Search Results (26362 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-1070 1 Aethon 1 Tug Home Base Server 2025-04-17 8.2 High
Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials.
CVE-2021-28655 1 Apache 1 Zeppelin 2025-04-17 6.5 Medium
The improper Input Validation vulnerability in "”Move folder to Trash” feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions.
CVE-2020-6998 1 Rockwellautomation 18 Armor Compact Guardlogix 5370, Armor Compact Guardlogix 5370 Firmware, Compact Guardlogix 5370 and 15 more 2025-04-17 5.8 Medium
The connection establishment algorithm found in Rockwell Automation CompactLogix 5370 and ControlLogix 5570 versions 33 and prior does not sufficiently manage its control flow during execution, creating an infinite loop. This may allow an attacker to send specially crafted CIP packet requests to a controller, which may cause denial-of-service conditions in communications with other products.
CVE-2022-41964 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 5.7 Medium
BigBlueButton is an open source web conferencing system. This vulnerability only affects release candidates of BigBlueButton 2.4. The attacker can start a subscription for poll results before starting an anonymous poll, and use this subscription to see individual responses in the anonymous poll. The attacker had to be a meeting presenter. This issue is patched in version 2.4.0. There are no workarounds.
CVE-2024-57660 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57661 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57662 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57663 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2024-57664 1 Openlinksw 1 Virtuoso 2025-04-17 7.5 High
An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.
CVE-2022-46401 1 Microchip 24 Bm64, Bm64 Firmware, Bm70 and 21 more 2025-04-17 5.4 Medium
The Microchip RN4870 module firmware 1.43 (and the Microchip PIC LightBlue Explorer Demo 4.2 DT100112) accepts PauseEncReqPlainText before pairing is complete.
CVE-2022-23490 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 4.3 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4.0 expose sensitive information to Unauthorized Actors. This issue affects meetings with polls, where the attacker is a meeting participant. Subscribing to the current-poll collection does not update the client UI, but does give the attacker access to the contents of the collection, which include the individual poll responses. This issue is patched in version 2.4.0. There are no workarounds.
CVE-2022-23488 1 Bigbluebutton 1 Bigbluebutton 2025-04-17 6.5 Medium
BigBlueButton is an open source web conferencing system. Versions prior to 2.4-rc-6 are vulnerable to Insertion of Sensitive Information Into Sent Data. The moderators-only webcams lock setting is not enforced on the backend, which allows an attacker to subscribe to viewers' webcams, even when the lock setting is applied. (The required streamId was being sent to all users even with lock setting applied). This issue is fixed in version 2.4-rc-6. There are no workarounds.
CVE-2022-46328 1 Huawei 2 Emui, Harmonyos 2025-04-17 7.5 High
Some smartphones have the input validation vulnerability. Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-46310 1 Huawei 1 Harmonyos 2025-04-17 7.5 High
The TelephonyProvider module has a vulnerability in obtaining values.Successful exploitation of this vulnerability may affect data confidentiality.
CVE-2022-44756 1 Hcltechsw 1 Bigfix Insights For Vulnerability Remediation 2025-04-16 6.4 Medium
Insights for Vulnerability Remediation (IVR) is vulnerable to improper input validation. This may lead to information disclosure. This requires privileged access. 
CVE-2022-25940 1 Lite-server Project 1 Lite-server 2025-04-16 7.5 High
All versions of package lite-server are vulnerable to Denial of Service (DoS) when an attacker sends an HTTP request and includes control characters that the decodeURI() function is unable to parse.
CVE-2024-33871 2 Artifex, Redhat 7 Ghostscript, Enterprise Linux, Rhel Aus and 4 more 2025-04-16 8.8 High
An issue was discovered in Artifex Ghostscript before 10.03.1. contrib/opvp/gdevopvp.c allows arbitrary code execution via a custom Driver library, exploitable via a crafted PostScript document. This occurs because the Driver parameter for opvp (and oprp) devices can have an arbitrary name for a dynamic library; this library is then loaded.
CVE-2021-44462 1 Hornerautomation 1 Cscape Envisionrv 2025-04-16 7.8 High
This vulnerability can be exploited by parsing maliciously crafted project files with Horner Automation Cscape EnvisionRV v4.50.3.1 and prior. The issues result from the lack of proper validation of user-supplied data, which can result in reads and writes past the end of allocated data structures. User interaction is required to exploit this vulnerability as an attacker must trick a valid user to open a malicious HMI project file.
CVE-2021-43938 1 Smartptt 1 Scada Server 2025-04-16 8.1 High
Elcomplus SmartPTT SCADA Server is vulnerable to an unauthenticated user can request various files from the server without any authentication or authorization.
CVE-2021-23195 1 Fresenius-kabi 8 Agilia Connect, Agilia Connect Firmware, Agilia Partner Maintenance Software and 5 more 2025-04-16 5.3 Medium
Fresenius Kabi Vigilant Software Suite (Mastermed Dashboard) version 2.0.1.3 has the option for automated indexing (directory listing) activated. When accessing a directory, a web server delivers its entire content in HTML form. If an index file does not exist and directory listing is enabled, all content of the directory will be displayed, allowing an attacker to identify and access files on the server.