Search Results (363662 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-45659 1 Tendacn 2 Ac6, Ac6 Firmware 2025-04-24 7.5 High
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the wpapsk_crypto parameter in the fromSetWirelessRepeat function.
CVE-2022-45658 1 Tendacn 2 Ac6, Ac6 Firmware 2025-04-24 7.5 High
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the schedEndTime parameter in the setSchedWifi function.
CVE-2022-45657 1 Tendacn 2 Ac6, Ac6 Firmware 2025-04-24 7.5 High
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the list parameter in the fromSetIpMacBind function.
CVE-2022-45650 1 Tendacn 2 Ac6, Ac6 Firmware 2025-04-24 7.5 High
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the firewallEn parameter in the formSetFirewallCfg function.
CVE-2022-45649 1 Tendacn 2 Ac6, Ac6 Firmware 2025-04-24 7.5 High
Tenda AC6V1.0 V15.03.05.19 was discovered to contain a buffer overflow via the endIp parameter in the formSetPPTPServer function.
CVE-2022-35508 1 Proxmox 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment 2025-04-24 9.8 Critical
Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) are vulnerable to SSRF when proxying HTTP requests between pve(pmg)proxy and pve(pmg)daemon. An attacker with an unprivileged account can craft an HTTP request to achieve SSRF and file disclosure of any files on the server. Also, in Proxmox Mail Gateway, privilege escalation to the root@pam account is possible if the backup feature has ever been used, because backup files such as pmg-backup_YYYY_MM_DD_*.tgz have 0644 permissions and contain an authkey value. This is fixed in pve-http-server 4.1-3.
CVE-2022-35507 1 Proxmox 3 Proxmox Mail Gateway, Pve Http Server, Virtual Environment 2025-04-24 4.3 Medium
A response-header CRLF injection vulnerability in the Proxmox Virtual Environment (PVE) and Proxmox Mail Gateway (PMG) web interface allows a remote attacker to set cookies for a victim's browser that are longer than the server expects, causing a client-side DoS. This affects Chromium-based browsers because they allow injection of response headers with %0d. This is fixed in pve-http-server 4.1-3.
CVE-2021-37533 3 Apache, Debian, Redhat 4 Commons Net, Debian Linux, Camel Quarkus and 1 more 2025-04-24 6.5 Medium
Prior to Apache Commons Net 3.9.0, Net's FTP client trusts the host from PASV response by default. A malicious server can redirect the Commons Net code to use a different host, but the user has to connect to the malicious server in the first place. This may lead to leakage of information about services running on the private network of the client. The default in version 3.9.0 is now false to ignore such hosts, as cURL does. See https://issues.apache.org/jira/browse/NET-711.
CVE-2022-46412 1 Veritas 1 Netbackup Flex Scale Appliance 2025-04-24 8.8 High
An issue was discovered in Veritas NetBackup Flex Scale through 3.0. A non-privileged user may escape a restricted shell and execute privileged commands.
CVE-2022-46413 1 Veritas 2 Access Appliance, Netbackup Flex Scale Appliance 2025-04-24 8.8 High
An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. Authenticated remote command execution can occur via the management portal.
CVE-2025-43928 1 Infodraw 2 Pmrs-102, Pmrs-102 Firmware 2025-04-24 5.8 Medium
In Infodraw Media Relay Service (MRS) 7.1.0.0, the MRS web server (on port 12654) allows reading arbitrary files via ../ directory traversal in the username field. Reading ServerParameters.xml may reveal administrator credentials in cleartext or with MD5 hashing.
CVE-2024-1267 1 Codeastro 1 Restaurant Pos System 2025-04-24 3.5 Low
A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability.
CVE-2024-23447 1 Elastic 1 Network Drive Connector 2025-04-24 5.3 Medium
An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user.
CVE-2024-24091 1 Yealink 2 Meeting Server, Yealink Meeting Server 2025-04-24 9.8 Critical
Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface.
CVE-2024-22464 1 Dell 1 Emc Appsync 2025-04-24 6.2 Medium
Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.
CVE-2024-20810 1 Samsung 1 Android 2025-04-24 3.3 Low
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
CVE-2024-20822 1 Samsung 1 Galaxy Store 2025-04-24 5.5 Medium
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
CVE-2024-1246 1 Concretecms 1 Concrete Cms 2025-04-24 2 Low
Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9.
CVE-2025-43929 1 Kovidgoyal 1 Kitty 2025-04-24 4.1 Medium
open_actions.py in kitty before 0.41.0 does not ask for user confirmation before running a local executable file that may have been linked from an untrusted document (e.g., a document opened in KDE ghostwriter).
CVE-2023-50957 1 Ibm 1 Storage Defender Resiliency Service 2025-04-24 8 High
IBM Storage Defender - Resiliency Service 2.0 could allow a privileged user to perform unauthorized actions after obtaining encrypted data from clear text key storage. IBM X-Force ID: 275783.