Search Results (120976 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-22486 1 Ibm 1 Tivoli Workload Scheduler 2025-03-27 10 Critical
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 226328.
CVE-2023-24574 1 Dell 1 Enterprise Sonic Distribution 2025-03-27 7.5 High
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an "Uncontrolled Resource Consumption vulnerability" in authentication component. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to uncontrolled resource consumption by creating permanent home directories for unauthenticated users.
CVE-2022-45096 1 Dell 1 Emc Powerscale Onefs 2025-03-27 5.4 Medium
Dell PowerScale OneFS, 8.2.0 through 9.3.0, contain an User Interface Security Issue. An unauthenticated remote user could unintentionally lead an administrator to enable this vulnerability, leading to disclosure of information.
CVE-2024-9574 1 Soplanning 1 Soplanning 2025-03-27 9.8 Critical
SQL injection vulnerability in SOPlanning <1.45, via /soplanning/www/user_groupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB.
CVE-2024-9573 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
SQL injection vulnerability in SOPlanning <1.45, through /soplanning/www/groupe_list.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server.
CVE-2024-9572 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/groupe_save.php, in the groupe_id parameter. This could allow a remote user to send a specially crafted query to an authenticated user and steal their session details.
CVE-2024-9571 1 Soplanning 1 Soplanning 2025-03-27 6.3 Medium
Cross-Site Scripting (XSS) vulnerability in SOPlanning <1.45, due to lack of proper validation of user input via /soplanning/www/process/xajax_server.php, affecting multiple parameters. This could allow a remote user to send a specially crafted query to an authenticated user and partially take control of their browser session.
CVE-2025-2625 1 Westboy 1 Cicadascms 2025-03-27 6.3 Medium
A vulnerability classified as critical has been found in westboy CicadasCMS 1.0. This affects an unknown part of the file /system/cms/content/page. The manipulation of the argument orderField/orderDirection leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
CVE-2024-27913 1 Frrouting 1 Frrouting 2025-03-26 6.2 Medium
ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field.
CVE-2024-22011 1 Google 1 Android 2025-03-26 7.5 High
In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2021-37315 1 Asus 2 Rt-ac68u, Rt-ac68u Firmware 2025-03-26 9.1 Critical
Incorrect Access Control issue discoverd in Cloud Disk in ASUS RT-AC68U router firmware version before 3.0.0.4.386.41634 allows remote attackers to write arbitrary files via improper sanitation on the source for COPY and MOVE operations.
CVE-2022-4041 1 Hitachi 1 Storage Plug-in 2025-03-26 5.9 Medium
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.8.0 before 04.9.1.
CVE-2022-4441 1 Hitachi 1 Storage Plug-in 2025-03-26 7.6 High
Incorrect Privilege Assignment vulnerability in Hitachi Storage Plug-in for VMware vCenter allows remote authenticated users to cause privilege escalation. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.9.0 before 04.9.1.
CVE-2022-45101 1 Dell 1 Emc Powerscale Onefs 2025-03-26 7.3 High
Dell PowerScale OneFS 9.0.0.x - 9.4.0.x, contains an Improper Handling of Insufficient Privileges vulnerability in NFS. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to information disclosure and remote execution.
CVE-2024-40552 1 Publiccms 1 Publiccms 2025-03-26 8.8 High
PublicCMS v4.0.202302.e was discovered to contain a remote commande execution (RCE) vulnerability via the cmdarray parameter at /site/ScriptComponent.java.
CVE-2024-25227 1 Abocms 1 Abo.cms 2025-03-26 6.5 Medium
SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page.
CVE-2022-45100 1 Dell 1 Emc Powerscale Onefs 2025-03-26 8.1 High
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contains an Improper Certificate Validation vulnerability. An remote unauthenticated attacker could potentially exploit this vulnerability, leading to a full compromise of the system.
CVE-2022-45102 1 Dell 5 Dp4400, Dp4400 Firmware, Dp5900 and 2 more 2025-03-26 5.4 Medium
Dell EMC Data Protection Central, versions 19.1 through 19.7, contains a Host Header Injection vulnerability. A remote unauthenticated attacker may potentially exploit this vulnerability by injecting arbitrary \u2018Host\u2019 header values to poison a web cache or trigger redirections.
CVE-2021-37518 1 Vimium Project 1 Vimium 2025-03-26 6.1 Medium
Universal Cross Site Scripting (UXSS) vulnerability in Vimium Extension 1.66 and earlier allows remote attackers to run arbitrary code via omnibar feature.
CVE-2021-37502 1 Automad 1 Automad 2025-03-26 5.4 Medium
Cross Site Scripting (XSS) vulnerability in automad 1.7.5 allows remote attackers to run arbitrary code via the user name field when adding a user.