Search Results (363866 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-34314 1 Ibm 1 Cics Tx 2025-04-30 4 Medium
IBM CICS TX 11.1 could disclose sensitive information to a local user due to insecure permission settings. IBM X-Force ID: 229450.
CVE-2022-34316 1 Ibm 1 Cics Tx 2025-04-30 3.7 Low
IBM CICS TX 11.1 does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers. IBM X-Force ID: 229452.
CVE-2022-40662 1 Nikon 1 Nis-elements Viewer 2025-04-30 7.8 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of NIKON NIS-Elements Viewer 1.2100.1483.0. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF images. Crafted data in a TIF image can trigger a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-15351.
CVE-2022-27896 1 Palantir 1 Foundry Code-workbooks 2025-04-30 4.2 Medium
Information Exposure Through Log Files vulnerability discovered in Foundry Code-Workbooks where the endpoint backing that console was generating service log records of any Python code being run. These service logs included the Foundry token that represents the Code-Workbooks Python console. Upgrade to Code-Workbooks version 4.461.0. This issue affects Palantir Foundry Code-Workbooks version 4.144 to version 4.460.0 and is resolved in 4.461.0.
CVE-2025-27189 1 Adobe 1 Commerce B2b 2025-04-30 4.3 Medium
Adobe Commerce versions 2.4.7-p4, 2.4.6-p9, 2.4.5-p11, 2.4.4-p12, 2.4.8-beta2 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in user into submitting a forged request to the vulnerable application, which may disrupt service availability. Exploitation of this issue requires user interaction, typically in the form of clicking a malicious link or visiting an attacker-controlled website.
CVE-2022-43495 1 Openharmony 1 Openharmony 2025-04-30 6.5 Medium
OpenHarmony-v3.1.2 and prior versions had a DOS vulnerability in distributedhardware_device_manager when joining a network. Network attakcers can send an abonormal packet when joining a network, cause a nullptr reference and device reboot.
CVE-2022-3340 1 Trellix 1 Intrusion Prevention System Manager 2025-04-30 5.9 Medium
XML External Entity (XXE) vulnerability in Trellix IPS Manager prior to 10.1 M8 allows a remote authenticated administrator to perform XXE attack in the administrator interface part of the interface, which allows a saved XML configuration file to be imported.
CVE-2022-45383 1 Jenkins 1 Support Core 2025-04-30 6.5 Medium
An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.
CVE-2022-45382 1 Jenkins 1 Naginator 2025-04-30 5.4 Medium
Jenkins Naginator Plugin 1.18.1 and earlier does not escape display names of source builds in builds that were triggered via Retry action, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to edit build display names.
CVE-2022-44378 1 Automotive Shop Management System Project 1 Automotive Shop Management System 2025-04-30 7.2 High
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
CVE-2022-44204 1 Dlink 2 Dir-3060, Dir-3060 Firmware 2025-04-30 9.8 Critical
D-Link DIR3060 DIR3060A1_FW111B04.bin is vulnerable to Buffer Overflow.
CVE-2022-44005 1 Backclick 1 Backclick 2025-04-30 5.3 Medium
An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail addresses to newsletters without their consent.
CVE-2022-44004 1 Backclick 1 Backclick 2025-04-30 9.8 Critical
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insecure design or lack of authentication, unauthenticated attackers can complete the password-reset process for any account and set a new password.
CVE-2022-44003 1 Backclick 1 Backclick 2025-04-30 9.8 Critical
An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations.
CVE-2022-43673 1 Wire 1 Wire 2025-04-30 4.7 Medium
Wire through 3.22.3993 on Windows advertises deletion of sent messages; nonetheless, all messages can be retrieved (for a limited period of time) from the AppData\Roaming\Wire\IndexedDB\https_app.wire.com_0.indexeddb.leveldb database.
CVE-2022-43308 1 Intelbras 4 Sg 2404 Mr, Sg 2404 Mr Firmware, Sg 2404 Poe and 1 more 2025-04-30 7.8 High
INTELBRAS SG 2404 MR 20180928-rel64938 allows authenticated attackers to arbitrarily create Administrator accounts via crafted user cookies.
CVE-2022-43140 1 Keking 1 Kkfileview 2025-04-30 7.5 High
kkFileView v4.1.0 was discovered to contain a Server-Side Request Forgery (SSRF) via the component cn.keking.web.controller.OnlinePreviewController#getCorsFile. This vulnerability allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the url parameter.
CVE-2022-43138 1 Dolibarr 1 Dolibarr Erp\/crm 2025-04-30 9.8 Critical
Dolibarr Open Source ERP & CRM for Business before v14.0.1 allows attackers to escalate privileges via a crafted API.
CVE-2022-42982 1 Bund 1 Bkg Professional Ntripcaster 2025-04-30 7.5 High
BKG Professional NtripCaster 2.0.39 allows querying information over the UDP protocol without authentication. The NTRIP sourcetable is typically quite long (tens of kBs) and can be requested with a packet of only 30 bytes. This presents a vector that can be used for UDP amplification attacks. Normally, only authenticated streaming data will be provided over UDP and not the sourcetable.
CVE-2022-42904 1 Zohocorp 1 Manageengine Admanager Plus 2025-04-30 7.2 High
Zoho ManageEngine ADManager Plus through 7151 allows authenticated admin users to execute the commands in proxy settings.