms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. | ||||
| CVE-2022-4000 | 1 Dpdgroup | 1 Woocommerce Shipping | 2025-04-22 | 4.8 Medium |
| The WooCommerce Shipping WordPress plugin through 1.2.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | ||||
| CVE-2022-46834 | 1 Sick | 14 Rfu650-10100, Rfu650-10100 Firmware, Rfu650-10101 and 11 more | 2025-04-22 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2022-46833 | 1 Sick | 48 Rfu630-04100, Rfu630-04100 Firmware, Rfu630-04100s01 and 45 more | 2025-04-22 | 6.5 Medium |
| Use of a Broken or Risky Cryptographic Algorithm in SICK RFU63x firmware version < v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the firmware update is available from the responsible SICK customer contact person. | ||||
| CVE-2022-46609 | 1 Python3-restfulapi Project | 1 Python3-restfulapi | 2025-04-22 | 9.8 Critical |
| Python3-RESTfulAPI commit d9907f14e9e25dcdb54f5b22252b0e9452e3970e and e772e0beee284c50946e94c54a1d43071ca78b74 was discovered to contain a code execution backdoor via the request package. This vulnerability allows attackers to access sensitive user information and digital currency keys, as well as escalate privileges. | ||||
| CVE-2022-46443 | 1 Bangresto Project | 1 Bangresto | 2025-04-22 | 8.8 High |
| mesinkasir Bangresto 1.0 is vulnberable to SQL Injection via the itemqty%5B%5D parameter. | ||||
| CVE-2022-46404 | 1 Atos | 2 Unify Openscape 4000 Assistant, Unify Openscape 4000 Manager | 2025-04-22 | 9.8 Critical |
| A command injection vulnerability has been identified in Atos Unify OpenScape 4000 Assistant and Unify OpenScape 4000 Manager (8 before R2.22.18, 10 before 0.28.13, and 10 R1 before R1.34.4) that may allow an unauthenticated attacker to upload arbitrary files and achieve administrative access to the system. | ||||
| CVE-2022-46381 | 1 Niceforyou | 2 Linear Emerge E3 Access Control, Linear Emerge E3 Access Control Firmware | 2025-04-22 | 6.1 Medium |
| Certain Linear eMerge E3-Series devices are vulnerable to XSS via the type parameter (e.g., to the badging/badge_template_v0.php component). This affects 0.32-08f, 0.32-07p, 0.32-07e, 0.32-09c, 0.32-09b, 0.32-09a, and 0.32-08e. | ||||
| CVE-2022-46355 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | 7.5 High |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The affected products are vulnerable to an "Exposure of Sensitive Information to an Unauthorized Actor" vulnerability by leaking sensitive data in the HTTP Referer. | ||||
| CVE-2022-46354 | 1 Siemens | 10 6gk5204-0ba00-2kb2, 6gk5204-0ba00-2kb2 Firmware, 6gk5204-0ba00-2mb2 and 7 more | 2025-04-22 | 5.3 Medium |
| A vulnerability has been identified in SCALANCE X204RNA (HSR) (All versions < V3.2.7), SCALANCE X204RNA (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (HSR) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP) (All versions < V3.2.7), SCALANCE X204RNA EEC (PRP/HSR) (All versions < V3.2.7). The webserver of an affected device is missing specific security headers. This could allow an remote attacker to extract confidential session information under certain circumstances. | ||||
| CVE-2022-46059 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | 6.5 Medium |
| AeroCMS v0.0.1 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
| CVE-2022-46058 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | 4.8 Medium |
| AeroCMS v0.0.1 was discovered to contain a cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comments text field. | ||||
| CVE-2022-46051 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | 7.2 High |
| The approve parameter from the AeroCMS-v0.0.1 CMS system is vulnerable to SQL injection attacks. | ||||
| CVE-2022-46047 | 1 Aerocms Project | 1 Aerocms | 2025-04-22 | 4.9 Medium |
| AeroCMS v0.0.1 is vulnerable to SQL Injection via the delete parameter. | ||||
| CVE-2022-45936 | 1 Siemens | 1 Mendix Email Connector | 2025-04-22 | 8.1 High |
| A vulnerability has been identified in Mendix Email Connector (All versions < V2.0.0). Affected versions of the module improperly handle access control for some module entities. This could allow authenticated remote attackers to read and manipulate sensitive information. | ||||
| CVE-2022-45871 | 1 F-secure | 1 Atlant | 2025-04-22 | 4.3 Medium |
| A Denial-of-Service (DoS) vulnerability was discovered in the fsicapd component used in WithSecure products whereby the service may crash while parsing ICAP request. The exploit can be triggered remotely by an attacker. | ||||